Dormant Ethereum wallet exploit sees 261 ETH drained from inactive addresses, raising fears of key compromise and wallet vulnerabilities.
Author: Akshat Thakur
30th April 2026 – A single Ethereum address drained over 261 ETH (roughly $590,000) from hundreds of wallets on Wednesday. Most of those wallets had sat dormant for seven or more years.
High Signal Summary For A Quick Glance
Sammy
@Sammy_social
@WazzCrypto do we think hackers used AI to do new exploits?
Hundreds of wallets (many of which haven't been active in 7+ years) just got drained by the same address on ETH mainnet Seems like a new live exploit, worth flagging https://t.co/o1uU85CLPT https://t.co/QiKU1b86Uv
06:16 PM·Apr 30, 2026
Robin Nakamoto
@RobinNakamoto
@WazzCrypto jeez look at the amount of wallets they drained https://t.co/ep4rQApbtB
Hundreds of wallets (many of which haven't been active in 7+ years) just got drained by the same address on ETH mainnet Seems like a new live exploit, worth flagging https://t.co/o1uU85CLPT https://t.co/QiKU1b86Uv
05:40 PM·Apr 30, 2026
Capitulation.eth 🦇🔊 🦞 @ETHcc
@TheTakenUser
@WazzCrypto Some wallets hadn’t moved since 2018 before getting zeroed. So very interesting what the source was. On my side I think the most likely vulnerability was having the seed in a secure note on LastPass back in 2020/21
Hundreds of wallets (many of which haven't been active in 7+ years) just got drained by the same address on ETH mainnet Seems like a new live exploit, worth flagging https://t.co/o1uU85CLPT https://t.co/QiKU1b86Uv
04:23 PM·Apr 30, 2026
High attention and emotional sentiment detected.
The drainer address, tagged on Etherscan as Fake_Phishing2831105, started receiving ETH around 06:00 UTC on April 30. By 17:00 UTC, it had logged 591 total transactions. This incident appears to be a coordinated private-key exploit targeting legacy wallets.
No wallet provider, security firm, or official body has released a statement. The root cause remains unconfirmed.
On-chain data reveals a clear pattern. Small and large ETH amounts flowed into the drainer from wallets inactive since 2018 or earlier. One transaction alone moved 324.741 ETH to the THORChain Router.
The attacker then routed funds through bridges and swaps. THORChain, Across, Squid, Uniswap V2/V3, and Magpie Router all appeared in the flow. Notably, no mixer activity showed up, suggesting speed over obfuscation.
Some early transfers also included SAI, a legacy MakerDAO stablecoin deprecated in November 2019. Its presence confirms the victim wallets date back to at least that era.
This is not a smart-contract exploit or an approval-based drainer. The attacker moved ETH directly from victim wallets, which means they likely held the private keys.
Community members on X have offered several theories. The most common points to weak entropy in early wallet tools. Pre-2019 brainwallet generators, browser-based wallets, and vanity-address tools often used predictable randomness. Modern cracking tools can now exploit those weaknesses.
Crypto researcher WazzCrypto flagged the incident, noting that “hundreds of wallets (many of which haven’t been active in 7+ years) just got drained by the same address on ETH mainnet.”
Victim @TheTakenUser first reported the drainer address. They speculated about a link to the 2022 LastPass breach, which exposed encrypted vault data. Researchers later tied that breach to over $35 million in crypto thefts.
This attack echoes several past incidents. In 2022, the Profanity vanity-address exploit let attackers brute-force private keys. That vulnerability caused the $160 million Wintermute hack.
Brainwallets, which derive keys from passphrases, have faced systematic cracking for years. Researchers showed as early as 2015 that attackers could sweep these funds within seconds.
The 2022 LastPass breach created yet another attack surface. Encrypted vaults with seed phrases became cracking targets. ZachXBT and others have since tied over $35 million in losses to that event alone.
In all these cases, the pattern holds. Old keys from weak tools become vulnerable once attackers develop better cracking methods.
Key milestones in Ethereum Mainnet Mass Wallet Drains (April 30, 2026)
Dormant wallets begin losing funds to a single address, with early victims reporting unauthorized transfers.
Community analysts flag a coordinated drain affecting hundreds of long-inactive wallets on Ethereum mainnet.
Attacks target older wallets, suggesting compromised seed phrases or vulnerabilities in legacy wallet generation methods.
No major security firms have issued formal alerts or detailed analysis of the incident as of latest updates.
Funds continue to be swept from affected wallets into attacker-controlled addresses with no confirmed mitigation or recovery actions.
Sentiment on X ranges from alarm to speculation. @senangbit reported “over 261 ETH and counting” drained and tagged ZachXBT for investigation.
Others challenged the “exploit” label. Some argued this could be a consolidation of previously compromised keys, not a fresh vulnerability. Without a confirmed attack vector, both readings remain plausible.
Key questions remain open. No one has confirmed the exact wallet count. No one has identified the specific tool or method that failed. The drainer’s current status is unclear, and no security firm has published an analysis yet.
ETH traded steadily between $2,250 and $2,300 through the incident window. CoinGecko data showed no price reaction tied to the exploit.
At roughly $590,000, the total drained value represents a tiny fraction of daily Ethereum volume. No gas fee spikes appeared on Etherscan’s tracker during the window either.
Anyone holding ETH in pre-2019 wallets should act immediately. Wallets from brainwallet tools, vanity generators, or early browser extensions face the highest risk.
The safest move is to transfer funds to a fresh wallet from a hardware device or modern software. Do not reuse old seed phrases. Check whether the original tool has known flaws.
Anyone who stored seed phrases in cloud services or password managers should treat those keys as compromised. This especially applies to LastPass users from before the 2022 breach. Move all remaining assets to new wallets without delay.
This incident drives home a core lesson. Private keys do not expire, but the tools that created them can become liabilities. For anyone with dormant Ethereum wallets still holding value, now is the time to act.
This article is for informational purposes only and does not constitute financial advice. Always do your own research before making investment decisions.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Ethereum
$2263.35
