ZachXBT, a blockchain sleuth known for uncovering and researching scams and hacks, has revealed a new wallet-draining attack. According to ZachXBT, the new attack has drained about $5.3 million from dozens of wallet addresses. Although the wallet drains were random at first, it has been connected to the Last Pass data breach, with multiple wallets potentially exposed.
According to the blockchain sleuth, the total cumulative amount stolen from the wallets was made up of Bitcoin and other digital assets on Ethereum. The wallets used Last Pass, which suffered a data leak in 2022, to store and protect their passwords. ZachXBT also said the hackers were the Last Pass threat actors. In his reports, the hackers used the same method to drain the wallets, immediately swapping them for Bitcoin and Ethereum. Although the hackers stole multiple tokens, they converted them to those two to simply their cache.
ZachXBT reveals another attack involving Last Pass victims
Some of the wallet holders were still storing their private keys on the service, providing a direct entrance to the hackers. Since the recent wallet drain is happening after the data leak, there is a likelihood that more compromised wallets are yet to be drained. Most of the drained wallets are ENS named, DeFi, and DEX wallets. Despite their experiences, the traders lost all their assets. As it stands, wallets that are set to receive rewards from smart contracts are at risk.
In one case, the funds came directly from OpenSea, suggesting that it may be through the sale of an NFT. In this case, the wallet has been linked to the NFT marketplace beforehand, opening up a door for the hackers to exploit. After the sale, the wallet was drained, and the funds were sent to an anonymous swap. The drain involves about 40 addresses to date.
In some other cases, there is evidence of the hackers tracking the funds in the wallet, with the funds leaving to the hacker’s destination immediately after they hit the wallet. Some other wallets received funds from exchanges, while others acted as intermediate holdings. The hackers did not hold back, draining everything in them. An earlier batch of affected wallets led to losses worth $6.2, as tracked by ZachXBT. Other influencers have also warned traders about the potential losses connected to the breach.
The solution is for users to abandon all wallets linked to the Last Pass data leak. This means that all the wallets before 2022, as users can move funds to new wallets because the hackers are actively watching for incoming transactions. In the last attack, $4.4 million was drained from 25 wallets. As previously reported, most of the funds belonged to VCs, DeFi developers, and crypto insiders. The previous one only alerted a few traders, with ZachXBT taking the initiative to warn traders about the exposed wallets.
Funds were moved straight to exchanges
The hackers moved the funds to exchanges, a move that does not happen in other hack attempts. It meant that the hacker wanted to control the funds through trading. In one attempt, the hacker sent 15 ETH to a swapping address. Another wallet was drained of 32 ETH, with the funds moved to a hot wallet. The hackers created more than one wallet on done exchanges.
This doesn’t mean the exchanges are involved or they were affected. However, it is a surprising move, seeing that hackers usually prefer to move funds through DeFi as it provides better ways to cover their tracks. One of the exchanges, FixedFloat, offers swapping services for low fees, with KYC not mandatory on the exchange. The exchange has also received stolen funds from RocketPool in the past.
The post ZachXBT reveals wallet-draining attack of $5.3 million first appeared on Coinfea.
