Early Solana Wallet Drained Of $14.2M After Five Years Dormant

Coinbase



An early Solana wallet appears to have been compromised after roughly 180,900 SOL, worth about $14.2 million, moved from the address following more than five years of inactivity.

The wallet was tied to Solana’s initial genesis distribution and had remained dormant since its creation. It suddenly closed multiple staking accounts before sending the released SOL to another Solana address, leaving less than 1 SOL behind.

Onchain investigator ZachXBT flagged the transfers while tracing the activity with Specter Investigation, which first identified the unusual unstaking pattern. Neither the wallet owner nor the Solana Foundation had issued a public statement on the incident.

The attack method remains unknown. No evidence has established whether the funds moved through a stolen private key, exposed seed phrase, compromised signing device or another form of unauthorized wallet access.

Funds Routed From Solana To Ethereum

The receiving wallet began moving the SOL through cross-chain infrastructure shortly after the unstaking transactions cleared. Investigators traced part of the position from Solana into Ethereum, where the funds were divided among several addresses.

The transfers broke the original position into smaller clusters and extended the trail across two networks. No confirmed exchange deposit, sale or conversion into fiat had been identified.

The victim address and several suspected theft addresses were published as investigators continued following the funds. ZachXBT did not identify a suspected attacker or attach the activity to a known hacking group.

SOL traded near $78 during the investigation, placing the transferred position near $14.2 million. The token did not record a market move large enough to establish that the wallet activity produced broader selling pressure.

Wallet Access Remains Under Investigation

The suspected theft follows a separate Solana security incident in which compromised executive devices exposed wallets controlled by Step Finance. Attackers unstaked about 261,854 SOL before moving the assets out of project-controlled accounts.

Security researchers have also identified wallet-generation flaws affecting dormant addresses, where weak or predictable keys can remain exposed even when a wallet has avoided recent transactions, applications and token approvals.

No recovery, asset freeze or return of funds had been confirmed. The wallet owner, attack method and final destination of the bridged assets remained unidentified.



Source link

Bitbuy

Be the first to comment

Leave a Reply

Your email address will not be published.


*