2 min read

Mysterious Crypto Wallet Heist Drains up to 5,000 Ethereum from OG Wallets


April 19, 2023

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Mysterious Crypto Wallet Heist Drains up to 5,000 Ethereum from OG Wallets

A mysterious and sophisticated crypto wallet heist has drained up to 5,000 Ethereum, currently worth almost USD 10 million, from "OG" wallets, baffling security experts and blockchain enthusiasts.

The malicious operation was uncovered by Taylor Monahan, founder and CEO of ETH wallet manager MyCrypto and former MetaMask employee. Reportedly, the lengthy heist has been active since December 2022 and has targeted ETH tokens and other coins and NFTs across more than 11 crypto chains.

The term "OG" wallet refers to early adopters of cryptocurrency and blockchain technology, who often hold a significant amount of assets. The wallets’ high value and the potential for substantial financial gain make them prime targets for cybercriminals.

While the exact method used by the attackers remains unknown, preliminary research suggests the heist may exploit a previously undiscovered vulnerability or used private keys from an older data leak.

The attackers seem to have covered their tracks well, making it difficult for investigators to pinpoint their origin and identify the victims’ sources of compromise. According to Monahan’s tweet, the only “known commonalities” are that the keys were created between 2014 and 2022, and the perpetrators focus exclusively on high-profile, “crypto-native” users.

On the other hand, the crooks follow a highly distinctive pattern to carry out their operation:

  • Primary thefts are almost always carried out between 10 AM and 4 PM UTC
  • Subsequent draining operations (“dusting) occur in the following 6-hour timeframe
  • Attackers swap tokens for ETH internally (using various swapping platforms) before draining them
  • Perpetrators bridge or transfer smaller amounts, sometimes even funneling them through other victims’ wallets until a satisfactory amount is reached
  • Most of the thefts occur during the weekend

In the original thread, Monahan hinted that the massive wallet-draining heist may have stemmed from a MetaMask exploit, but the company has since responded that Monahan’s claim was wrong. MetaMask’s announcement adds that the crypto assets were drained from “various addresses across 11 blockchains,” not solely from MetaMask wallets.

The theft has raised serious concerns among the crypto community. The scope of the attack and the number of affected chains indicate that even well-established projects and trustworthy wallet providers may be vulnerable to exploitation.

Users should remain vigilant and follow best security practices, such as keeping their private keys and recovery phrases secure, using hardware wallets, and enabling multi-factor authentication wherever possible.

This heist serves as a stark reminder of the risks associated with digital assets and the importance of maintaining strong security measures to protect investments. The crypto community is encouraged to stay informed and exercise caution to minimize the risk of falling victim to such malicious campaigns.




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like