.png){kind=logo}
Crypto Wallet Breach: $21 Million in Stablecoins Stolen and Laundered Through Ethereum
The cryptocurrency community recently experienced a massive security breach, resulting in the theft of approximately $21 million in stablecoins. The hacker attacked one user's wallet and moved the stolen money to the Ethereum network. This breach renews the focus on the vulnerability of the crypto ecosystem to compromised private keys.
Chain analysis applications and security companies identified the compromised wallet as address 0x0cdC…E955. The stolen funds were approximately $17.75 million in DAI stablecoins and roughly $3.11 million in units of another stable token, which are tracked by the symbol MSYRUPUSDP.
Security firm PeckShield stated that the breach resulted from the leak of a private key, allowing the attacker to bypass any security measures implemented by the platform, as they had direct access to the wallet's signing key.
Stablecoin Theft and Key Details
It has been determined that the theft was not linked to smart contracts or cross-chain bridges. Instead, the intruder exploited the exposed secret key of the wallet to gain unauthorized access. Such access enabled signing and broadcasting transactions within a limited timeframe, without triggering security alerts.
The user transferred the stolen funds rapidly via multiple cross-chain bridges, ultimately ending up on the Ethereum blockchain. The assets were then scattered on numerous Ethereum accounts. Such a transfer was intended to hide the transaction's trail and further complicate tracking. However, many of these movements were successfully tracked using chain monitors with contract addresses, offering a way to trace assets on the blockchain.
Also Read: UXLink Faces $30M Loss After Multi-Signature Wallet Hack and Token Minting
Tracking the Stolen Money Over the Networks
Once the money was transferred, the attacker mixed the stablecoins across several addresses, making it even more challenging to trace and recover the money. The researchers observed that token labels provided by blockchain explorers are sometimes unreliable for giving a quick overview of transfers.
Security analysts suggest that the most secure method for monitoring the flow of tokens in the blockchain is through a contract address. The stolen funds could have passed through various chains and addresses, which complicates recovery efforts, especially when the assets are not listed on a centralized exchange. Up to this point, the identity of the person who carried out the attack has not been known.
Researchers have noted that the leaks of private keys and credentials have resulted in the loss of over $1 billion in the last few years, highlighting the current risks that cryptocurrency holders face.
