This week, Taylor Monahan published an analysis in which she identified thefts on many cryptocurrency wallets on 11 different blockchains, without being able to define the cause. What do we know about these curious hacks?
Multiple thefts affect cryptocurrency wallets
This week, MyCrypto founder and CEO Taylor Monahan published her on-chain analytics work showing that since last December, the equivalent of 5,000 ETH would have been drained from a multitude of wallets on 11 different blockchains.
What is striking is that according to the analyses, it seems difficult to establish commonalities between the victimsbut many similarities were found in the modus operandi.
The impacted portfolios were created between 2014 and last December:
If you are reading this, you’re the type to be drained by this.
This is NOT a low-brow phishing site or a random scammer. It has NOT rekt a single noob. It ONLY rekts OGs.
If you have all your stuff under a single Secret Recovery Phrase / Private Key, please be safe migrate. 🙏 pic.twitter.com/o50pcBaUWT
— Tay 💖 (@tayvano_) April 18, 2023
The exploited flaw has not yet been discovered, but a catastrophic scenario where said flaw would relate to the encryption of private keys is ruled out. Indeed, if a hacker managed to achieve such a feat, the damage would be much greater.
According to the analyses, these thefts mainly take place between 10 and 16:00 UTC, for the main assets, while the smaller sums are generally siphoned off between 16:00 and 22:00 UTC. Moreover, a large part of these flights would take place on weekends :
Lastly, a lot of the thefts seem to take place on the weekend???? I obvs don’t have every transaction but it’s weird af. I don’t know. It’s just weird.
Dec 18 = Sunday
Dec 25 = Sunday
Jan 29 = Sunday
Feb 17-19 = Friday-Sunday
Apr 15 = Saturday pic.twitter.com/b4TEAMjmdO— Tay 💖 (@tayvano_) April 18, 2023
It is also interesting to note that it happens that the assets are sometimes sent from one victim’s address to another, in order to gather the loot. For example, the funds stolen from victim A are sent to victim B, whose funds and A’s are sent to victim C.
Besides, the attacker would go for the simplest, often leaving out NFTs or open positions on any decentralized finance (DeFi) protocols. However, cases where this attacker goes back to an address already visited previously have been observed.
👉 To go further — Find our guide on best practices to limit the risk of hacking
The best way to secure your cryptocurrencies 🔒
🔥 Up to $30 in Bitcoin offered!

How to protect against such an attack?
In theory, this type of theft mainly concerns hot wallets such as MetaMask, xDeFi or even Rabby, but it is important to note that none seem to be specifically targeted.
In truth, it is the way in which the private key of the wallet is saved that will be decisive. As hot wallets store it in a file hosted on the user’s machine, they are therefore easier targets. However, if a hardware wallet’s seed phrase is saved to a text file on its user’s computer, it is no less vulnerable.
In general, it is therefore prudent to diversify the locations of its funds, so that the addresses where they are do not depend on one and the same seed phrase. Additionally, it may be a good idea to regularly move assets to addresses created from new seed phrases in case the last one is compromised.
Moreover, if the most prudent thing is to use hardware wallets, the seed phrases must not under no circumstances be saved on a machine with Internet access.
Pending more information on this wave of account siphoning, the amount of funds stored on hot wallets should be limited as much as possible, while renewing them at regular intervals.
👉 Also in the News — Trezor Wallets Now Offer Anonymous Bitcoin (BTC) Transactions with Coinjoin
Our service dedicated to cryptocurrency investors. Get real-time analytics and optimize your crypto portfolio.

Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky in nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.