Main Components of the Attack

According to Arkham and other on-chain analysts, the stolen assets primarily consisted of two categories:

• Liquid Staked Ethereum (LSETH) derivatives, particularly wstETH and osETH,

• WETH (Wrapped Ether).

The high liquidity of these assets enabled the attacker to quickly convert them into other forms without attracting immediate attention.

How the Hacker Moved and Laundered the Funds

On-chain tracking revealed a three-stage strategy:

1. Consolidation of Funds
   The stolen wstETH, osETH and WETH were first gathered into several primary collection wallets linked to the attacker.

2. Asset Swaps via DEXs
   The attacker then swapped these LSETH derivatives and WETH into ETH using decentralized exchanges. This move helped consolidate value into a single asset type, making it easier to manage and harder to trace.

3. Distribution Across New Wallets
   The converted ETH was transferred into a large number of newly created wallets. This “distribution network” is a common laundering technique designed to make tracking harder for investigators and blockchain analytics firms.

A Multi-Chain Security Breach

The attack was not limited to the Ethereum network. Balancer pools across Arbitrum, Base, Optimism, and Polygon were also affected. Liquidity providers saw sudden drops in pool balances, and many users rushed to revoke token approvals from Balancer smart contracts.

Balancer’s Response

In response to the exploit, the Balancer team took the following actions:

• Paused all affected V2 pools that could be secured via emergency controls,

• Advised liquidity providers to revoke token approvals and withdraw funds,

• Offered up to 20% white-hat bounty if the stolen funds are returned,

• Initiated a comprehensive post-mortem investigation and legal action alongside blockchain forensic experts and law enforcement.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Balancer Hack: Stolen Millions Moved Into This Coin! appeared first on Coin Engineer.

A major development has shaken the crypto investment world. Well-known on-chain investigator ZachXBT has claimed that the so-called “Hyperliquid whale,” who trades with 50x leverage on the Hyperliquid exchange, is in fact a cybercriminal gambling with stolen funds.

This whale managed to survive liquidation attempts by crypto investors and secured an impressive $9 million in net profit. ZachXBT emphasized that this whale has no connection to the North Korea-backed Lazarus Group. Earlier this year, in February 2025, ZachXBT had linked the $1.5 billion Bybit hack to that hacker collective. Now, he has followed the trail to this Hyperliquid whale.

“Crypto Twitter Is Speculating, But the Truth Is More Sinister”

ZachXBT made the following statement on X (Twitter):

“It’s funny watching CT speculate on the ‘Hyperliquid whale’ when in reality it’s just a cybercriminal gambling with stolen funds.”

Responding to a follower’s question regarding potential ties to the Lazarus Group, ZachXBT replied:

“No, there’s no connection to Lazarus.”

Some users asked ZachXBT to reveal the whale’s identity. However, he responded by saying:

“We’ll see, it’s just not enjoyable posting investigations on X/Twitter anymore.”

Failed Attempts to Liquidate the Whale

For weeks, the crypto market has speculated about who the Hyperliquid whale is and how they could be stopped. The whale had opened 40x and 50x short positions on Bitcoin (BTC) and Ethereum (ETH), drawing massive attention.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The whale notably opened a $450 million short position on BTC, which triggered a major reaction across the market. Traders attempted to counter this by aggressively buying up BTC, trying to force a liquidation. However, they ultimately failed. According to Lookonchain, the whale deposited an additional $5 million USDC to increase margin and avoid liquidation.

Aside from BTC and ETH, the whale also opened a $31 million short position on Chainlink (LINK) with 10x leverage and placed short orders on GMX.

A Major Threat in the Crypto Market: Stolen Funds and High-Leverage Trades

ZachXBT’s comments have reignited concerns about stolen funds re-entering circulation through decentralized finance (DeFi) protocols. The situation also highlights how cybercriminals exploit high-leverage trading to gamble with illicit funds, posing a significant risk to the overall market.

While the true identity of this whale remains undisclosed, the broader question for the crypto ecosystem is how to address these high-risk scenarios and prevent bad actors from destabilizing the markets.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Big Bet from ZachXBT on Whale in Hyperliquid! appeared first on Coin Engineer.

The attacker executed nine different transactions successful in zeroing the balance of the Monero CCS Wallet.

You might like: Charlie Munger: Bitcoin Disrupts the Financial System!

Moonstone Research undertook the task of exploring how the attacker moved these funds. The security company’s analysis revealed some interesting results. Additionally they were able to track three of the attacker’s transfers with certainty. Also 2 months after the attack, XMR developer Luigi, one of the two people who had access to the wallet seed phrase, declared on GitHub that the wallet had been completely emptied. According to Luigi, he noticed this situation a month after the theft.

The other person with access was former Monero (XMR) developer, known as “fluffypony”, Ricardo Spagni. He surrendered to US authorities for extradition to South Africa in July 2023 and was accused here of invoice fraud against a biscuit company.

You can freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Monero (XMR) Community Funding Wallet Stolen! appeared first on Coin Engineer.