Crypto Whale Loses $4.5 Million to Long-Running Hack
An elderly cryptocurrency investor, referred to as “HEX 19,” has reportedly lost approximately $4.5 million due to a protracted hacking incident that systematically drained his staked HEX tokens over several years. Initially perceived as the actions of a whale cashing out, the truth soon emerged that HEX 19 had fallen victim to a significant exploit rather than making a voluntary move to unstake his assets. The cyber intrusion, which originated in November 2021, involved multiple phishing wallets and has been linked to an online operator known as “Konpyl,” a figure well-known to those tracking malicious activities in the crypto sphere.
Impact of the Breach on HEX Token
The hacking incident not only had a detrimental effect on the price of the HEX token but also unveiled a complex network of fraudulent schemes associated with the Inferno Drainer and a $1.6 million scam involving a counterfeit Rabby wallet that surfaced in February 2024.
Connections Between HEX Hackers and Other Scams
A blockchain investigator, who requested anonymity, shared insights with Cointelegraph regarding the connections between the wallets implicated in the fake Rabby wallet scam and the funds belonging to HEX19. The investigator noted that the stolen assets were funneled directly into wallets that were utilized to launder proceeds from illicit operations associated with the Inferno Drainer. The first significant outflow from HEX19’s wallet was recorded in November 2021, continuing over the years as the hacker unlocked assets that had been staked for extended periods, with some being prematurely closed at a cost to HEX19.
Recurring Patterns in the HEX19 Hack
As investigators delved deeper into the wallets linked to the HEX19 hack, it became evident that this incident was not an isolated event. The same addresses repeatedly surfaced across various phishing operations, wallet draining incidents, and laundering schemes. The wallets associated with the HEX19 hacker, the counterfeit Rabby wallet scam, and several operations connected to Inferno Drainer all share a common address linked to the individual known as Konpyl.
Further Investigations Uncover Suspected Scammer
In an inquiry conducted in October 2024, Cointelegraph’s Magazine examined both on-chain and off-chain evidence collected by a blockchain investigator and a U.S. government agency, suggesting a connection between Konpyl and Konstantin Pylinskiy, an executive from a Dubai-based investment firm who is known to use the nickname in his online presence. Pylinskiy has denied any wrongdoing or affiliation with scams. According to the investigator, HEX19’s vulnerability stemmed from the fact that the victim had stored his seed phrases in the cloud. Transaction records indicate that the hackers utilized the victim’s funds for initial transfers to their illicit accounts, a strategy characteristic of Konpyl-related operations.
Tracing the Flow of Stolen Funds
The initial transfer of funds from HEX19’s wallet occurred on November 21, 2021, although blockchain evidence suggests that the wallet might have been compromised as early as November 3. On November 21, HEX19 experienced a drain of nearly $4 million through nine separate transactions, predominantly in HEX tokens. The primary recipient of these stolen assets was an address we will refer to as HEX Hacker 1 (HH1). That same day, HH1 began redistributing the stolen funds, transferring $2.64 million (equivalent to 12.33 million HEX) to another wallet designated as HEX Hacker 2 (HH2).
Complex Laundering Tactics Unveiled
Subsequent transactions included a transfer on December 10, 2021, of an additional 616,700 HEX (valued at roughly $86,700 at the time) from HH1 to HH2. On February 18, 2022, HH1 moved 5.2 million HEX (worth about $1 million at the time) and some Ether (ETH) to another address, where the funds remain unaccounted for to this day. The HH2 wallet appears to play a crucial role in the laundering efforts, having sent over $1 million to Tornado Cash, a well-known anonymizing service on the Ethereum network, between December 2021 and March 2022.
Connection to Other Scam Operations
HH2 also sent $106,758 in Dai (DAI) to an intermediary wallet that was active in decentralized finance (DeFi) applications like 1inch, further complicating the tracking of the funds. This intermediary wallet interacted with a high-risk address flagged for over 70 suspicious transactions. On May 16, 2024, a third wallet, HEX Hacker 3 (HH3), began withdrawing funds from the compromised HEX19 account, receiving approximately $108,000 in HEX. HH3 has ties to an address previously identified in connection with the Inferno Drainer-linked scams, while a fourth wallet, HEX Hacker 4 (HH4), entered the fray on January 12, 2024, continuing to siphon funds from HEX19 through March.
Reflections on the HEX19 Incident
HEX19, a retired technology expert, has experienced both market highs and lows but never faced a situation where millions vanished from his digital wallet within a single day. He reported the incident to law enforcement, but exchanges offered little assistance. With remaining staked assets, including long-term HEX locks, becoming potential targets, HEX19 understood the hackers would likely exploit these opportunities. Cointelegraph has identified at least 180 suspicious transactions from November 2021 to October 2024, amounting to over $4.5 million in losses. Although HEX19 still has nine active stakes, their values are diminished compared to those drained by the attackers.
Finding Perspective After Loss
“You feel a sinking feeling, and then you think, ‘Oh no, I have to explain this to my family,’” HEX19 expressed in an interview with a member of the HEX community shortly after the incident. Cointelegraph made attempts to reach HEX19 for further commentary but received no response. Despite the significant financial loss, HEX19 maintains a remarkable sense of composure: “We’re retired, live debt-free, and have a simple lifestyle. We cherish our family and enjoy life beyond monetary concerns,” he noted during the community interview in 2021. Although he has little hope of recovering the lost funds, he wishes for his experience to serve as a cautionary tale for others considering storing their seed phrases online.
