Crypto Whale Suffers Major Loss in Prolonged Hack
A veteran in the cryptocurrency space, referred to as “HEX 19,” has suffered a staggering loss of approximately $4.5 million due to a gradual hacking incident that drained his staked HEX (HEX) assets over several years. Initially, it appeared that a whale was liquidating their holdings, but it soon became apparent to the community that he was a victim of a significant exploit rather than a willing participant.
Details of the Cyberattack
The attack began in November 2021 and involved various phishing wallets, ultimately linked to a cybercriminal entity known as “Konpyl,” recognized by crypto investigators for their illicit activities. This breach not only impacted the price of HEX but also unveiled a network of fraudulent schemes associated with the Inferno Drainer and a separate $1.6 million scam involving a fake Rabby wallet that surfaced in February 2024.
Connections Between HEX Hackers
An anonymous blockchain investigator shared insights with Cointelegraph, noting that there was a direct correlation between the wallets involved in the fake Rabby app scam and those linked to the stolen funds from HEX19. The hacker’s operations were not isolated incidents; investigations revealed repeated appearances of the same wallet addresses across numerous phishing campaigns and illicit financial activities.
Investigating the Hacker’s Identity
The investigation conducted in October 2024 by Cointelegraph’s Magazine examined both on-chain and off-chain evidence, suggesting that Konpyl is associated with Konstantin Pylinskiy, who reportedly manages a Dubai-based investment firm. Pylinskiy has denied any connection to the scams. According to the investigator, the breach of HEX19 was facilitated by the victim’s storage of their seed phrases in cloud services, a risky practice that has led to numerous breaches.
Chronology of the HEX Hack
The initial transfer of funds from HEX19’s wallet commenced on November 21, 2021, although it is believed the wallet may have been compromised earlier, on November 3, when funds were sent to one of the hacker’s wallets. On that day, nearly $4 million was siphoned off through nine transactions, primarily consisting of HEX tokens. The stolen funds were directed to an address identified as HEX Hacker 1 (HH1), which subsequently split the stolen assets across multiple wallets.
Tracing Laundering Efforts
HH1 began dispersing the stolen funds on the same day, transferring $2.64 million in HEX to another wallet designated as HEX Hacker 2 (HH2). Subsequent transactions continued to move funds, with significant amounts funneled through various platforms, including Tornado Cash, a well-known Ethereum anonymizing service, to further obscure the trail. The laundering process also intersected with high-risk wallets flagged for suspicious activities.
Emergence of Additional Hackers
On May 16, 2024, a third wallet, referred to as HEX Hacker 3 (HH3), initiated withdrawals from the compromised HEX19 account, obtaining around $108,000 in HEX. This wallet was connected to another address previously identified in relation to an Inferno Drainer scam. A fourth wallet, HEX Hacker 4 (HH4), began siphoning funds from HEX19 starting January 12, 2024, and also interacted with a wallet linked to the fake Rabby wallet scheme.
Reflections on the HEX19 Hack
Having experienced the highs and lows of the crypto market, HEX19, a retired technology veteran, faced a shocking realization as millions were drained from his wallet in a single day. Despite filing police reports, he found little recourse from exchanges. With remaining staked assets now seen as liabilities, he understood that the hackers would likely continue to exploit the situation. Cointelegraph has tracked at least 180 suspicious transactions from November 2021 to October 2024, amounting to over $4.5 million in losses.
“Hearing the news is gut-wrenching, and I felt the need to confess to my family about my mistake,” HEX19, reportedly in his 80s, recounted in a conversation with a member of the HEX community shortly after the incident. Cointelegraph reached out to HEX19 for further comment but did not receive a reply. Despite the financial blow, HEX19 remains composed, stating, “We live a simple life without debt and cherish our family. There’s more to life than just money.” He hopes his story will serve as a cautionary tale for others regarding the risks of storing seed phrases online.
