Security & Audits
Share
A perplexing incident involving a hack that targeted experienced cryptocurrency users has left top security experts scratching their heads.
On April 18, Taylor Monahan, the founder and former CEO of Ethereum wallet manager MyCrypto, took to Twitter to reveal that over 5,000 ETH had been stolen since December, which translates to more than $10.4 million at current prices.
The concerning aspect of this hack is that it affected the hardware wallets of users who had made security their top priority, as reported by Monahan.
She shared that she has been unraveling a significant wallet-draining operation for the past 48 hours and expressed that individuals who are more crypto-savvy than most and who had reasonably secure setups were among those who had their funds drained.
To clarify, the victims of this hack are not inexperienced individuals who have fallen for obvious phishing scams. According to Monahan, the attack is much more sophisticated, and it's the seasoned veterans of the crypto world who are being affected. "No one knows how," she added.
MetaMask's security team confirmed that the "unidentified exploit" has impacted various crypto users, including their own. They stated that the activity on the blockchain strongly suggests a compromise of private keys.
Disclaimer of Warranty
The information provided in this article is for general informational purposes only. We make no warranties about the completeness, reliability, and accuracy of this information. Read full disclaimer
The ongoing investigation indicates that the attack vector may be related to the compromised secret recovery phrases of these users. This could be due to the unintentionally insecure storage of these phrases somewhere along the line.
It is worth noting that crypto users rely on private keys to gain access to their digital or physical wallets and authorize transactions on the blockchain.
Monahan speculated that the attack targeted wallets created between 2014 and 2022. She suggested that someone may have obtained a substantial amount of data from one or more years ago and is slowly draining funds by parsing keys from the treasure trove. However, Monahan clarified that this is only a hypothesis, and the source of the compromise remains unidentified.
Her advice to users is to avoid keeping all their assets in a single key or secret phrase for years.
MetaMask's security team also recommends that users do not store private keys on internet-enabled devices or online.
They further advised that if a wallet is so old that one cannot remember if they have been entirely diligent with its keys, it is best to create a new wallet to safeguard the funds.
Editor's Picks
VARA Introduces Virtual Asset Derivatives Framework As Dubai Deepens Market Maturity
Walid Abou Zaki
Mar 31, 2026
7 min
Crypto-Collateral Mortgage Gap Signals Future Opportunity for Dubai
Walid Abou Zaki
Mar 28, 2026
7 min
The UAE’s Institutional Digital Assets Moment: Why Regulatory Activation Matters Now
Walid Abou Zaki
Mar 27, 2026
6 min
Read More Articles
In the Same Space
Google Warns Quantum Risks Could Expose $100 Billion in Ethereum Assets
News Desk
Mar 31, 2026
4 min
Russia Moves to Restrict Crypto Trading to Licensed Intermediaries
News Desk
Mar 31, 2026
3 min
Cairo Amman Bank and Fuze Partner to Explore Digital Asset Innovation in Jordan
News Desk
Mar 31, 2026
2 min
Midnight Privacy Blockchain Launches With Dual-Token System, Who's Behind It?
News Desk
Mar 31, 2026
4 min
