I have been following his thread on Twitter and it’s scary what he discovered. Apparently there were some people whose cold storage and hardware wallet funds were also drained. And he still can’t find the flaw.
Many ETH ICO tokens which were never moved were also stolen and these were OG unlike new retail users. Only thing I can think of is the last pass hack and they kept their seed hosted there. Since the hacks started around that time.
If coins in hardware wallets can be stolen, might this exploit be something that can give the hacker the ability to bruteforce the seed phrases? An exploit like this that has stolen
only $10 million must have been done only through bruteforcing means because it is taking much time. Unless the hacker is smart and does want to be very public on what he discovered hehe.
@o48o. Thank you, I have changed it already.