Source: Cointelegraph Original: "{title}"

A senior cryptocurrency whale known as "HEX 19" lost nearly $4.5 million in a slow-moving hacking attack, with his staked HEX (HEX) being gradually depleted over the years.

At first, it seemed like a HEX whale was cashing out. But soon, the community realized he did not actively unstake his tokens—he became a victim of a major attack.

The cyber attack began in November 2021, involving multiple phishing wallets, and was traced back to an online entity known as "Konpyl," a threat actor familiar to cryptocurrency investigators.

This breach not only shook the token's price but also exposed a series of frauds related to the Inferno Drainer and a fake Rabby wallet scam worth $1.6 million in February 2024.

The price of HEX tokens dropped after the HEX19 hacking incident Source: CoinGecko

A blockchain investigator who spoke anonymously with Cointelegraph stated, "There is a direct counterparty exposure with the wallets used in the fake Rabby app scam, and the funds of the HEX19 victim flowed directly into wallets used to launder the illegal proceeds of the Inferno Drainer phishing scam."

The first major outflow from the victim's wallet occurred on November 21, 2021, and continued over the years as assets locked in a ten-year stake were gradually unlocked, some of which were prematurely closed by the hacker and penalized.

HEX19's wallet lost nearly $4 million on November 21 Source: Arkham Intelligence

As investigators delved into the wallets associated with the HEX19 hack, it became increasingly clear that this was not a singular hacking event. The same addresses repeatedly appeared in phishing activities, wallet drainings, and money laundering trails.

The wallets used in the HEX19 hack, the fake Rabby wallet scam, and several schemes related to the Inferno Drainer shared a common address: Konpyl.

In an investigation in October 2024, Cointelegraph's magazine analyzed on-chain and off-chain evidence collected by an investigator and U.S. government agencies, linking Konpyl to Konstantin Pylinskiy, an executive at an investment company in Dubai, who used this nickname in his online activities. Pylinskiy denied any connection to the scams.

Investigators stated that the attack on HEX19 was possible because the victim stored his seed phrase in the cloud. Transaction records show that the hacker used the victim's funds for initial transfers to their illegal accounts, a common feature of Konpyl-related schemes.

"The HEX19 hacker followed a similar pattern to other scams associated with 'Konpyl,'" they said.

In a report from November 2024, Cointelegraph learned that wallets associated with Konpyl had extensive interactions with scams related to the Inferno Drainer, a scam-as-a-service threat actor.

Fantasy, a forensic expert and head of investigations at Fairside Network (a cryptocurrency insurance company), told Cointelegraph that Konpyl might be more of a money laundering agent rather than a direct attacker.

The first funds began transferring from the wallet on November 21, 2021, but blockchain records indicate that the wallet may have been compromised as early as November 3, as the victim's wallet (0x97E…7a7df) had an outflow to one of the hacker's wallets.

The HH2 wallet appears to be at the core of the money laundering efforts.

Finally, a fourth wallet, 0x7cc…59ee2—HEX Hacker 4 (HH4)—came into the picture. Starting January 12, 2024, HH4 began siphoning funds from the HEX19 wallet through March.

This wallet interacted with an address known to be used by the fake Rabby wallet scammers, 0x4E9…c71C2.

HEX19, a retired tech veteran, has experienced both booms and busts—just never one where millions were drained from his digital wallet in a single day.

He reported it to the police, saying the exchanges could do nothing to help. The remaining staked funds, including the ten-year locked HEX, became a ticking time bomb. He knew the hacker had gained access and was just waiting to extract more.

Cointelegraph identified at least 180 suspicious transactions totaling over $4.5 million from November 2021 to October 2024. The victim's wallet still has nine active stakes, although their value is not significant compared to those that were prematurely closed and withdrawn by the hacker.

The value of active stakes is less than those closed by the hacker Source: HEXscout

"You have this gut feeling, and you say, 'Oh my God.' Then you say, 'Oh my God, I messed up again, I have to tell my family,'" HEX19, reportedly an octogenarian retiree, said shortly after being interviewed by HEX community member Mati Allin. Cointelegraph attempted to contact HEX19 but did not receive a response.

Despite the losses, HEX19 remained surprisingly calm: "We are retired. We live without debt. We live very simply. We have a great family, wonderful daughters, and granddaughters," he said in a community interview in 2021. "Life is more than just money."

Although he does not expect to recover the funds, he hopes his experience will help others think twice before storing seed phrases online.

Related Articles: Australian regulators to shut down 95 "bullish" companies related to cryptocurrency and romance scams.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。