Once upon a time, in the murky waters of the crypto ocean, there lived an elderly whale known as “HEX 19.” This whale, who had amassed a fortune in HEX tokens, was about to experience a psychological earthquake that would rattle his digital world. 🐳💥
😱 EUR/USD Under Siege: Trump’s Tariffs to Ignite Chaos!
Prepare for unpredictable market swings triggered by new policies!
View Urgent ForecastAt first, it seemed like HEX 19 was simply cashing out his tokens. But oh, how wrong the community was! It wasn’t long before they realized that this wasn’t a voluntary unstaking—it was a slow-moving hack that had been draining his staked HEX over multiple years. 🕵️♂️💻
The cyberattack began in November 2021, weaving through multiple phishing wallets and leading back to an online entity known as “Konpyl,” a name that sends shivers down the spines of crypto investigators. 🕷️🕸️
This breach didn’t just shake the token’s price; it exposed a tangled web of fraudulent operations tied to Inferno Drainer and the infamous $1.6 million fake Rabby wallet scam of February 2024. 🕵️♀️🔍
HEX Hackers and the Web of Connections
A blockchain investigator, who spoke to CryptoMoon on condition of anonymity, revealed, “There’s direct counterparty exposure with wallets used in the fake Rabby app scam as well as the HEX19 Victim’s funds flowing directly into wallets used to launder illicit Inferno Drainer phishing scam proceeds.” 🕵️♂️💼
The first major batch of outflows from the victim’s wallet occurred in November 2021 and has continued over the years as assets locked away in decade-long stakes continued to unlock, some prematurely closed by the hacker with penalties. 🕰️💣
The deeper investigators dug into the wallets tied to the HEX19 hack, the more it became clear that this wasn’t a one-off for the hacker. The same addresses appeared again and again across phishing campaigns, wallet drainers, and laundering trails. 🕵️♀️🔗
Wallets used by the HEX19 hacker, the fake Rabby wallet scam, and several schemes related to Inferno Drainer, share a common address: Konpyl. 🕵️♂️🔍
In an October 2024 investigation, CryptoMoon Magazine analyzed on- and offchain evidence gathered by an investigator and a US government agency which links Konpyl to Konstantin Pylinskiy, an executive of a Dubai-based investment firm who uses the nickname in his online activities. Pylinskiy has denied any involvement with scams. 🕵️♀️🏢
The investigator said the attack on HEX19 was possible because the victim had stored his seed phrases in the cloud. Transaction records show that the hackers use victim funds for initial transfers to their illicit accounts, a common trait of Konpyl-linked schemes. ☁️💾
“The HEX19 hacker follows similar patterns from other scams by ‘Konpyl,’” they said. 🕵️♂️🔄
In a November 2024 report, CryptoMoon learned that Konpyl-linked wallets had a high number of interactions with scams connected to Inferno Drainer, a scam-as-a-service threat actor. Fantasy, a forensics specialist and investigations lead at crypto insurance firm Fairside Network, told CryptoMoon that Konpyl may possibly function less as a direct attacker and more as a laundering proxy. 🕵️♀️💼
Inside the HEX Hack
The first batch of funds started moving out from the wallet on Nov. 21, 2021, but blockchain records show that the wallet may have been compromised as early as Nov. 3, as the victim wallet (0x97E…7a7df) had an outflow to one of the hacker’s wallets. 🕵️♂️💻
-
On Nov. 21, the HEX19 was drained nearly $4 million across nine separate transactions. The majority of the losses were in HEX tokens. The primary destination was address 0xcfe…8A11D, which we will call HEX Hacker 1 (HH1).
-
That same day, HH1 began splitting the stolen funds. It sent $2.64 million (12.33 million HEX) to a second wallet 0xA30…2EA17, or HEX Hacker 2 (HH2).
-
A follow-up transaction on Dec. 10, 2021, sent another 616,700 HEX (worth around $86,700 at the time) from HH1 to HH2.
-
Then, on Feb. 18, 2022, HH1 transferred 5.2 million HEX (worth about $1 million at the time) and some Ether to yet another address: 0x719a…4Bd0c, where the funds remain parked to this day.
The HH2 wallet appears central to laundering efforts.
-
From December 2021 to March 2022, HH2 sent over $1 million to Tornado Cash, Ethereum’s best-known anonymizing protocol.
-
HH2 also transferred $106,758 in DAI to an intermediary wallet, 0x837…2Ba9B, which was used to interact with DeFi platforms like 1inch to further obscure or swap funds.
-
The intermediary interacts with 0x7BF…C4eAa, a wallet that received direct inflows from Konpyl (an online persona that has appeared in numerous phishing and draining operations).
-
HH2’s laundering chain also intersects with a high-risk wallet — 0x909…e4371 — flagged for over 70 suspicious transactions.
-
On May 16, 2024, a third wallet Hex Hacker (HH3) wallet 0xdCe…4f0d8 began withdrawing funds from the compromised HEX19 address.
-
HH3 has received around $108,000 in HEX from the victim’s account.
-
HH3 connects to 0x87B…53d92, an address previously CryptoMoon’s November investigation as part of an Inferno Drainer-linked scam. That same wallet shares a commingling address (0xF2F…6a608) with Konpyl, which connects a March 2024 Inferno-linked scam and the Rabby wallet phishing incident.
Finally, a fourth wallet 0x7cc…59ee2 — HEX Hacker 4 (HH4) — enters the picture. Beginning on Jan. 12, 2024, HH4 began siphoning funds from the HEX19 wallet through March.
This wallet interacts with 0x4E9…c71C2, which is a known address used by the fake Rabby wallet scammer.
Lessons from the HEX19 Hack
HEX19, the retired tech veteran has been through booms and busts before — just not ones that emptied millions of dollars from his digital wallet in a single day.
He filed police reports and exchanges couldn’t do much to help, he said. The remaining staked funds, including 10-year HEX locks, became ticking time bombs. He knew the hackers had access, and they were just waiting to extract more.
CryptoMoon has found at least 180 suspicious transactions from November 2021 to October 2024, totaling over $4.5 million. The victim’s wallet still has nine active stakes remaining, though their values aren’t as significant as those prematurely closed and withdrawn by the thieves.
“We’re retired. We live without debt. We live very simply. We have a great family, awesome daughters, granddaughters,” he said in the 2021 community interview. “There’s more to life than money.”
While he doesn’t expect to recover the funds, he does hope his experience helps others think twice before storing their seed phrases online.
Read More
- Solo Leveling Season 3: What You NEED to Know!
- Rachel Zegler Claps Back at Critics While Ignoring Snow White Controversies!
- OM PREDICTION. OM cryptocurrency
- Oshi no Ko Season 3: Release Date, Cast, and What to Expect!
- Oblivion Remastered: The Ultimate Race Guide & Tier List
- Captain America: Brave New World’s Shocking Leader Design Change Explained!
- Gold Rate Forecast
- Meta launches ‘most capable openly available LLM to date’ rivalling GPT and Claude
- Fantastic Four: First Steps Cast’s Surprising Best Roles and Streaming Guides!
- How to Get to Frostcrag Spire in Oblivion Remastered
2025-04-11 14:10