Blog

The whale, the hack and the psychological earthquake that hit the hex

Photo of cryptobizinvest.com cryptobizinvest.com Send an email April 11, 2025
0 0 4 minutes read


An elderly crypto whale known as “Hex 19” lost nearly $ 4.5 million in a slow moving hack that drain his staked hex for many years.

At first, it was like a hex whale cashing out. But it wasn’t long before the community realized that he could not help but not move his tokens – he became a victim of a major exploitation.

Cyberattack began in November 2021, touched many phishing wallets and that -back to an online creature known as “konpyl,” a threat actor who was familiar with crypto investigators.

The violation not only trembles the price of the token but also exposed a web of fraudulent operation tied to Inferno drainer and the $ 1.6 million fake rabby wallet scam of February 2024.

The price of the hex token sank following the hex19 hack. Source: Co ringecko

Hex hacker and the web of connections

A blockchain investigator who spoke to the cointelegraph in anonymous conditions said, “There is a direct exposure to the counterpart with the dominant dom19 victims that flow directly into the dominates used to prevent the proof of the prohibited Inferno Drainer Phishing scam.”

The first major batch of flows from the victim’s purse occurred in November 2021 and continued in recent years as properties locked within decades of stakes continued to unlock, some prematurely closed hacker with penalties.

Hex19 Wallet lost nearly $ 4 million on November 21. Source: Arkham Intelligence

Related: ThorChain to Crossroads: Decentralization conflict has prohibited activity

The deeper investigators have dug in purses tied to the Hex19 hack, becoming more clear that this is not a one-off for the hacker. Both addresses appear repeatedly in phishing campaigns, purse canals and laundering lanes.

The wallets used by the Hex19 hacker, the fake rabby wallet scam, and some schemes related to Inferno drainer, share a standard address: konpyl.

In an investigation in October 2024, the Cointelegraph magazine reviewed On- and offchain evidence An investigator and a US government agency have gathered that Konpyl is connected to Konstantin Pylinskiy, an executive of a Dubai-based firm who uses a nickname in his online activities. Pylinskiy has declined any involvement in the scams.

The investigator said the attack on hex19 was possible because the victim stored his seed phrases in the cloud. Transaction notes show that hackers use victim funds for initial transfers to their prohibited accounts, a common feature of konpyl -associated schemes.

“The Hex19 Hacker follows similar patterns from other scams by ‘Konpyl,'” they said.

In a November 2024 report, Cointelegraph found that purses associated with konpyl had a high number of contacts in The scams connected to inferno drainerA scam-as-a-service threat actor. Fantasy, an expert in forensics and investigation led to the crypto insurance firm Fairside Network, told Cointelegraph that Konpyl could work less as a direct attack and more as a laundering proxy.

Inside the hex hack

The first group of funds began to move from purse on November 21, 2021, but the Blockchain notes show that the purse could be compromised early on November 3, as the victim of the victim (0x97E … 7a7df) had the Pag -Pag in one of the hacker’s purse.

  • On November 21, the Hex19 drained nearly $ 4 million throughout nine separate transactions. Most losses are in the hex tokens. The main destination is address 0xcfe … 8a11dthat we will call Hex Hacker 1 (HH1).

  • That same day, HH1 began dividing the stolen funds. It sent $ 2.64 million (12.33 million hex) to a second purse 0xa30 … 2EA17or hex hacker 2 (HH2).

  • A follow-up transaction on December 10, 2021, sent another 616,700 hex (worth around $ 86,700 in time) from HH1 to HH2.

  • Then, in February. 18, 2022, HH1 moved 5.2 million hex (costs nearly $ 1 million in time) and some ether to another address: 0x719a … 4bd0cwhere the funds remain parked to this day.

The HH2 purse will appear in the center of cooking efforts.

  • From December 2021 to March 2022, HH2 sent more than $ 1 million to Tornado Cash, the well -known protocol of Ethereum.

  • Hh2 din moved $ 106,758 in Dai in an intermediary wallet, 0x837 … 2ba9bused to interact with defi platforms such as 1inch to more blurry or change funds.

  • The mediator interacting included 0x7bf … C4 pointsA purse that received direct flow from Konpyl (an online persona that appeared in many phishing and draining operations).

  • HH2 laundering chain also puts intersects with high risk purse- 0x909 … e4371 -that -flag for more than 70 weakening transactions.

  • On May 16, 2024, a third purse Hex Hacker (HH3) purse 0xdce … 4F0D8 began to remove funds from the compromised hex19 address.

  • HH3 received nearly $ 108,000 in hex from the victim’s account.

  • HH3 relates to 0x87B … 53D92. Both wallet shares a commingling address (0xf2f … 6A608) with Konpyl, which connects a March 2024 linked scam and the incident of Rabby Wallet Phishing.

Finally, a fourth purse 0x7cc … 59EE2 – Hex Hacker 4 (HH4) – Entering the picture. Beginning January 12, 2024, HH4 began the stopping of funds from the Hex19 purse to March.

Related: From Sony to Bybit: How the Lazarus Group became supervillain

This purse interacting included 0x4E9 … C71C2which is a well -known address used by fake rabby wallet scammer.

Lessons from hex19 hack

Hex19, the retired veteran of tech was through booms and busts before – not just the empty millions of dollars from his digital purse on a single day.

He filed police reports and the exchanges could not be made to help, he said. The remaining staked funds, including the 10-year hex locks, have become time bombs. He knew the hackers had access, and they were just waiting to pick up more.

Cointelegraph was found at least 180 weak -suspected transactions from November 2021 to October 2024, reaching over $ 4.5 million. The victim’s purse still has nine active stakes left, although their values ​​are of insignificant as prematurely closed and recovered by thieves.

Active stakes do not as important as closed hackers. Source: Hexscout

“You have this feeling in the pit of your stomach and you said, ‘Oh my God.’ And then you say, ‘Oh, Geez, I have to tell my family that I was back up again,’ “Hex19, which was a retireree in the 80s, said an interview with Hex Community Member Mati Allin soon after exploitation. Cointelegraph tried to interact with Hex19 but did not receive a response.

Despite the loss, the hex19 maintains a surprising feeling of calm: “We are retiring. We live without debt. We live simple. We have a good family, amazing -wonderful daughters, grandchildren,” he said in a community interview of 2021. “More in life than money.”

While he does not expect to recover the funds, he hopes his experience will help others think twice before hiding their phrases online.

Magazine: Financial nihilism finished in crypto – it’s time to dream again big