Blockchain sleuths flagged the movement, and on-chain traces show funds leaving addresses that start with “0x40d7” and “bc1qx0a2k.”
The assets included Bitcoin, Ethereum, Litecoin, Dogecoin, and Bitcoin Cash. As of this report, the money has not been recovered.
A US court’s decision earlier this year to lift some restrictions around mixers has raised fresh concerns that these tools can be reused to hide large thefts.
Evidence posted on August 13 linked one such fake-developer wallet to a $680,000 exploit of the project Favrr in June 2025. The methods range from phishing and fake job offers to bribery and contractor infiltration, giving attackers ways to penetrate projects from the inside.
Malware campaigns have also been used. In June, Cisco Talos documented “PylangGhost,” a campaign that used bogus coding tests and interview sites to deliver malware.
That malware targeted over 80 browser extensions and popular wallets like MetaMask and Phantom.
Law enforcement has made some moves: US agents seized $7.7 million tied to covert networks, and the FBI dismantled front companies such as Blocknovas LLC and Softglide LLC.
The $21 million breach underscores how exposed even major firms remain to state-backed hacking campaigns. For now, the case stands as another warning: Japanese crypto firm SBI lost $21 million in suspected North Korean cyberattack.
Featured image from Gemini, chart from TradingView
