Solana wallet drain: $14.2M from a 5-year dormant genesis wallet moved to another address

An early Solana wallet was compromised after about five years of inactivity, when roughly 180,900 SOL (≈$14.2M) moved out of an address linked to Solana’s genesis distribution. On-chain investigator ZachXBT flagged the activity using Specter Investigation and identified an unusual unstaking pattern: the wallet suddenly closed multiple staking accounts, then sent the released SOL to another Solana address, leaving under 1 SOL behind. Investigators report that the receiving wallet began routing SOL through cross-chain infrastructure shortly after the unstaking transactions cleared. Part of the position was traced from Solana into Ethereum, where funds were split across multiple addresses, breaking the original holdings into smaller clusters. No confirmed exchange deposit, sale, or fiat conversion was identified at the time of reporting. The attack method is still unknown. No public statement has been issued by the wallet owner or the Solana Foundation, and investigators have not confirmed whether a stolen private key, exposed seed phrase, compromised signing device, or another form of unauthorized access was involved. This Solana wallet drain follows related Solana security concerns mentioned in the broader context, including a separate incident where compromised executive devices exposed wallets tied to Step Finance, and research on wallet-generation flaws that could leave dormant addresses vulnerable. SOL was trading near $78 during the investigation, and the report suggests the activity did not trigger a clear, network-wide sell signal.
Neutral
This is a Solana wallet drain involving a single, long-dormant genesis-linked wallet and does not (yet) show confirmed exchange deposits, sales, or broad market-wide selling pressure. That typically limits direct downside for SOL in the immediate term. However, wallet-drain incidents can still have a sentiment impact. Traders may reduce risk on assets that rely on the affected custody/signing assumptions, and they may watch for secondary effects such as coordinated address clusters moving funds again across chains. The Solana-to-Ethereum routing also matters for monitoring: if additional chunks hit exchanges later, it could create delayed supply. In the short term, the most likely reaction is heightened scrutiny (spike in on-chain monitoring, cautious positioning) rather than a market selloff—similar to past “dormant wallet suddenly moves” cases, where price often remains range-bound until confirmed liquidation or exchange inflows appear. In the long term, the key driver will be whether Solana ecosystem stakeholders respond with security guidance or whether other dormant-address patterns are validated. Without attribution of the exploit vector, broader network fundamentals remain largely unchanged, keeping the overall impact neutral.