On April 30, 2023, 0x1f598068ac3645c72be2ea4c06bf62f5ab04ceef consolidated 2,918 ETH from 20+ other addresses on Ethereum mainnet. Searching our support box for these addresses yielded 88+ tickets dating back to June 2021 and continuing thru today (May 14th, 2023)
It is unusual for a search of the support box for hacker/theft addresses to surface such a large number of tickets as our team never asks for the hacker addresses—only the user's addresses and/or txn hashes.
The fact there are so many tickets explicitly referencing these theft addresses is an indicator both of how prolific this attack is, as well as the nature of the attack.
All tickets were "Unauthorized Txns" or "Compromised Wallet".
Further, a large number of the tickets from 2021 include users reporting that they sent to the wrong address, that they have a "changing address, their "address changed when clicking copy to clipboard", that they have "multiple addresses." Without diving into this more, it's likely the source of these users compromises was a malware that changed the users address on copy (at least back in 2021). It's possible the attacker evolved over time as more recent tickets don't mention this (most users are perplexed as to the source of compromise)
0x19AeB8cA25f0A9EF4d40505deF84079b79fD661C - April 2023-May 2023 (today) - 3 tickets
0xE5758Deb4C05e45671E34829312c1cDf33dd580C - March 2023-April 2023 - 4 tickets
0xb7cb6f48be84d7648bb76f4d968a89618e5ba0e2 - Jan 2023-Feb 2023 - 2 tickets
0x870CdF31020A7D10F604A41bA90b87A76F0a2903 - Jan 2023 - 10 tickets
0x89e7d7b622Fe0dcC53c42CEe12A9EBDC9FA29C82 - Oct 2022-Nov 2022 - 5 tickets
0xcbea84E09b949fE0D713897448D472847789e48e - Aug 2022-Nov 2022 - 7 tickets
0x118A52F44a9a7c8D526436CBbC38bD49C7Db0426 - Jul 2022-Aug 2022 - 6 tickets
0x91e36fC3F9B7873D618EfEaE755958bc6ede898e - Jul 2022-Aug 2022 - 16 tickets
0xcfdaE13F64271bE408Ed5AE136a0E1EFC291a2f0 - Feb 2022-March 2022 - 5 tickets
0xC663D040146B21FE6dbFa9bE228F44CeD02C0735 - Nov 2021-Jan 2022 - 8 tickets
0xb1a28bD06Ffa8CA3955f02fA4bd4Baf12dED91EE - Sept 2021 - 1 tickets
0xa3B0422Fb23d8E0F0EaF243cDa405Dc12ECf2932 - Aug 2021-Sept 2022 - 6 tickets
0x3BE343277d6B3A6733C28C098feF3d64adAE5819 - July 2021 - 2 tickets
0x6d719f3164c9E7Cc4Ff85C6037bCdA4fb4E0f879 - June 2021-Dec 2021, Jan 2022, March 2022, Aug 2022 - 12 tickets
0x33F4A11d10DfAAe78283D28A0c388429Eac6b68d - June 2021 - 1 tickets
The following addresses had no support tickets explicitly mentioning the address: