Skip to content

[NEW]: Hundreds of IOTA wallets drained in ongoing theft, millions laundered through Binance and KuCoin #1277

New issue
New issue
Open
Open
[NEW]: Hundreds of IOTA wallets drained in ongoing theft, millions laundered through Binance and KuCoin#1277
@albertolive

Description

@albertolive
albertolive
opened on Feb 17, 2026

Date

July 2025 (ongoing as of February 2026)

Description

Someone has been systematically draining IOTA wallets since at least July 2025. On-chain analysis shows over 600 wallets were emptied to zero and their funds routed to a single aggregator address — roughly 10.5 million IOTA in total. Eighteen wallets were drained on the same day (September 8, 2025), suggesting the operation is at least partially automated. The stolen funds are laundered through layers of intermediate addresses before being deposited to Binance and KuCoin. A dedicated Binance feeder address has sent millions of IOTA to the Binance hot wallet across dozens of transactions, and multiple KuCoin feeders have moved hundreds of thousands more. The aggregator still holds around 270,000 IOTA and continues to actively cycle funds — the most recent confirmed Binance deposit was 72,561 IOTA on February 12, 2026. At least one victim suspects the compromise originated from unauthorized access to their password manager, has filed a police report with the Catalan Police, and mapped the full chain of custody from their wallet to the exchanges using publicly available blockchain data. A second victim independently confirmed their funds ended up at the same aggregator.

Links

Agreement

  • I irrevocably agree to release my contribution under the CC-BY 3.0 License

Attribution name

albertolive

Personal link

https://github.com/albertolive

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions