Jul 14, 2026 · 8:15 AM
Subscribe
Home Crypto

An early Solana whale lost 14.2 million dollars after five years of silence

A Solana wallet dormant since the network's 2020 genesis distribution suddenly unstaked and moved 180,900 SOL, worth about 14.2 million dollars, to another address, leaving less than 1 SOL behind. Investigator ZachXBT and Specter Investigation traced part of the funds bridging to Ethereum, but the attack method and the identity behind it remain unknown.

Judith Murphy
· 4 min read · 555 views
An early Solana whale lost 14.2 million dollars after five years of silence

A wallet that hadn't moved a single coin since Solana's 2020 genesis distribution just closed its staking positions and sent 180,900 SOL to a stranger. Nobody has said how they got in.

The wallet sat untouched for more than five years. It held SOL from Solana's original 2020 genesis allocation, the batch of tokens handed out when the network launched, and on-chain watchers treated it as one of the chain's oldest dormant holders. Then July 10 arrived. The wallet unstaked its positions across multiple accounts and moved roughly 180,900 SOL, worth about 14.2 million dollars at the time, to a separate address. It left less than 1 SOL behind.

On-chain investigator ZachXBT flagged the pattern, working with Specter Investigation, which first spotted the unusual unstaking activity, according to reporting from Cointelegraph and KuCoin. The two traced part of the stolen SOL as it moved from Solana to Ethereum and was split across several wallets. No deposit to a centralized exchange has been confirmed. Neither has any conversion to fiat. For now, the money is just sitting there, spread across addresses investigators are still watching.

Here's what nobody can answer yet: how the attacker got in. ZachXBT hasn't named a suspect or tied the theft to a known hacking group. The Coin Republic reported that the wallet's collapse landed as SOL was testing support near 74 dollars, which added market anxiety to a theft that was already ugly enough on its own.

The Key Was the Real Target

Genesis-era wallets are a specific kind of target. They were funded before Solana had a large retail ecosystem, before chain-specific custody tools were common, and before most holders had a serious playbook for storing that much value for years. A private key generated in 2020 might live on an old laptop, in a password manager nobody rotates, or on paper that has moved through two apartments and a storage box. None of that shows up on-chain. What shows up is silence, then a sudden eight-figure transaction.

That's the part you should sit with. This wasn't a smart contract exploit or a bridge vulnerability. It targeted a person, or whatever process that person used to hold a key for half a decade. Frankly, that's a harder problem to fix than a bug in code. You can audit a program. You can't audit five years of someone's private security habits after the fact.

The attack didn't need to touch Solana's protocol layer at all. Unstaking, transferring, bridging to Ethereum, these are normal actions that any wallet holder can take. The network sees a valid signature and processes the instruction. That's it. The theft only becomes visible once someone like ZachXBT notices a five-year-dormant address suddenly moving 180,900 SOL.

The Cash Out Is the Hard Part

Whoever controls the keys now has a different problem: liquidating 14.2 million dollars in stolen SOL without triggering the same scrutiny that exposed the theft. Splitting funds across Ethereum wallets buys time, but it doesn't buy anonymity. Nothing does. Chainalysis, Specter Investigation and independent investigators have all built their work around following this kind of trail, especially when stolen funds eventually touch bridges, mixers, exchanges or stablecoin issuers.

That doesn't mean recovery is automatic. It rarely is. A thief can wait, move slowly, swap across chains. Or just sit on it for months. But parked funds are not clean funds: every movement creates another transaction for investigators to map. That's the trap. If the stolen SOL ever reaches a compliant exchange, the address history may become the whole case.

For anyone still sitting on coins from a network's early days, that's the actual lesson. Not a slogan about self-custody. A specific, uncomfortable fact: a key that's protected you for five years hasn't necessarily been tested by five years of attackers getting better. It may not have been tested at all.

The wallet's silence wasn't security. It was luck, and luck ran out on July 10.

Also read: What Is a Crypto Basis Trade and How Funds Farm It for YieldNous Research is finalizing a $75 million round at a $1.5 billion valuationSBI Holdings Writes the Entire $125 Million Check for Gauntlet's Series C

TOPICS
Judith Murphy is a financial journalist and market analyst covering AI, technology stocks, and emerging market trends. She has contributed to multiple financial publications and brings a data-driven approach to her coverage of the technology sector and its impact on global markets.
Related Articles
More posts →
Loading next article…
You're all caught up