Crypto Trader’s Wallets Drained In Telegram Attack Leading To Over $200K Loss Across Three Chains

Wallets Drained Across Ethereum, Base And BSC In Under An Hour

Crypto trader and X personality Unihax0r was left with losses exceeding $200,000 after two of his wallets were drained in a rapid multi-chain incident on 11 May 2026.

The funds were taken across Ethereum, Base, and BSC in what on-chain analysts describe as a coordinated private key compromise rather than a smart contract exploit.

Unihax0r posted on X,

“Just got drained or hacked for more than 200k. Sick to my stomach.”

He also shared the attacker’s wallet address and a request for help tracing the stolen assets.

Was It A Private Key Leak Linked To Telegram Bot SIGMA

Early investigations point towards a private key leak potentially tied to the Telegram trading bot SIGMA.

Analysts noted that both compromised wallets shared a common origin through SIGMA, later imported into tools such as GMGN and Rabby Wallet.

On-chain researcher @k0braca1 assessed the activity shortly after the incident and concluded that the attacker appeared to have “full control over signing operations across multiple chains: Ethereum, Base and BSC.”

The nature of the breach rules out a typical token approval exploit, instead indicating direct access to private keys used to authorise transactions.

How The Attack Unfolded Across Multiple Chains

The drain took place over roughly 10 to 30 minutes, with transactions executed in a structured sequence across three blockchains.

The largest losses included around $125,000 in $POD tokens on Base and approximately $21,000 in $FHE on BSC, alongside additional ETH and smaller token holdings such as $SAT1.

The attacker also sent a small amount of ETH to one of the wallets beforehand, likely to cover gas fees and ensure the complete sweep of remaining balances.

Analysts view this as a sign of deliberate execution rather than opportunistic theft.

Why SIGMA Wallets Are Under Scrutiny

Attention has shifted to SIGMA, a Telegram-based multi-chain trading bot used to generate or manage the affected wallets.

Both compromised addresses were originally created through this bot, while other wallets not linked to SIGMA remained untouched.

This detail has led investigators to focus on the bot’s workflow as a possible entry point for the compromise.

Community theories include Telegram phishing through fake CAPTCHA prompts, malware or infostealer infections, device compromise, and malicious browser extensions.

However, Unihax0r stated that no unusual Telegram sessions were detected on his account.

The stolen assets were moved to an externally owned wallet controlled by the attacker and are already being routed through mixing processes, making recovery increasingly difficult.

Where The Stolen Funds Went And Recovery Chances

On-chain data shows the funds are currently held in attacker-controlled addresses, mainly on Base, with signs of early obfuscation activity.

Community trackers and investigators have stepped in to trace the movement, though recovery prospects are considered low given the speed of fund dispersion.

The attack has effectively rendered both wallets unusable, with recommendations from security observers urging migration to fresh wallets.

Telegram Trading Bots Under Growing Security Pressure

The incident adds to a growing list of losses linked to Telegram-based trading tools, where wallet generation and key handling often depend on bot infrastructure rather than hardware or self-custodied security systems.

Security researchers have repeatedly warned that private keys created via Telegram bots may be exposed to multiple risks, including closed-source vulnerabilities and phishing-style bot interfaces.

Reports from industry analysts note that some bots operate without independent audits, increasing reliance on third-party trust.

Scam activity targeting Telegram users has also surged, with malware campaigns involving fake verification bots becoming increasingly common in recent months.

Previous incidents, such as the Banana Gun exploit affecting 36 wallets and resulting in roughly $1.9 million in losses, continue to highlight the recurring exposure linked to this ecosystem.