Comment by Etheryte
4 months ago
Yeah this makes no sense whatsoever.
> [The hacker] took control of the specific ETH cold wallet and transferred all the ETH in the cold wallet to this unidentified address.
Did the hacker physically break into their office or what?
Possibly yes
Or some part of their system failed and the key was compromised without them realising it (like the Debian insecure keys debacle or whatever)
The wallet is a smart contract (specifically a gnosis safe), the malicious message they signed transferred ownership of that smart contract wallet to the attacker so they could then do whatever they want with it.