Hacked for ~3.4M sats - Need help tracking if funds hit an exchange (Clipboard vulnerability?)
Hi everyone,
I was unfortunately hacked on June 6th, 2026, at 01:01 AM. The attacker managed to drain my funds in three separate transactions sent to the exact same hacker address:
bc1qvwklr8mutvrk49zvwpvuvtxx9jdzc2gg0l0jjw
Here are the TXIDs and amounts:
193,885 sats
-> ee778ce0031ffd1c41bfc99e22a8b2a7d643f684a6d4ac498e8221dc4c65a10a
69,890 sats
-> 776b0caa9fd34dbaecdbd2f76e1f8f544afbc3b1d9fad862491afb8ee2e88000
3,152,496 sats
-> 20656c02472ae54795cb08219d83125138c887c1f1c575c399c424aae35d520a
I have never shared my seed phrase with anyone. The only vector I can think of is a clipboard leak. A while ago, I copied my seed phrase from Cake Wallet to test Blue Wallet on my iPhone. I suspect I forgot to clear my clipboard, and a malicious website or app read it while I was browsing.
Note: I have already secured my remaining/future funds by creating a brand new wallet on a clean setup and moving everything there.
I know Bitcoin transactions are irreversible and these funds are gone. However, I want to know if these funds have eventually landed on a centralized exchange (KYC'd wallet) where a police report could potentially freeze them.
Could anyone with blockchain forensics experience help me track where the hacker moved the funds after hitting that address? How can I check if they reached an exchange?
Thanks for your help.
[link] [comments]