Hacker Gets Hacked After Leaving Stolen Funds Exposed On-Chain

A cryptocurrency hacker lost part of his stolen funds on Thursday after another attacker exploited a critical flaw in the hacker’s own smart contract, turning the exploit into a rare case of a hacker getting hacked on-chain.

According to blockchain data and an incident shared by on-chain analyst hklst4r on X, the initial attacker, who controlled a blockchain wallet “0x4Bf7…4481,” had earlier carried out an exploit by abusing an approval-related weakness to gain funds. He then swapped part of the profit into USDT and stored the tokens inside his own attack contract.

However, things quickly turned against him. About two hours later, another unknown blockchain user noticed a flaw in the deployed contract.

The contract contained an “unprotected Uniswap V3 callback,” which allowed outside access without proper restrictions. Using this opening, the second hacker entered the contract and took the USDT that had been left inside. The funds were not locked or protected, which made it very easy to steal.

The incident highlights a recurring theme in crypto security: human error often proves more costly than complex protocol-level bugs. Even experienced attackers can overlook basic safeguards, particularly when rushing to secure or move stolen funds.

Crypto hacks rise in 2025 

The episode comes amid what security analysts have described as a record-breaking year for crypto-related thefts. According to a previous report, hackers stole an estimated $6.5 billion worldwide in 2025, which is 51% more than in 2024. Experts said this increase happened because hackers have shifted to using smarter methods, including tricking IT staff or finding human mistakes, not just technical bugs.

Centralized platforms were attacked more than decentralized ones this year. The biggest hack happened in February, when exchange Bybit lost $1.5 billion. Chainalysis noted that North Korean hacker groups were heavily involved, using skilled IT professionals to gain privileged access to crypto companies.

Over the past decade, North Korea has accumulated over $6.7 billion in illegal cryptocurrency earnings, with $2 billion of it stolen in 2025 alone. Hackers have shifted from targeting smart contracts to exploiting human vulnerabilities, while how they launder money increasingly involves China-based services as well, and personal wallet hacks have led to over $713 million in lost earnings solely from these techniques.

Despite these large-scale attacks, the rate in December dropped. PeckShield reported that losses had fallen 60% to $76 million, although several hacks still occurred, including a $50 million address poisoning scam, a $27.3 million private key leak, and a $7 million Christmas-day Trust Wallet exploit.

However, law enforcement has also taken action. In the US, a 23-year-old man from Brooklyn was recently charged with stealing $16 million from Coinbase users by phishing and social engineering. The thief, under the pseudonym “lolimfeelingevil,” posed as a Coinbase employee to coerce users into transferring money urgently.

Human error remains the weakest link

Despite the scale of recent attacks, the on-chain irony of a hacker losing funds due to his own unsecured contract serves as a reminder that basic operational mistakes remain one of the ecosystem’s biggest vulnerabilities.

Even as attackers adopt more advanced techniques, simple oversights such as leaving callbacks unprotected or contracts improperly configured continue to create opportunities for theft. In this case, the same lack of caution that enabled the initial exploit ultimately cost the attacker his gains.

2025 has been labeled a “year of extremes” in crypto, where even a small number of attacks yield huge profits.

Also Read: Bitfinex Hacker Walks Free: $10B Crypto Heist Ends in Early Release

Follow The Crypto Times on Google News to Stay Updated!