Bexo wallet issued a public warning to its users on May 28 after the platform detected what it described as irregular activity across several accounts. The notice was direct. Move your funds. Now.
The alert, posted on X by the official Bexo account, told users to transfer holdings to an external wallet while the team investigated. A second post followed almost immediately, walking users through specific recovery steps including importing seed phrases into MetaMask or Trust Wallet and sending funds to a fresh address.
The Numbers Behind the Drain
On-chain researcher mrwildcat7 put numbers to the damage. According to mrwildcat7 on X, at least 297 wallets were emptied across EVM-compatible blockchains within hours. The stolen funds funneled into a single address, 0x43D49AeF7aAf0Dcf015b20057C5346E092D66615, before being routed out through FixedFloat, a non-custodial swap service that requires no identity verification.
Nearly $500,000 gone. Ethereum took the worst hit.
Chain-by-chain data published by mrwildcat7 on X showed 230 Ethereum addresses drained for $494,737. Polygon lost $986 across 32 wallets. BNB Chain saw 38 addresses hit for $916. Arbitrum, Optimism, Scroll, Base, Linea, opBNB, and Flare all recorded losses too. Smaller amounts. Still gone.
The spread across ten separate chains is what stands out. A retail EVM holder running funds across multiple networks through the same wallet provider would have found every chain exposed at once.
One Address, Ten Chains
mrwildcat7 said the pattern points toward a “massive private key leak” tied to the wallet provider itself, not a smart contract exploit or a phishing campaign targeting individual users. When a private key is compromised at the provider level, every wallet generated through that provider becomes vulnerable regardless of which chain the funds sit on.
The Arkham Intelligence visualizer linked shows all flows in and out of the consolidation address. Assets moved in from ten chains. They left through FixedFloat.
FixedFloat has appeared in prior crypto theft post-mortems. It does not require registration and allows cross-chain swaps, which makes tracing and recovering funds significantly harder once they pass through.
Bexo has not named the root cause publicly. The investigation, according to the official posts, is ongoing. Users were pointed to the app, Telegram, and WhatsApp for further information.
What Comes Next for Affected Users
The wallet provider’s second post was a step-by-step guide: import the 12-word seed phrase into another compatible wallet, then send everything out to a new address immediately. Standard recovery protocol. But users who did not see the alert fast enough may have already lost access.
The risk the move does not fully address: if the seed phrase itself was part of the leaked data, importing it into MetaMask or Trust Wallet moves the funds to a wallet that may still be derivable by the attacker.
On-chain data as of publication shows the consolidation address remains active in the Arkham visualizer, with transaction history still visible across all ten chains.
