An Ethereum address identified by onchain investigators as tied to the HashFlare investment fraud moved 10,600 ETH, worth about $18.5 million, after sitting dormant for roughly three and a ha
An Ethereum address identified by onchain investigators as tied to the HashFlare investment fraud moved 10,600 ETH, worth about $18.5 million, after sitting dormant for roughly three and a half years.
The movement was flagged in a Telegram update from onchain investigator ZachXBT, with Cyvers credited for helping first identify the activity. The reported HashFlare address, 0xff575a22975cc413771825eb84c163189a4d5d22, sent the ETH in transaction 0xd0eafd5c03b24c2f54c579745cacbffe4c6df2d19973e55d52a5f40aa1d089e0.
The funds moved to two recipient addresses, 0xc82f007bb4096a47d14ed0d46ee8143d37539d04 and 0x3297a41f528345c3b97af8c6ffe1401cc07b2527. Investigators said the entity then began routing funds through HiFiSwap and NEAR Intents, moving value from Ethereum toward Bitcoin while also using two instant exchanges.
The fresh movement gives investigators a new trail from a case that had already produced one of the largest crypto-fraud forfeitures in U.S. history. It also fits a familiar pattern in old fraud-linked wallets: long dormancy, sudden movement, rapid routing through liquidity tools, and attempts to move across chains or assets before compliance teams can freeze obvious endpoints.
HashFlare was the cloud-mining platform operated by Sergei Potapenko and Ivan Turõgin. The U.S. Justice Department said the two men ran a massive cryptocurrency fraud scheme that victimized hundreds of thousands of people, with HashFlare customers buying mining contracts based on false representations about the company’s mining capacity.
The case later ended with both founders sentenced in August 2025. The Justice Department said Potapenko and Turõgin were sentenced to 16 months in prison, which they had already served, and that forfeited cryptocurrency, funds, vehicles, real estate and mining equipment were valued at more than $450 million.
The forfeited assets are set aside for a remission process to compensate victims. That makes any newly active address associated with the fraud especially sensitive because investigators, victims and exchanges are still focused on asset recovery and tracing.
The FBI’s victim-information page for the case lists HashCoins, HashFlare.io and Polybius as the three schemes tied to Potapenko and Turõgin, with HashFlare described as a crypto cloud-mining operation that sold SHA-256, ETHASH, Scrypt, DASH and ZCASH mining contracts to the public.
The reported routing through HiFiSwap and NEAR Intents suggests the entity was not simply moving funds from one cold wallet to another. Cross-chain swaps, intent-based execution and instant exchanges can be used to convert asset type, fragment flows, reduce direct Ethereum-only traceability and move proceeds toward Bitcoin.
That does not make those tools illicit by themselves. The issue is the provenance of the funds and the sequence of movement after years of inactivity. When an address attributed to a major fraud suddenly moves millions of dollars through swap and bridge-like routes, compliance teams usually watch for exchange deposits, BTC conversion points, OTC off-ramps and new wallet clusters.
The timing also lands during a busy run of old or dormant wallet activity. Separate Ethereum security incidents recently saw dormant wallets wake up empty, while investigators continue tracking how fraud proceeds move through stablecoins, exchanges and cross-chain rails in cases such as Argentina’s Fake Coins crypto fraud sweep.
The 10,600 ETH transfer reopens the HashFlare recovery trail years after the fraud case went quiet onchain, with investigators now watching the recipient wallets, HiFiSwap and NEAR Intents routing, and any instant-exchange deposits tied to the dormant address.
The post Dormant HashFlare Fraud Wallet Moves $18.5M In ETH After 3.5 Years appeared first on Crypto Adventure.
