Crypto trader and X personality Unihax0r lost +$200,000 on May 11 after someone drained two of his wallets across Ethereum, Base, and BSC. On-chain analysts think it was a private key leak linked to a Telegram trading bot.
“Just got drained or hacked for more than 200k. Sick to my stomach,” Unihax0r posted on X. He shared the attacker’s wallet address and asked people to help trace the funds.
Attacker swept three chains in under an hour
This wasn’t a smart contract exploit since there’s no malicious token approval.
On-chain analyst @k0braca1 looked at the transactions right after it happened and said it looked like a private key leak. The attacker “had full control over signing operations across multiple chains: Ethereum, Base and BSC.”
The drain took somewhere between 10 and 30 minutes. The biggest chunks were about $125,000 in $POD tokens on Base and $21,000 in $FHE on BSC, plus ETH and smaller positions. The attacker even sent a bit of ETH to the Ethereum wallet first to cover gas for sweeping the remaining token balances.
Hey bro, sorry this happened to you.
My quick assessment of what happened. The exploit looks like a private key leak rather than related to any malicious transactions, as the attacker has full control over signing operations across multiple chains: Ethereum, Base and BSC. It…
Both crypto wallets that got drained were created via a Telegram multichain trading bot called SIGMA. Unihax0r imported those wallets into GMGN, which is another Telegram trading tool, and Rabby Wallet.
Other wallets on Rabby and Jupiter were not drained since the SIGMA bot did not create them. This means that the SIGMA trading bot is the probable cause of this attack.
Investigators in the community have come up with a few ideas about what caused the theft of secret keys:
Telegram phishing through fake CAPTCHA bots that pop up when you use SIGMA.
Malware or infostealer infections.
Device compromise.
Malicious browser extensions.
Unihax0r said he checked his Telegram account and found no suspicious sessions, per Crypto Times.
The stolen crypto went to an externally owned account that the attacker controls.
The stolen crypto was transferred to an external wallet owned by the attacker. On-chain data shows the stolen tokens are already being mixed by the attacker.
Most of the assets are still sitting in the attacker’s wallets on Base. Community members and fraud tracking accounts have offered to help trace funds, but the odds of getting the money back are low.
Telegram bots are a structural weak point
Crypto losses connected to Telegram trading bots keep piling up. When a user generates wallets through Telegram bots, the private keys get created and stored within the bot’s infrastructure.
Security researchers from ForkLog warned about using Telegram bots to trade crypto. They explained that Telegarm bots “could potentially lead to asset losses and are not safeguarded against hacker attacks.”
Telegram bot scams have been ramping up. Web3 anti-scam platform ScamSniffer said Telegram group malware scams jumped by 2,000% between November 2024 and January 2025. Attackers use fake verification bots and phony group invitations to push malware that can access wallets and browser data.
Last September, Banana Gun, which is one of the most active Telegram trading bots, had 36 wallets exploited for 536 ETH. That was ~$1.9 million at the time. The bot went offline after that.
Ethereum recorded a major on-chain milestone in the first quarter of 2026 across its base layer activity. Data from Artemis shows the network processed over 200 million transactions, its highest quarterly total on record.
On a quarterly basis, this represents a 43% increase from 145 million transactions in the previous quarter ending late 2025. Quarterly activity previously bottomed near 90 million in 2023 before stabilizing through most of 2024.
What’s Driving Ethereum’s Activity Growth?
Growth was driven mainly by Layer 2 networks that process transactions off-chain and settle on Ethereum. Rollups such as Base and Arbitrum bundle activity, increasing recorded base-layer transaction counts significantly over time.
Alongside this scaling effect, stablecoin issuance also expanded, pushing total supply on Ethereum to about $180 billion in the quarter. These dollar-pegged tokens now support decentralized finance activity, payments, and remittance flows across the ecosystem.
Network-level efficiency also played a role. The Dencun upgrade reduced data costs for Layer 2 networks, limiting direct fee pressure on the Ethereum mainnet. As a result, higher usage did not translate into proportional gas fees or increased ETH token burns.
What This Means for Ethereum’s Next Phase
Despite stronger network activity, Ether price remains near $2,400, still more than 50% below its 2025 peak levels. Analysts note a growing divergence between on-chain usage and market valuation trends.
Some market observers view this gap as a sign of delayed pricing response to network fundamentals. Historical cycles suggest sustained on-chain expansion often precedes broader price recovery phases in crypto markets.
However, analysts caution that transaction growth may include automated stablecoin movements rather than new user adoption. This raises questions about how much of the activity reflects genuine economic demand on the network.
Future momentum depends on whether the network maintains over 200 million transactions into the second quarter of 2026, alongside continued stablecoin and Layer 2 activity. These factors will determine whether the current level of network usage is sustained or fades.
The broader question is whether strong on-chain activity will eventually translate into renewed long-term market strength. This uncertainty is amplified as Ethereum’s usage, scaling, and price trends continue to move in different directions.
Fhenix Brings Fully Homomorphic Encryption to DeFi — Private Smart Contracts on Ethereum, Arbitrum & Base
Privacy InfrastructureMar 19, 2026
Fhenix Is Making Private DeFi a Reality — Without Asking You to Switch Chains
Using Fully Homomorphic Encryption, Fhenix lets developers add on-chain confidentiality to Ethereum, Arbitrum, and Base smart contracts — a few lines of Solidity away from private lending, dark pools, and compliant institutional finance.
AA
Ashton Addison
Crypto Coin Show · Blockchain Interviews
Founder
Guy Itzhaki — ex-Intel TEE lead, co-founder Secret Network
Core Technology
Fully Homomorphic Encryption (FHE)
Supported Chains
Ethereum · Arbitrum · Base
Current Stage
● Testnet Live · Mainnet 2026
The Privacy Problem Hiding in Plain Sight
Every transaction on a public blockchain is visible to anyone with a browser. Open Etherscan, and you can trace wallets, balances, and strategies back to the genesis block. For retail users, that might feel abstract — but for institutional players, DeFi protocols, and enterprise payments, transparent ledgers are a non-starter.
That is the gap Fhenix is building to close. Founded by Guy Itzhaki, a former Intel executive who led the company’s Trusted Execution Environment (TEE) division, and the co-founder of Secret Network, Fhenix is developing what it calls the fastest privacy infrastructure for blockchain — powered by Fully Homomorphic Encryption (FHE).
If you want to bring real money, bring the large players in, see mass adoption — there needs to be a level of maturity that includes privacy. But not just privacy: it also includes compliance.
— Guy Itzhaki, Co-Founder & CEO, Fhenix
What Is Fully Homomorphic Encryption?
Most people understand encryption as a lock: you can encrypt data to hide it, but you have to decrypt it before you can do anything useful with it. FHE breaks that assumption entirely.
The term “homomorphic” comes from mathematics — it refers to preserving structure during transformation. In practice, FHE encrypts data in a way that retains enough mathematical structure for computation to happen on the ciphertext itself. The result is decrypted only at the end, meaning no one — including the nodes processing the transaction — ever sees the raw data.
FHE has existed as a theoretical concept for decades, long regarded as too slow for real-world use. Itzhaki, who worked on hardware acceleration for FHE at Intel before leaving to co-found Fhenix, says the performance trajectory has changed dramatically — and that gap is exactly what Fhenix is engineered to close.
Privacy Approaches Compared
Technology
What It Does
Compute on Encrypted Data?
Trust Requirement
Zero-Knowledge Proofs
Hides identity / proves a statement without revealing it
No
Math-based
Trusted Execution Environments (TEE)
Computes in a secure hardware enclave
Partial
Hardware trust required
Fully Homomorphic Encryption (FHE)
Computes directly on encrypted data — no decryption needed
Yes
Pure math — trustless
From L2 to Co-Processor: Meeting Developers Where They Are
Fhenix did not start where it is today. The original architecture was an independent Layer 2 — another chain for developers to migrate to. Within months, the team recognized the strategic error: the market doesn’t need another L2. It needs privacy on the chains where developers already live.
The pivot led to what Fhenix now calls a co-processor architecture — or, more simply, Privacy as a Service. The Fhenix co-processor plugs into existing EVM chains (currently Ethereum, Arbitrum, and Base) and exposes a library developers can import directly into their Solidity smart contracts.
No new toolchain. No new language. No chain migration. Developers import a library, call encrypt and decrypt functions, and their contracts gain data confidentiality. Itzhaki puts the integration at roughly four lines of code for a basic private stablecoin implementation.
Use Cases Already in Development
With eight projects actively building on the testnet, early implementations span a range of confidential finance applications: private lending protocols, confidential payment rails, dark pools, and OTC settlement. Each addresses a category where on-chain transparency has historically been a dealbreaker for serious capital.
One of the most persistent objections to blockchain privacy tools is regulatory: if transactions are opaque, how do you enforce KYC and AML? Fhenix’s architecture directly addresses this tension.
Rather than giving users a binary choice between private and auditable, Fhenix’s smart contract framework lets developers define programmable disclosure conditions. A regulator or auditor can be granted access to specific transaction data only when predefined criteria are met — without the protocol itself ever holding or exposing a master key.
This is what Itzhaki calls KYT — Know Your Transaction — a compliance primitive built natively into the privacy layer.
Institutional players still want KYC. They still want AML. You need a solution flexible enough to give them the privacy levels they need — but that doesn’t open the door for regulators to walk in and say this isn’t what we need.
— Guy Itzhaki, Fhenix
Private Stablecoins: A Dual-Mode Future
One concrete product demonstration Fhenix has already shipped is a dual-mode stablecoin framework. Rather than issuing a purely private stablecoin — which would be incompatible with most existing DeFi yield applications — Fhenix’s model allows issuers to deploy a token that users can toggle between private mode (for transfers and balance privacy) and public mode (for composability with yield-bearing protocols like lending markets).
Asked whether this could be applied to USDC or USDT, Itzhaki confirmed that Fhenix is actively in conversations with major stablecoin issuers. The technical lift, he says, is surprisingly minimal.
Why Privacy Is Having a Moment in 2026
After spending years defending privacy as a legitimate need rather than a criminal one, Itzhaki sees three structural forces finally converging:
1. Stablecoins found product-market fit. Payments with stablecoins are a real use case. Real payments demand real privacy — the question becomes obvious once money starts moving seriously.
2. Institutions are arriving with a different set of requirements. JP Morgan, Robinhood, and others entering the space are not coming with a cypherpunk ethos — they’re coming with compliance departments. Privacy infrastructure that satisfies both camps is now a prerequisite, not a nice-to-have.
3. AI agent payments are early but accelerating. The emerging narrative around agent-to-agent micropayments on stablecoin rails points toward a future where machine-speed transactions carrying confidential business logic will require privacy at the infrastructure level. Fhenix already shipped a private implementation of the x402 AI payment standard roughly three months ago.
Roadmap: Testnet Now, Mainnet by Year-End
Fhenix is currently live on testnet across Ethereum, Arbitrum, and Base. A new SDK version was shipping at the time of this writing, described by Itzhaki as a major improvement in developer experience and performance. Mainnet is targeted for later in 2026, with significant engineering work focused on security hardening and production-grade performance.
Parallel to the engineering path, Fhenix is running a builder program, a planned buildathon, and active outreach to established DeFi protocols. The team also recently co-hosted an open house with Arbitrum in New York, where projects building on Arbitrum explored FHE integrations in real time.
Developers can access documentation, SDK downloads, and testnet resources at fhenix.io. The DevRel team is available for direct support.
Stay in the loop
Follow Fhenix on X for the latest on private DeFi
SDK updates, mainnet progress, buildathon announcements & more — straight from the team.
