On June 22, 2026, a wallet that had been "playing dead" on-chain for about three and a half years suddenly woke up. According to AiCoin data, the address 0xff57...5d22, which has long been viewed by multiple on-chain analysts as related to the HashFlare fraud case, transferred approximately 10,600 ETH in batches within a few hours, estimated to be nearly $18.5 million at that time, while the total scale of the HashFlare case was about $575 million. This sudden and concentrated substantial movement shattered years of silence where no large transactions occurred from the relevant address, and the community quickly labeled it as a "revival of zombie funds." Currently, the core suspense surrounding this stolen money has resurfaced: is this a new round of more covert asset laundering by the operator, or has it opened an extremely brief window for tracking and recovering for victims and law enforcement?
From Cloud Computing Myth to Huge Stolen Funds
If we rewind to before the incident, HashFlare was packaged as a seemingly decent and modern "cloud computing investment story": under the banner of remote mining and lowering barriers, it raised funds from global users, and was seen by many participants as the first ticket to entering the crypto world. It wasn’t until multiple national regulatory and judicial bodies determined it constituted a large-scale crypto investment fraud case that the story's true nature was revealed—an estimated $575 million was involved, with victims worldwide numbering in the thousands, and the impact on the trust system for retail and small-to-medium investors far exceeded the apparent financial losses themselves.
As the case gradually came to light, a number of wallet addresses linked to HashFlare were marked by on-chain analysts, and the current focus on the address 0xff57...5d22 has been categorized as part of the "tail end of stolen funds" in this case. For a long time, such addresses had mostly turned dormant, and 0xff57...5d22 had seen almost no significant large transactions over approximately 3.5 years. The sudden transfer of about 10,600 ETH is just a small piece of the puzzle in a larger case, but it reignited interest in a case many had considered "settled." For victims still awaiting results and observers interested in the case, the reactivation of this long-dormant wallet in itself serves as a clear warning: the enormous stolen funds have not truly disappeared; they have merely been buried deep in the corners of the blockchain, potentially ready to be brought back into the spotlight at any unsuspecting moment.
Movement of 10,600 ETH Across Chains
On June 22, the long-sleeping 0xff57...5d22 was like a sudden start button being pressed, as it initiated multiple transfers densely within a few hours, cumulatively moving about 10,600 ETH in batches, estimated at around $18.5 million that day. The transfers were not a one-time "liquidation," but were divided into multiple independent transactions, tight and restrained in rhythm, avoiding excessive visibility on a single transaction level, while achieving the major large transfers within the same day, minimizing exposure on-chain.
Multiple media outlets following these transaction paths discovered that some of the withdrawn ETH was processed on Ethereum via HiFiSwap for the first step of "preprocessing" assets, and subsequently leveraged the Intents feature of Near Protocol to further transfer from Ethereum assets to Bitcoin assets. Reports also mentioned that these cross-chain assets were directed towards instant exchange services for rapid conversion. This combination of "on-chain splitting – cross-chain conversion – instant exchange" has been considered a typical template with money laundering suspicion by many analysts. It is worth highlighting that public information has not disclosed the specific name of the instant exchange platform involved, nor is there any on-chain evidence that can confirm where the funds ultimately settled or whether they entered a centralized trading platform, causing the entire path to become increasingly opaque after the midpoint, leaving behind an on-chain narrative artificially interrupted.
Awakening of Zombie Funds: The Battlefield of On-Chain Tracking
From a risk control perspective, the sudden transfer of approximately 10,600 ETH from 0xff57...5d22 on June 22, 2026, is first classified under a familiar label—"awakening of zombie funds." According to publicly available on-chain records, this address, viewed by multiple analysts as related to the HashFlare case, had seen almost no large movements for about 3.5 years, essentially appearing "frozen" intentionally. Because of this long period of silence, those transactions that were densely transferred in a short span were automatically amplified on the radar of monitoring systems and analysts, becoming a crucial starting point for judging potential money laundering paths and completing the funds map of the old case.
On-chain analysts like ZachXBT are acting along this line of thought: aligning the latest transfers with historical transaction records, then combining them with addresses tagged years ago, to reinsert this anomaly back into the narrative of the HashFlare old case. His publicly displayed transaction screenshots and path summaries on social media allow anyone to retrace the mid-path from 0xff57...5d22 to HiFiSwap, then to Near Intents through a block explorer. The transparency of the on-chain ledger is maximally utilized here—every amount, every jump is visible to the public. However, transparency does not equate to visible identity: who exactly is behind the address, whether it enters a custodial account after multiple hops, and where the funds ultimately consolidate remain obscured by the "black box" of the real world, often only revealed when law enforcement intervenes and retrieves platform KYC records. For market participants, what can be confirmed at this moment is merely that a zombie fund related to the old case has been reawakened, and where it will ultimately head remains a highly uncertain open question.
The Role of Cross-Chain and Intents in the Money Laundering Chain
Looking ahead along this re-lit path, we find that it falls within the most efficient entire set of "legitimate tools" in today's multi-chain world: cross-chain bridges, Intents routing, and instant exchange services. Multiple media sources have mentioned that part of the ETH transferred from 0xff57...5d22 was first processed on Ethereum via HiFiSwap, and then shifted from Ethereum asset positions to Bitcoin assets through the Intents function of Near Protocol. For regular users and institutions, the original intent of such tools is obvious—to quickly complete asset exchanges and routing across different public chains, bypassing complicated and inefficient manual cross-chain processes, especially under the premise that the Bitcoin chain lacks rich smart contract functionalities, often relying on cross-chain and third-party services for asset structural adjustments.
Because of sufficient efficiency, this multi-chain, multi-service hop from Ethereum to Bitcoin to instant exchange services has also been viewed by many media outlets and analysts as "highly suspicious": on one end is a large address bound to an old case, dormant for 3.5 years, and at the other end is an instant currency exchange channel with varying levels of identity verification, interspersed with multiple hops across chains and contract interactions, which objectively facilitates elongating the path on a public blockchain, diluting readability on a single chain. Of course, there is currently no evidence that HiFiSwap, Near Intents, or related instant exchange services actively participated in illegal activities; they remain neutral infrastructures, but their open and automated characteristics may be inherently misappropriated by criminals. The real pressing question for these protocols may not be the moral inquiry of "whether there is guilt," but rather the regulatory pressure of how to balance efficiency and scrutiny in the future—and whether regulators will shift focus from single-chain tracking to the entire cross-chain intent network itself.
The Next Act in the Game of Recovery Hopes and Regulation
For victims of HashFlare, the sudden withdrawal of approximately 10,600 ETH from 0xff57...5d22 on June 22, 2026, resembles a long-lost coordinate: at least it proves that portion of the stolen funds is still flowing on-chain, rather than being without a trace; for market participants and compliance agencies, this also serves as an open "anti-money laundering practical lesson," placing HiFiSwap, Near Intents, and instant exchange services under scrutiny. However, the reality of recovery remains extremely grim—HashFlare involves about $575 million, and this movement of approximately $18.5 million is just a fraction of that, and as of now, no clear asset freezing or recovery progress has been publicly disclosed; visibility on-chain does not equate to the ability to smoothly retrieve assets within the legal framework. Historically, many fraud cases have only been reexamined years later due to on-chain asset movements, but whether this will be replicated in HashFlare depends on several key signals to come: first, whether more marked related addresses will be "awakened," forming a more complete funds migration map; second, whether compliance announcements from exchanges or related service providers will occur, such as risk control interceptions, account restrictions, or cooperation in investigations; third, whether regulatory and law enforcement agencies can provide public notices or freezing decisions, allowing the current on-chain clues around 0xff57...5d22 to evolve from community tracking to genuine progress in judicial proceedings.
Join our community to discuss together and become stronger!
Exclusive Hyperliquid benefits for AiCoin: https://app.hyperliquid.xyz/join/AICOIN88
Exclusive Aster benefits for AiCoin: https://www.asterdex.com/zh-CN/referral/9C50e2
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
