On February 21, 2025, when copyright workforce went to approve and indication a schedule transfer, the UI confirmed what appeared to be a authentic transaction Along with the supposed destination. Only after the transfer of resources towards the hidden addresses set through the malicious code did copyright personnel recognize some thing was amiss.