On February 21, 2025, when copyright workforce went to approve and indicator a routine transfer, the UI confirmed what appeared to be a authentic transaction Together with the intended destination. Only following the transfer of funds to the hidden addresses established from the malicious code did copyright workforce comprehend anything was amiss.