However, there are a few commonalities among the victims: Most of the attacks have occurred on the weekend, and has the exploiter swapping assets within a victim’s wallet for ETH (often bypassing staked positions, non-fungible tokens and lesser-known coins), consolidating that ETH and then transferring it out. Often the attacker has gone back hours, days or weeks after an initial attack to sweep remaining funds, Monahan said.