On February 21, 2025, when copyright staff members went to approve and sign a routine transfer, the UI confirmed what appeared to be a respectable transaction Using the supposed vacation spot. Only following the transfer of funds to the concealed addresses established through the malicious code did copyright workforce recognize something was amiss