The thread does not seem to say it was stolen from a cold wallet … the alleged victim is saying he/she *tried to send* to a fresh cold wallet and that is when the theft occurred. Everything I’ve seen (including the thread) suggests that the original wallet was some sort of low-entropy wallet, maybe a brain wallet, that was likely being monitored by multiple bots. My question would be why this wasn’t done before if there were multiple bots aware—or maybe that was just an assumption to ensure the thief was not rbf’d