UXLINK Hacker Moves $11M in Stolen ETH to DAI

Edgen Crypto·Mar 20 2026, 07:13

Share to

Share to

Copy link

Key Takeaways

The attacker behind the $44 million UXLINK exploit from September 2025 has begun actively laundering the stolen assets. This on-chain movement, involving the conversion of 5,496 ETH into 11 million DAI, signals a potential attempt to cash out and highlights the persistent challenge of tracking illicit funds through decentralized finance (DeFi) protocols.

Attacker Converts Assets: The individual behind the September 2025 UXLINK hack swapped 5,496 ETH for approximately 11 million DAI.
Original Hack Context: The fund movement stems from a multi-sig wallet compromise that resulted in a total loss of over $44 million for the UXLINK protocol.
Systemic Laundering Risk: This action reflects a broader trend where criminals use DeFi platforms to obscure the origin of stolen funds, complicating law enforcement and recovery efforts.

Hacker Converts 5,496 Stolen ETH to $11M in DAI

The perpetrator of the September 22, 2025 UXLINK exploit has initiated significant on-chain fund movements, converting 5,496 ETH into approximately 11 million DAI. This transaction, flagged by on-chain security analyst PeckShield, is a critical step in the laundering process for funds stolen from the protocol's multi-signature wallet, which originally resulted in a loss exceeding $44 million. Swapping volatile assets like ETH for a stablecoin like DAI is a common tactic for attackers to de-risk their holdings from market fluctuations and prepare for cashing out through exchanges or mixers. This activity renews negative attention on UXLINK's past security vulnerabilities and underscores the ongoing risk posed by the stolen assets.

Illicit Flows Highlight Systemic DeFi Vulnerabilities

This laundering attempt is not an isolated event but part of a persistent pattern where illicit actors exploit decentralized finance. Sophisticated criminals and state-sponsored entities increasingly use DeFi protocols and cross-chain bridges to obscure the trail of stolen digital assets, making recovery nearly impossible. The strategy mirrors tactics used in larger schemes, where funds from hacks or fraud are channeled through a complex series of swaps to break the on-chain link to the original crime. The UXLINK hacker's actions demonstrate how easily attackers can leverage the permissionless nature of DeFi to launder proceeds, posing a systemic challenge to security and regulatory oversight across the entire cryptocurrency ecosystem.