A wallet labeled by on-chain monitors as tied to the UXLINK exploit has swapped 5,496 ETH for about 11 million DAI, renewing attention on one of the more damaging multisig wallet breaches from last September. The latest movement was flagged in a PeckShieldAlert post on X, which identified the address as an exploiter-linked wallet.
The move matters less because it is new theft and more because it suggests the attacker is still actively managing stolen inventory. Converting a large ETH position into DAI usually points to a defensive objective: reducing market exposure, simplifying storage and making the funds easier to route through later stages of laundering.
ETH is liquid, but it is also volatile. DAI offers a more stable unit of account for an exploiter trying to preserve value while avoiding further price swings. In practice, that means the latest swap looks more like treasury management by the attacker than a one-off liquidation headline.
This is also not the first time the same exploit-linked funds have been repositioned. Earlier this year, wallets tied to the same incident swapped 248 WBTC for about 23 million DAI, showing a consistent pattern of converting volatile stolen assets into dollar-linked liquidity rather than immediately cashing out all holdings at once.
That pattern matters for traders and investigators alike. It suggests the exploiter is working through inventory in phases, which can reduce market impact while making the trail harder to follow across venues and chains.
The original UXLINK attack started when its multisig wallet was compromised, allowing the attacker to manipulate control and move assets out of the project. The direct asset drain was widely tracked at around $11.3 million, including stablecoins, ETH and other tokens.
But the broader damage grew well beyond that number. UXLINK later acknowledged that tokens purchased after Sep. 22 at 02:55 PM UTC may have been stolen and illegally unlocked or sold by hackers, or illegally minted through contract manipulation, as described in the project’s migration and compensation documentation.
That distinction helps explain why some market summaries put total damage above $44 million even though the directly drained treasury assets were lower. The breach was not only about funds leaving a wallet. It also involved token manipulation, secondary-market fallout and a forced migration to a new contract.
The attack pushed UXLINK into a broader remediation effort. The project later opened an on-chain migration portal, set up a 1:1 token swap for eligible holders, and said the new contract locked the max-supply function at the code level while removing vulnerable features from the old setup.
This shows how expensive multisig failures can become once they spill into token supply and market structure. A treasury loss can be painful on its own. A treasury loss combined with unauthorized minting and exchange disruption becomes a much larger operational crisis.
The latest 5,496 ETH conversion does not appear to be a new exploit. It looks like a continuation of post-hack fund management by the original attacker.
That still matters for the market. Large exploit-linked swaps into stablecoins can signal that stolen funds remain under control and are being prepared for future movement through OTC desks, mixers, bridges or secondary wallets. They also keep an old security incident relevant months after the initial breach, especially when the affected project had to overhaul its token contract and compensation process.
The post UXLINK Exploiter Swaps 5,496 ETH for DAI as Stolen Funds Keep Moving appeared first on Crypto Adventure.
