Key Takeaways:
A wallet linked to the 2022 Pando Rings exploit spent 10 million DAI to buy 6,243 ETH at $1,602, its first on-chain activity since the hack.
The address, identified as 0x303…3d9F, executed the swap as ETH traded in the $1,543 to $1,602 range, according to Arkham Intelligence data.
The Pando Rings attack on Nov. 5, 2022, was an oracle manipulation exploit that drained $20 million to $22 million in ETH, BTC and EOS from the protocol on the Mixin Network. Some stolen assets were frozen with help from Mixin, but the wallet's ability to move 10 million DAI suggests a significant portion of the funds remained unrecovered.
The conversion of stablecoins into ETH represents a directional bet on price appreciation from the $1,602 entry point. With ETH trading near a 13-month low of $1,540 and only 30% of supply in profit, according to Glassnode, the position adds a potential overhang: a 6,243 ETH stash in a known exploiter wallet could introduce sell pressure if the holder eventually takes profits.
The transaction comes as Ethereum derivatives signal a risk-off regime. Perpetual futures funding rates turned negative, and $1.28 billion in leveraged long positions were liquidated across exchanges over five days, according to Coinglass data. The Deribit ETH put-to-call premium climbed to 3.7 times, reflecting elevated hedging demand.
Ethereum's total value locked fell to its lowest level since February 2024, DefiLlama data shows, with top applications including Spark, Ether.fi and EigenCloud posting double-digit TVL declines. The broader DeFi security backdrop remains strained: across 25 protocols, hacks at KelpDAO and Drift Protocol accounted for roughly $573 million in losses in April alone.
The Pando Rings exploit shows a persistent structural weakness in DeFi lending protocols that rely on oracle price feeds. The protocol suspended operations after the attack and never fully recovered.
This article is for informational purposes only and does not constitute investment advice.
