The perpetrator behind the security breach of the UXLINK social infrastructure protocol has initiated a large-scale liquidation of stolen assets. On March 20, 2026, on-chain monitoring data revealed that the attacker converted 5,496 Ethereum (ETH) into approximately 11.82 million DAI stablecoins within a single hour. This movement follows a major exploit that occurred six months prior, signaling a new phase in the attacker's attempt to obfuscate and exit their illicitly gained positions.
Details of the Multi-Million Dollar Liquidation
According to data provided by Onchain Lens, the transaction sequence was executed rapidly to minimize slippage and avoid potential freezing of assets. The attacker utilized decentralized exchange (DEX) aggregators to swap the ETH holdings for DAI, a decentralized stablecoin pegged to the US dollar. By moving into a stablecoin like DAI, the malicious actor likely aims to preserve the value of the haul against market volatility while preparing for further laundering through privacy protocols.
- Asset Sold: 5,496 ETH
- Asset Received: 11.82 million DAI
- Timeframe: Approximately 60 minutes
- Current Status: Funds remain in the attacker's controlled wallet address
The UXLINK Security Breach Context
The origins of these funds trace back to a critical security failure on September 22, 2025. During that incident, the attacker successfully gained unauthorized control over the project's multisig wallet, which is designed to require multiple signatures for transaction authorization. The breach resulted in the theft of over 12 million dollars in various digital assets. Multisig vulnerabilities often stem from compromised private keys or social engineering attacks targeting key holders.
The recent movement of funds has alerted security firms and exchanges globally. Security analysts note that the rapid conversion of such a large volume of ETH suggests the attacker is closely monitoring the market liquidity to maximize their returns. The UXLINK team and relevant law enforcement agencies have been tracking the associated wallet addresses since the initial exploit, though the decentralized nature of the Ethereum blockchain presents significant challenges for asset recovery once funds are moved into decentralized stablecoins.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.