On March 22, 2026, on-chain data revealed significant movement from wallets associated with historical exploits of the Venus Protocol and the Resolv stablecoin project. According to reports from blockchain analyst Ember, entities behind these high-profile DeFi breaches have collectively placed $40.56 million into buy orders for Ethereum (ETH). This coordinated activity highlights a strategic shift as attackers transition stolen assets from various tokens into more liquid market leaders.
Strategic Swaps from Venus and Resolv Wallets
The activity involves two distinct groups of actors who have utilized decentralized exchanges to consolidate their holdings. The Venus Protocol attacker initiated a series of trades to offload various assets extracted during the protocol's previous security breach. By exchanging a basket of tokens, including Binance Coin (BNB), Bitcoin (BTC), and PancakeSwap (CAKE), the attacker successfully acquired 2,257.3 ETH, valued at approximately $7.72 million.
Simultaneously, the actor responsible for the exploit of the Resolv USR stablecoin executed a much larger transaction. This attacker utilized over-minted USR tokens—the native stablecoin of the Resolv ecosystem—to purchase 11,437 ETH. The total value of this specific acquisition is estimated at $32.84 million, representing the majority of the day's total buy pressure from these entities.
On-Chain Analysis of the Transactions
Monitoring tools indicate that these transactions were executed across several DeFi liquidity pools to minimize slippage and detection. The breakdown of the accumulated assets is as follows:
- Total ETH acquired: 13,694.3 ETH
- Combined market value: $40.56 million
- Primary assets liquidated: BNB, BTC, CAKE, and USR
- Analysis source: Ember On-chain Data Monitoring
These movements are often viewed by security researchers as a "cleaning" process, where attackers convert volatile or project-specific tokens into highly liquid assets like Ethereum to facilitate easier laundering or long-term storage.
The sudden influx of over $40 million in Ethereum buy orders from these addresses underscores the persistent challenge of managing stolen funds within the DeFi ecosystem. As these attackers consolidate their positions into ETH, cybersecurity firms and regulatory bodies continue to track the movement of these funds across the blockchain. This event serves as a reminder of the lasting impact protocol exploits have on market dynamics and the ongoing necessity for enhanced security measures in decentralized finance.
Frequently Asked Questions
Quick answers to the most common questions about this topic.
For educational purposes only. Nothing here constitutes financial or investment advice. Crypto markets are highly volatile — always DYOR before making any decisions.
Fact-checked per our editorial policy. We maintain strict independence from advertisers. Spot an error? Let us know.