A dormant wallet tied to high-profile DeFi exploits sprang back to life at the end of December, unloading more than $2 million in tokens and reigniting questions about the fate of stolen crypto.
What happened
- On Dec. 30, on-chain sleuths at Lookonchain flagged activity from Ethereum address 0x3EBF, which had been inactive for about a year.
- The address sold large holdings in a single burst: roughly 226,961 UNI (~$1.36M), 33,215 LINK (~$410K), 845,806 CRV (~$328K), and about 5.25 YFI (~$17.5K), along with smaller token balances that were also reduced.
Why this matters
- Wallet 0x3EBF has been linked to funds from two major DeFi incidents: the Indexed Finance manipulation in 2021 and the KyberSwap Elastic pool exploit in November 2023.
- Indexed Finance lost roughly $16.5 million after index pools were manipulated via flash loans and pricing distortions; the trader at the time argued the transactions were permitted by smart contract logic.
- KyberSwap’s Elastic liquidity pools were drained for nearly $49 million across multiple chains in 2023 after an attacker exploited how liquidity positions were calculated. The attacker later attempted to extort KyberSwap by demanding control in exchange for returning part of the haul.
- The wallet’s renewed activity — moving and selling large token parcels after a long dormancy — often signals either cash-out attempts by the original exploiter, movement through laundering chains, or transfers to third parties. On-chain patterns will be watched closely by analysts and law enforcement.
Legal backdrop
- In February 2025 U.S. authorities unsealed an indictment accusing 22-year-old Canadian Andean Medjedovic of carrying out both the Indexed and KyberSwap attacks. Prosecutors allege he laundered proceeds through mixers and cross-chain bridges and tried to pressure KyberSwap’s team after the exploit. Medjedovic remains at large.
Bigger picture: 2025 was a record year for crypto theft
- Industry tallies (Chainalysis full-year figures) estimate total crypto losses in 2025 between $2.7 billion and $3.4 billion.
- Unlike prior cycles dominated by DeFi hacks, most 2025 losses were linked to centralized platforms. More than $2 billion — roughly 60% of the total — is attributed to entities tied to North Korea.
- The biggest incidents included the $1.5 billion Bybit breach in February, plus major attacks on Cetus DEX ($223M) and Balancer ($128M).
- While the number of individual wallet compromises jumped dramatically to about 158,000 incidents, the average loss per victim fell.
What to watch
- Analysts will track whether the assets from 0x3EBF route through mixers, bridges, or OTC channels — patterns that could reveal liquidation strategies or links to other wallets.
- Continued on-chain transparency will be critical for tracing flows and for any law enforcement efforts to recover stolen funds.
This latest move underscores that even long-dormant wallets tied to past exploits can resurface — and that stolen crypto can re-enter circulation years after an attack.
Read more AI-generated news on: undefined/news
