Since draining Japanese crypto platform UXLINK six months ago (and losing a chunk of the proceeds), the hacker behind the attack has been trying to hit it big on-chain.
It’s not going great.
Blockchain analytics platform Arkham has been tracking the hacker’s trading history, highlighting recent ETH sales which brought them back to breakeven.
But given the market over the past six months, one could argue that breakeven is nothing to be sniffed at.
Read more: UXLINK goes from bad, to worse, to weird after hacker loses stolen tokens
The September attack unfolded in two stages. First, UXLINK’s multi-signature wallet was compromised and drained for $11 million worth of assorted crypto tokens.
Hours later, the project’s token contract, which had also been compromised, minted a billion tokens, with a theoretical dollar value in the nine figures.
The drama didn’t stop there, however. While dumping the UXLINK tokens, and cratering its price as liquidity depleted, the hacker fell for a phishing link, losing half the freshly-minted tokens.
Trading with house money
Since then, the hacker’s trading history shows swaps made mainly between the stablecoin DAI and WETH or WBTC.
Arkham’s profit and loss (PnL) calculations put the hacker’s cumulative PnL at $83,000 in the green.
While the gains are small, just 0.2% of the $36.6 million held in the wallets, it’s currently performing better than at any time since the hack.
PnL has been down-only, aside from brief periods of clawing back close to breakeven. But recent weeks have seen a sudden recovery from an all-time low of -$4.8 million in late February.
Read more: Venus Protocol hacker lost $4.7M after nine months of planning
Easy come, easy go
Hackers trading stolen funds have had mixed results in recent years.
Members of North Korea’s Lazarus Group traded the proceeds of 2024’s $50 million Radiant Capital attack, ending up $40 million in profit by last summer.
In October last year, a hacker who previously stole 400 bitcoins from a Coinbase user “panic sold” ether which they had bought with the ill-gotten gains.
During two crypto market crashes, a week apart, they realized a total of $10 million in losses.
Read more: Outdated algorithm caused $650M excess losses on Hyperliquid, report
A slightly more unsettling incident saw Lazarus-linked addresses liquidated for $500,000 on Hyperliquid in late 2024.
While some were happy to see the bad guys get wiped out, others were concerned the activity was testing for a potential future exploit.
Also on Hyperliquid, a wallet linked to the $30 million zKasino “rug pull” in April 2024 suffered a $27 million liquidation a year later.