Suspected hacker bought 11.59 million DAI worth of ETH.

CN
1 hour ago

On July 12, 2026, according to AiCoin data, two large almost simultaneous on-chain transactions suddenly triggered alarms in Ethereum: two wallet addresses abbreviated as 0x18B...E66 and 0x565...e55 were viewed by some analysts as controlled by the same entity, collectively utilizing about 11.59 million DAI in a short time to purchase 6,358 ETH directly from the open market, with an average transaction price around 1,823 USD. This type of action is eye-catching enough, and more sensitive is that Onchain Lens marked this batch of funds as a "suspected hacker-related fund" concentrated buying, sparking a chain of speculations about the source of funds. Subsequently, several crypto media outlets reported on the on-chain data and the alerts from Onchain Lens, but all explicitly pointed out that no project party, regulatory, or judicial body had provided official confirmation of the hacker's identity, nor was there public evidence indicating that these two addresses had been locked as accounts involved in a specific attack event. On the publicly traceable blockchain ledger, this high-profile purchase was completely recorded, and the community initiated discussions around potential money laundering paths, future selling risks, and the deterrent effect of on-chain transparency on suspicious funds, leading to a collective questioning of ETH's short-term sense of security in this controversy.

Two addresses acted simultaneously: DAI converted to ETH

Looking back along the on-chain records, the actions of 0x18B...E66 and 0x565...e55 appeared almost scripted in advance: during the same time period on July 12, 2026, both addresses successively pushed their respective holdings of DAI into transactions, ultimately converting approximately 11.59 million DAI into 6,358 ETH. The transaction data marked by Onchain Lens indicates that the average purchase price for this batch of ETH was roughly around 1,823 USD, closely aligned with the market price range of the day, showing no obvious signs of chasing high prices or deliberately suppressing prices; it resembled a concentrated purchase calculated in advance for slippage and depth.

It is noteworthy that on-chain analysts generally believe these two addresses are likely controlled by the same entity, which also changes the narrative of this transaction set: it is no longer a clever buy by two independent large holders, but more like a coordinated action by a single fund under different wallets. This behavior of concentrating a large amount of DAI to exchange for ETH in a short time, whether in scale or rhythm, far exceeds the fragmented order patterns commonly seen from ordinary retail investors or daily speculative trades, forming an abnormally prominent funding mark on the public ledger, becoming a noteworthy on-chain signal that deserves continuous observation on that day.

Hacker funds appear on-chain: concerns about selling pressure and money laundering speculations

This large purchase, coordinated by 0x18B...E66 and 0x565...e55 after being marked by Onchain Lens as "suspected hacker funds," quickly diverged into two narratives within the community. One viewpoint believes that exchanging 11.59 million DAI for 6,358 ETH is more like preparing for future cashing out: first concentrating on purchasing more liquid mainstream assets, then choosing an opportune time to sell in batches in the secondary market, or splitting to more addresses, continuing the historical trend of many attack events where "mainstream tokens are exchanged first, followed by multiple transfers" to reduce traceability. The other interpretation leans toward short-term risk-hedging logic, suggesting that regardless of whether the funds are truly related to an attack, during a window where the pressures of regulatory and project parties' investigations are unclear, temporarily holding tokens in ETH retains value while making it easier to decide later whether to continue holding, transfer across chains, or enter high-privacy tools.

However, despite the rising emotional climate, one fact has remained unchanged: on-chain analysts only refer to these two addresses as "suspected hacker funds," and multiple media have repeatedly used this terminology in reports, emphasizing that no confirmation has been obtained from law enforcement or project parties. What can currently be seen on the public ledger are the funding paths and holding structures, rather than identity anchors, with no evidence that can directly lock these two addresses as wallets involved in a specific attack. In this information vacuum, judgments about "money laundering" and "inevitable selling" remain speculative, and the only thing that can be confirmed is that the funds have indeed concentrated on ETH. If such a substantial amount of tokens chooses to sell in the open market in the future or quickly transition into high-privacy tools, it may not immediately cause violent price fluctuations, but it is sufficient to lower market risk appetite at the expectation level, prompting participants to reevaluate the structural risks that this funding may bring with each new on-chain movement.

Tracking tools lock onto suspicious addresses: a counterattack by transparent ledgers

Shortly after this transaction of about 11.59 million DAI sweeping 6,358 ETH was completed, Onchain Lens was the first to publicly identify the two core addresses—0x18B...E66 and 0x565...e55—along with the specific matching data for the average transaction price of about 1,823 USD, marking it as a concentrated buying behavior of "suspected hacker funds." The two nearly simultaneous large positions were compressed within the same time frame on the timeline, and the paths were clearly visible; the tool's important markings serve as a red circle on the blockchain: if these are indeed controlled by the same entity, then each subsequent transfer, split, or interaction with contracts will continue to expand this "suspicious funds" storyline on the public ledger.

The characteristics of blockchain are pushed to the forefront in such scenarios—all records of incoming and outgoing transfers, contract interactions, and cross-address moves are retained in an immutable form for the long term, making it impossible for any abnormal path to truly "erase traces," only being able to attempt to dilute readability through complexity. Historically, multiple on-chain analysis reports from attack events have been cited by law enforcement agencies to lock in funding flows, making tracking tools like Onchain Lens no longer just "spectator boards" but possessing potential evidential value at a practical level. It should be emphasized that, as of now, no regulatory bodies, judicial institutions, or project parties have publicly announced any specific measures against these two addresses, and media generally acknowledge that there is no official evidence of hacker identities or attack events, but they still regard this incident as a typical sample: in the absence of official actions, transparent ledgers combined with third-party tracking lay down a clue chain for potential judicial investigations and compliance risk control that can be revisited and expanded later.

What to watch next: price sentiment and regulatory signals

According to AiCoin data, this time the two addresses utilized about 11.59 million DAI to purchase 6,358 ETH around 1,823 USD, leaving only this concentrated transaction on-chain with no subsequent massive splits or cross-chain operations. This alone alerts the market: the narrative of a security incident and "buying mainstream large positions" is being layered on the same timeline. What truly warrants tracking moving forward is not whether the short-term market "strengthens due to hacker purchases," but whether 0x18B...E66 and 0x565...e55 continue to increase their holdings in ETH, start dispersing transfers to multiple new addresses, or initially interact with centralized platforms; these on-chain choices will directly impact the community's reassessment of their identity and motivations. Meanwhile, there is currently no public progress from regulatory or judicial levels, nor is there any systematic market analysis directly linking this purchase around 1,823 USD to subsequent price fluctuations. In the absence of official definitions, this should be viewed as a clear sample of risk education: all paths of large suspicious funds will be permanently recorded for future review, rather than simply categorized as clear negative or positive signals at this stage.

Join our community, let's discuss and become stronger together!
AiCoin exclusive Hyperliquid benefits: https://app.hyperliquid.xyz/join/AICOIN88
AiCoin exclusive Aster benefits: https://www.asterdex.com/zh-CN/referral/9C50e2
On-chain Telegram community: https://t.me/AiCoinWhaleData
On-chain community: https://www.aicoin.com/link/chat?cid=N6OVMor5g
AiCoin on-chain Twitter: https://x.com/aicoinwhaledata

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink