Pando Rings hacker moves $10M into ETH amid market dip
In brief
- Pando Rings exploit wallet converted $10M DAI to 6,243 ETH at $1,602 average price
- 2022 Pando Rings attack drained $20–$22M via oracle manipulation; operations halted
- Only partial stolen assets frozen; majority of funds remain unrecovered
Dormant Hacker Wallet Surfaces
The address 0x303…3d9F swapped 10 million DAI for 6,243 ETH at an average price of $1,602, marking the wallet's first significant activity in years. The timing appears deliberate. ETH prices had been trading in the $1,543 to $1,602 range when the transaction went through, placing the buy squarely in what most traders would call a dip.
Converting that stash into ETH represents a directional bet that Ethereum's price will climb from the $1,602 entry point. The move also suggests the hacker is willing to take on market risk, rather than simply liquidating stolen funds for stablecoins.
A Protocol That Never Recovered
The Pando Rings attack happened on November 5, 2022. It was an oracle manipulation exploit where the attacker manipulated the value of liquidity provider tokens, draining the protocol in the process. The attacker drained an estimated $20 to $22 million from the protocol, predominantly in ETH, BTC, and EOS.
In the aftermath, Pando Rings suspended operations entirely, and its products were put on hold. The project never restarted.
Some of the stolen assets were subsequently frozen with help from Mixin Network, but clearly not all of them. The $10 million swap proves it.
Unresolved DeFi Risk
Oracle manipulation attacks like the one that hit Pando Rings in 2022 remain a persistent threat across DeFi. Large movements of previously dormant stolen funds can sometimes precede sell pressure if the buyer eventually decides to take profits. Whether this hacker intends to hold, accumulate, or eventually dump remains unknown. But the fact that they could move $10 million at all underscores how incomplete the recovery efforts were.
For DeFi users and protocols, the lesson is clear. Even when exploits are identified and some assets frozen, dormant attackers can resurface years later with substantial capital still in hand.
Frequently asked questions
What was the Pando Rings exploit?
The Pando Rings attack occurred on November 5, 2022, and involved oracle manipulation where the attacker manipulated the value of liquidity provider tokens. The exploit drained an estimated $20 to $22 million, predominantly in ETH, BTC, and EOS. The protocol suspended operations entirely and never restarted.
Why does the hacker's ETH purchase matter?
The $10 million swap proves that a significant portion of the original stolen funds were never recovered or frozen, despite intervention efforts by Mixin Network. It also signals the hacker may be positioning for price appreciation or preparing to liquidate assets, which could create future sell pressure.
Are oracle manipulation attacks still a threat in DeFi?
Yes. Oracle manipulation attacks like the one that hit Pando Rings remain a persistent threat across DeFi protocols. The Pando Rings case demonstrates how incomplete recovery efforts can leave attackers with dormant capital that resurfaces years later.
