Pando Rings hacker buys 6,243 ETH for $10M on dip

Published: 2026-06-07 19:48:44 |

A wallet tied to the 2022 Pando Rings exploit has become active again, executing a large crypto swap during a recent ETH price dip. On Jun. 7, 2026, address 0x303…3d9F traded 10 million DAI for 6,243 ETH at an average price of $1,602—its first major on-chain action since the hack. The timing is notable. Around the transaction, ETH was trading roughly between $1,543 and $1,602, meaning the Pando Rings hacker accumulated ETH near a local low. The article links this activity to the oracle manipulation attack on Nov. 5, 2022, where the attacker manipulated liquidity provider token pricing to borrow against inflated collateral. Pando Rings was reported to have lost an estimated $20–$22 million, mainly in ETH, BTC, and EOS, and then suspended operations. Some stolen assets were later frozen with help from Mixin Network, but the new swap suggests a portion of funds may still be outside recovery. Why traders should care: converting stablecoins (DAI) into ETH signals a directional bet that ETH will rise from the $1,602 entry. However, large movements from known exploiter wallets can also precede future sell pressure if the buyer later decides to realize profits—an outcome market participants have seen after similar “dormant wallet wakes up” events. Bottom line: watch this wallet and related exchange flows closely, as the Pando Rings hacker’s ETH position could influence short-term sentiment and volatility.

Neutral

This is likely market-neutral with a slight caution tone. On one hand, the Pando Rings hacker converted 10M DAI into 6,243 ETH near a local dip (around $1,602), which can be interpreted as a medium-term accumulation signal for ETH. That can reduce immediate selling pressure from these funds if the buyer is truly holding. On the other hand, the wallet is linked to a known 2022 oracle-manipulation exploit and was dormant for years. When dormant exploiter wallets wake up, history shows two common outcomes: (1) they accumulate/position first, then (2) later unwind into liquidity, often creating sell pressure and volatility—especially if withdrawals/exchange transfers follow. The article also notes that only part of the stolen assets were frozen, so the remaining balance can still drive future flows. Therefore, near-term impact is more about watchfulness than direction: traders should monitor ETH order-flow, potential exchange deposits, and broader risk sentiment around oracle/DeFi protocol exploits. Longer-term, it reinforces the persistent structural risk from oracle dependencies in DeFi lending/borrowing, which can weigh on confidence in similar protocols but doesn’t automatically create a sustained bullish or bearish trend for ETH itself.