According to chain trackers and security feeds, the affected address shown on explorers as 0x0cdC…E955 lost roughly $21 million in stablecoins. Reports place about 17.75 million DAI among the stolen assets and about 3.11 million of a second stable token that some trackers list as MSYRUPUSDP.
Security firms including PeckShield flagged the incident as a private key leak, meaning the attacker gained direct control of the wallet’s signing key and moved funds without breaking a platform’s code.
Some of the moves were rapid. Large sum transfers were routed through one or more cross-chain bridges before arriving on Ethereum, where funds were shifted across multiple addresses. That routing made tracing harder, but chain monitors followed many of the hops.
Using contract addresses is the only precise way to follow funds on chain. Reports say the thief used bridges to obscure origin and then moved assets between a number of addresses, a step which complicates recovery efforts if the funds are not deposited to a centralized service.
Reports have disclosed that several outlets republished the same initial feed from chain-security groups, and no public identity for the actor has emerged. Numbers vary slightly across trackers, which is common when tokens are wrapped, rebranded, or shown differently by different explorers.
Security analysts point to broader figures showing over $1 billion in losses tied to private-key and credential-based incidents in recent years, underlining how common and costly these events remain.
Featured image from Bleeping Computer, chart from TradingView
