An exploit-linked wallet converted compromised assets into 18,510 ETH and 1,548 BNB, according to on-chain tracking data shared by WuBlockchain citing Lookonchain on June 9, 2026. The ETH was valued at approximately $30.83 million at the time of the swap, with the BNB worth about $924,000. The conversion reflects a common post-exploit pattern where attackers consolidate stolen tokens into highly liquid assets before potential bridging or mixing, though wallet labels are based on third-party on-chain monitoring rather than law enforcement confirmation. The attacker still holds 111.36 million H tokens valued at roughly $14 million, per the same tracking data.
Exploit Wallet Converts 18,510 ETH and 1,548 BNB
WuBlockchain reported that the wallet, identified through on-chain tracking by Lookonchain, sold compromised "H tokens" to obtain 18,510 ETH and 1,548 BNB. The ETH portion was valued at about $30.83 million at the time of the conversion, while the BNB totaled roughly $924,000. The attacker retains 111.36 million H tokens, which Lookonchain stated are worth approximately $14 million and could be sold at any time, though on-chain liquidity has nearly been exhausted according to the tracking alert.
The conversion amounts were published in a June 9, 2026 X post by WuBlockchain, which cited Lookonchain's monitoring. Wallet attribution is based on third-party on-chain analysis rather than a direct statement from law enforcement or the affected protocol.
ETH and BNB Chosen for Liquidity and Traceability
The source noted that post-exploit wallets often move from illiquid or easily traceable tokens into deeper, more liquid assets. ETH and BNB both offer greater liquidity than many smaller exploit tokens, making them common destinations for fund consolidation. Large post-exploit swaps can create pressure on the assets being sold if liquidity is thin, and they provide investigators and security researchers with fresh transaction paths to monitor.
The article stated that blockchains make these movements visible, but not always simple to interpret. A wallet can be tracked in real time, while the identity of the controller may remain uncertain. Security teams watch these conversions because funds that remain in the original exploit tokens may be easier to freeze, blacklist or trace through specific pools, whereas value converted into highly liquid assets and split across chains can complicate recovery.
On-Chain Tracking Based on Third-Party Labels
The figures represent a snapshot rather than a final recovery or loss estimate, according to the source. Exploit-linked wallets can split funds quickly, move assets across chains or use intermediate addresses that complicate tracing. The source emphasized that the best framing is a data-focused look at how stolen funds are being consolidated, rather than speculation about who controls the wallet.
On-chain monitoring accounts such as Lookonchain and WuBlockchain remain widely followed during security incidents because they can surface wallet activity before a full forensic investigation is published, though they do not replace official incident reports. The source included a note that wallet labels and exploit attribution are based on third-party on-chain monitoring rather than a direct law enforcement statement.
FAQ
What amounts did the exploit wallet convert on June 9, 2026?
The wallet converted compromised assets into 18,510 ETH (valued at approximately $30.83 million) and 1,548 BNB (worth about $924,000), according to WuBlockchain citing Lookonchain on-chain tracking.
How are exploit wallets identified in this case?
Wallet labels and exploit attribution are based on third-party on-chain monitoring by Lookonchain, not direct law enforcement confirmation. The identity of the wallet controller remains uncertain, though transaction flows are visible on-chain.
