A large stablecoin theft hit the crypto space on Oct 10, 2025, when an attacker drained a single user wallet and moved the proceeds onto Ethereum. Based on reports, the loss is about $21 million. The event has drawn fresh attention to how one leaked secret can wipe out millions.
Stablecoin: Key Details Of The Theft
According to chain trackers and security feeds, the affected address shown on explorers as 0x0cdC…E955 lost roughly $21 million in stablecoins. Reports place about 17.75 million DAI among the stolen assets and about 3.11 million of a second stable token that some trackers list as MSYRUPUSDP.
Security firms including PeckShield flagged the incident as a private key leak, meaning the attacker gained direct control of the wallet’s signing key and moved funds without breaking a platform’s code.
#PeckShieldAlert A victim 0x0cdC…E955 lost ~$21M worth of cryptos on #Hyperliquid due to a private key leak.
The hacker has bridged the stolen funds to #Ethereum, including 17.75M $DAI & 3.11M $MSYRUPUSDP. pic.twitter.com/yZUMM6xL5f
— PeckShieldAlert (@PeckShieldAlert) October 10, 2025
How The Attack Appears To Have Happened
Based on reports, this was not a smart-contract flaw or a bridge bug. The stablecoin wallet’s secret key was exposed or taken. Once that happened, transfers could be signed and broadcast instantly.
Some of the moves were rapid. Large sum transfers were routed through one or more cross-chain bridges before arriving on Ethereum, where funds were shifted across multiple addresses. That routing made tracing harder, but chain monitors followed many of the hops.
Where The Money Traveled
Tracing shows the stolen stablecoins crossed chains and then were shuffled on Ethereum. Observers noted that token labels in explorers did not always match contract names, which can confuse quick summaries.
Using contract addresses is the only precise way to follow funds on chain. Reports say the thief used bridges to obscure origin and then moved assets between a number of addresses, a step which complicates recovery efforts if the funds are not deposited to a centralized service.
Gaps In The Public Record
Reports have disclosed that several outlets republished the same initial feed from chain-security groups, and no public identity for the actor has emerged. Numbers vary slightly across trackers, which is common when tokens are wrapped, rebranded, or shown differently by different explorers.
Security analysts point to broader figures showing over $1 billion in losses tied to private-key and credential-based incidents in recent years, underlining how common and costly these events remain.
Featured image from Bleeping Computer, chart from TradingView