A dict_derived confidence hit means KeyAudit's dictionary-derived generator produced the same address-hash as yours by iterating over weak brain-wallet seeds. This does **not** imply stolen credentials — only that your address is theoretically derivable from a low-entropy passphrase, not that anyone actually accessed your keys.

If your wallet uses a strong BIP-39 mnemonic (not a brain-wallet) or a high-entropy passphrase, a dict_derived hit is a false positive. The address collision stems from the same ECDSA derivation path matching a common password — a structural coincidence, not a security breach.

Treat dict_derived as a cryptographic test, not an incident alert. To confirm actual exposure, check for a higher-confidence tier like confirmed_stolen or sanctioned. For BIP-39 wallets, ignore dict_derived unless you intentionally used a brain-wallet with a weak password.