Articles
Crypto Market Analysis

Kelp DAO attacker moves $175M in Ether after exploit: Arkham

User Image

Oleh Anonim

Dibuat April 21, 2026|2 menit membaca
Main Image

The Kelp DAO attacker has moved $175 million of stolen Ether in an apparent bid to start laundering it after the $290 million exploit.

The attacker behind the roughly $290 million Kelp DAO exploit began moving tens of thousands of Ether to newly created blockchain addresses on Tuesday, in an apparent effort to start laundering the stolen funds.

The wallet tagged by Arkham as linked to the Kelp DAO exploit moved about 75,700 Ether (ETH) worth roughly $175 million across three transactions on Tuesday, including a 25,000 ETH transfer to one newly created address and transfers of 50,700 ETH and 0.7 ETH to another.

Blockchain investigator ZachXBT wrote in a Tuesday Telegram post that addresses tied to the exploit had begun moving funds through THORChain and Umbra. He flagged three THORChain transactions totaling about $1.5 million and a separate $78,000 transfer through Umbra.

On Saturday, an attacker drained about 116,500 restaked Ether (rsETH), worth roughly $290 million to $293 million at the time, from Kelp DAO’s LayerZero-powered rsETH bridge.

LayerZero said Kelp DAO’s 1/1 decentralized verifier network (DVN) setup created a single point of failure by relying on a single verifier path for cross-chain messages. LayerZero said it had previously advised against that configuration.

The transfers came hours after Arbitrum said its 12-member security council had taken emergency action to freeze 30,766 ETH tied to the exploit and move the funds into an “intermediary frozen wallet” accessible only through Arbitrum governance.

The exploit also hit other DeFi protocols, including Aave, where the attacker used the stolen funds as collateral to borrow against the protocol. Early estimates put the hole at about $195 million, but Aave’s Monday incident report later outlined two potential outcomes: roughly $123.7 million in bad debt under one scenario and about $230.1 million under another.

The transfers suggest the attackers had begun moving funds through non-custodial protocols that can complicate tracing and recovery. THORChain does not require traditional Know Your Customer checks.

During the $1.4 billion Bybit hack in 2025, attackers converted about 83% of the stolen Ether into Bitcoin (BTC), with 72% of the funds moving through THORChain, according to Bybit CEO Ben Zhou. Zhou said at the time that 77% of the stolen funds were still traceable.

Related: ZachXBT asks MemeCore to explain valuation and token supply

On Tuesday, Aave said it had unfrozen Wrapped Ether (WETH) reserves on the Ethereum Core V3 market, enabling users to supply WETH to the V3 lending protocol once again. However, WETH reserves across Ethereum Prime, Arbitrum, Base, Mantle and Linea remain frozen.

Meanwhile, the thinning liquidity saw Aave’s borrowing rates for USDt (USDT) rise from 3% to 14%, marking the highest figures since December 2024, wrote Julio Moreno, the head of research at analytics platform CryptoQuant, in a Monday X post.

Fears over a potential contagion caused significant outflows from Aave, as its total value locked (TVL) fell by about $10 billion since the exploit to $16.4 billion as of Tuesday, DefiLlama data shows.

Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express

Source: CoinTelegraph


Artikel lain yang baru-baru ini diterbitkan

Bitcoin’s BIP 110 fork deadline nears with miner support at zero
Bitcoin’s BIP 110 fork deadline nears with miner support at zero

Bitcoin

The BIP 110 proposal would cap arbitrary data on Bitcoin for a year, but Saylor, Adam Back and other...

Empery Digital shares rise after selling Bitcoin to fund AI data center project
Empery Digital shares rise after selling Bitcoin to fund AI data center project

Bitcoin

The sales come months after a major Empery shareholder demanded the firm ditch its Bitcoin treasury ...

Bitcoin bulls Michael Saylor, Adam Back slam BIP-110 Ordinals proposal
Bitcoin bulls Michael Saylor, Adam Back slam BIP-110 Ordinals proposal

Bitcoin

The ongoing debate comes despite a broad downturn in Ordinals transaction activity over the last two...

Lending protocol Bonzo loses 77% of value locked as $9 million oracle exploit rattles Hedera
Lending protocol Bonzo loses 77% of value locked as $9 million oracle exploit rattles Hedera

Crypto Market Analysis

Bonzo Lend lost approximately $9.05 million after an attacker exploited a verification flaw in a thi...

AI found an Ethereum bug that could take validators offline, but humans had to prove it
AI found an Ethereum bug that could take validators offline, but humans had to prove it

Ethereum

The Ethereum Foundation pointed coordinated AI agents at the software its validators run and got a r...

Bitcoin treasury company Empery Digital sold about half of its BTC stack
Bitcoin treasury company Empery Digital sold about half of its BTC stack

Bitcoin

It's a sign of the times as the troubled company swaps its bitcoin treasury ambitions for AI data ce...