Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
No Result
View All Result
Home News Security & Hacks

Kelp DAO Exploit Aftermath: Hacker Launders $220 Million in Record Time, Recovery Hopes Nearly Vanish

Only a small fraction of the stolen funds remains traceable after the attacker rapidly moved assets through THORChain, Tornado Cash, and Bitcoin privacy tools following the $292 million Kelp DAO exploit.

Saravana Kumar Mahendran by Saravana Kumar Mahendran
June 2, 2026
in Security & Hacks
0 0
Kelp DAO Exploit

Created By Cryip

Share on FacebookShare on Twitter
MakeCryipCryippreferred onGoogle

The attacker behind the massive Kelp DAO bridge exploit has successfully laundered roughly $220 million of the stolen funds in just 45 days, effectively destroying any realistic hopes of recovering the unfrozen portion of the haul.

On-chain intelligence firms now report that roughly $220 million of the approximately $292 million stolen in the April 18 incident has been moved through advanced cross-chain privacy tools. Only around $1.7 million remains visibly linked to the original exploiter wallets, effectively closing the window for meaningful asset tracing on that slice of the haul.

The operation stands out not just for its scale but for the speed and sophistication with which the funds were dispersed. Security researchers continue to attribute the attack with high confidence to TraderTraitor, a subgroup under North Korea’s Lazarus ecosystem, the same actors linked to several other high-value exploits this year.

Anatomy of the Laundering Trail

Following the initial exploit, which targeted a weakened 1-of-1 verifier setup on Kelp DAO’s LayerZero-powered bridge, the attacker wasted little time. After Arbitrum’s Security Council took the unusual step of freezing $71 million worth of ETH shortly after the hack, the remaining funds were funneled aggressively into privacy infrastructure.

Analysts tracked large transfers, including a notable $175 million move across three fresh Ethereum wallets, followed by heavy usage of:

  • THORChain for swapping into Bitcoin
  • Wasabi CoinJoin for Bitcoin-level privacy
  • Tornado Cash for Ethereum mixing cycles
  • Umbra and other obfuscation protocols

This multi-layered approach caused temporary spikes in volume on these platforms and highlights how state-linked actors are increasingly comfortable operating across chains to evade detection.

Related Story

Airbnb CEO Brian Chesky Confirms X Account Hack After Fake Crypto Thread

Airbnb CEO Brian Chesky Confirms X Account Hack After Fake Crypto Thread

July 17, 2026
Summer.fi to Wind Down After $6.04 Million Vault Exploit

Summer.fi to Wind Down After $6.04 Million Vault Exploit

July 16, 2026

The $71 million still frozen on Arbitrum remains the only significant recoverable amount, though even that faces complications from ongoing legal claims, including forfeiture actions tied to prior judgments against North Korean entities.

Protocol Recovery vs On-Chain Reality

While the laundering arc appears largely complete for the unfrozen funds, Kelp DAO and its partners moved quickly on the protocol side. Through a coordinated effort dubbed “DeFi United,” involving Aave, EigenLayer, Karak, and others, the team restored the majority of user rsETH positions. The protocol also migrated its bridging to Chainlink’s CCIP for stronger security.

LayerZero, for its part, released a detailed incident report in May, in collaboration with Mandiant and others, confirming the configuration downgrade that enabled the attack and announcing that it would no longer support single-verifier setups.

Yet these measures, while protecting users from further immediate losses, do little to claw back the laundered capital now scattered in the shadows of the blockchain.

What This Means for DeFi

The Kelp DAO case adds to a troubling pattern in 2026: sophisticated actors exploiting bridge weaknesses and rapidly converting gains into untraceable forms. With North Korean groups reportedly responsible for a large share of this year’s exploit volume, the industry faces renewed pressure to balance innovation with robust security architecture.

For builders, the message is clear: bridge configurations, oracle dependencies, and emergency response mechanisms need constant scrutiny. For users and investors, it serves as a reminder that while DeFi offers unprecedented opportunities, certain risks, especially around cross-chain infrastructure, remain stubbornly high.

As forensic teams and law enforcement shift focus toward broader sanctions-style interventions rather than wallet-by-wallet recovery, the Kelp incident may ultimately be remembered not just as a massive hack, but as a case study in how quickly nine-figure thefts can disappear in today’s privacy-enhanced crypto environment.

Disclaimer: Cryip is an independent media and research outlet providing news, data, and analysis on the cryptocurrency industry. Content is for informational and research purposes only and does not constitute financial, legal, tax, or investment advice. Cryptocurrency markets are volatile and past performance is not indicative of future results. References to specific assets, platforms, or incidents are for journalistic purposes only and do not imply endorsement, and readers assume full responsibility for their decisions.
Tags: Crypto Hacks

Related Posts

Airbnb CEO Brian Chesky Confirms X Account Hack After Fake Crypto Thread
Security & Hacks

Airbnb CEO Brian Chesky Confirms X Account Hack After Fake Crypto Thread

by Saravana Kumar Mahendran
July 17, 2026

Airbnb co-founder and CEO Brian Chesky has confirmed that his X account was hacked after unauthorized posts presenting a positive...

Read moreDetails
Summer.fi to Wind Down After $6.04 Million Vault Exploit

Summer.fi to Wind Down After $6.04 Million Vault Exploit

July 16, 2026
Ostium Keeps Trading Paused After $18 Million Oracle Exploit

Ostium Keeps Trading Paused After $18 Million Oracle Exploit

July 16, 2026
Cascade CLS Vault Incident Triggers Trading and Withdrawal Freeze

Polychain Backed Cascade CLS Vault Exploit Drains $1.34M in USDC

July 16, 2026
LayerZero-Linked Executor Wallets Suspected of Losing $2.4 Million Across Multiple Chains

LayerZero-Linked Executor Wallets Suspected of Losing $2.4 Million Across Multiple Chains

July 15, 2026 - Updated on July 16, 2026
Hacked SpaceXAI and Starlink Accounts Promote SCATMAN Token Before 73.7 ETH Sales

Hacked SpaceXAI and Starlink Accounts Promote SCATMAN Token Before 73.7 ETH Sales

July 13, 2026
Suspected Hedera DeFi Hack Moves $5.8 Million to Ethereum

Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera

July 11, 2026
Next Post
Solo Bitcoin Miner Wins Block 951771

Solo Bitcoin Miner Wins Block 951771, Earns Around $232,000 Reward With Home Mining Setup

EDGE Token Drops 70% as edgeX Investigates Abnormal Price Crash and Market Manipulation Claims

EDGE Token Drops 70% as edgeX Investigates Abnormal Price Crash and Market Manipulation Claims

Recommended

  • All
  • News
ESMA Adds 14 Crypto Firms to MiCA Register, Total Licensed CASPs Reach 294

ESMA Adds 14 Crypto Firms to MiCA Register, Total Licensed CASPs Reach 294

July 17, 2026
Argentina Traces LIBRA Funds Across Exchanges as Wallet Freeze Remains Unconfirmed

Argentina Traces LIBRA Funds Across Exchanges as Wallet Freeze Remains Unconfirmed

July 17, 2026
Bitcoin $DOG Mode Aims to Remove Bitcoin Core Relay Policy Limits

Bitcoin $DOG Mode Aims to Remove Bitcoin Core Relay Policy Limits

July 17, 2026
Dutch Crypto Platform Knaken Declared Bankrupt Over €7M Customer Fund Shortfall

Dutch Crypto Platform Knaken Declared Bankrupt Over €7M Customer Fund Shortfall

July 17, 2026
Dutch Crypto Platform Knaken Declared Bankrupt Over €7M Customer Fund Shortfall

Dutch Crypto Platform Knaken Declared Bankrupt Over €7M Customer Fund Shortfall

July 17, 2026
Venezuela’s USDT Trading Volume Reaches $1.39 Billion, Approaching Oil Export Scale

Venezuela’s USDT Trading Volume Reaches $1.39 Billion, Approaching Oil Export Scale

July 17, 2026
Citadel Securities Leads $400 Million Investment in Crypto.com, Valuing Exchange at $20 Billion

Citadel Securities Leads $400 Million Investment in Crypto.com, Valuing Exchange at $20 Billion

July 17, 2026
Airbnb CEO Brian Chesky Confirms X Account Hack After Fake Crypto Thread

Airbnb CEO Brian Chesky Confirms X Account Hack After Fake Crypto Thread

July 17, 2026

Cryip focuses on crypto research and on-chain analysis, supported by coverage of markets, regulation, security events, and blockchain ecosystems.

Recent Posts

  • SBI Holdings Completes Majority Acquisition of Singapore Crypto Platform Coinhako
  • ESMA Adds 14 Crypto Firms to MiCA Register, Total Licensed CASPs Reach 294
  • Argentina Traces LIBRA Funds Across Exchanges as Wallet Freeze Remains Unconfirmed

Categories

  • AI × Crypto
  • Data & Dashboards
  • DeFi Basics
  • Investing Basics
  • Market & Price
  • Market Updates
  • On-Chain Analysis
  • OpSec
  • Policy & Regulation
  • Post Mortems
  • Press Release
  • Reports
  • Scams & Fraud
  • Security & Hacks
  • Stablecoins
  • Tokenomics
  • VC & Funding
  • Wallets & Custody

Company

  • About Us
  • Contact Us
  • Editorial Standards & Integrity
  • Our Team
  • Privacy Policy
  • Review Methodology
  • Terms and Conditions
  • Trust, Disclosures & Independence

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.