Kelp DAO Hacker Launders Nearly All Unfrozen Funds, Leaving Just $1.7M Traceable

01-Jun-2026 Crypto Economy

TL;DR:

  • The hacker behind the $293 million Kelp DAO exploit laundered nearly $220 million in stolen funds in just six weeks.
  • The funds were laundered in two stages: first through the Wasabi mixer into Bitcoin, then back to Ethereum via Tornado Cash.
  • A total of $71 million remains frozen by the Arbitrum Security Council. A court hearing in New York is still pending.

The hacker responsible for the Kelp DAO exploit of $293 million managed to launder approximately $220 million in stolen funds in just six weeks, according to data from Arkham and onchain analysts. The wallet linked to the attacker holds just $1.7 million in traceable funds, drastically reducing the chances of recovering the non-frozen assets.

According to onchain analyst Specter, the laundering process was executed in two stages. First, the funds were transferred to Bitcoin through the Wasabi mixer to obscure their trail. They then returned to the Ethereum network and were processed through the Tornado Cash protocol. This sequence was designed to make the assets virtually impossible to trace.

Kelp dao hacker arkham

Resolution on the Frozen Funds

The original exploit occurred on April 18, when the attacker stole 116,500 rsETH tokens from Kelp DAO, bringing the total losses from hacks in April to $630 million. Three days later, the Arbitrum Security Council froze $71 million of those funds. A governance proposal and a U.S. court order had previously approved the transfer of those assets to a multisig wallet controlled by Aave as part of the recovery process. The next hearing on the ownership of the frozen funds is scheduled for this Friday in New York.

The Impact of the Kelp DAO Exploit

The attack generated consequences that spread across the entire DeFi ecosystem. Losses from exploits in cryptocurrencies dropped to $68.3 million in May, a reduction of nearly 90% compared to April, according to security platform CertiK. However, the Kelp DAO incident prompted several protocols to review the security of their oracle providers.

CertiK DeFi Exploits

In the three weeks following the exploit, Solv Protocol and liquidity protocol Tydro migrated to Chainlink‘s cross-chain interoperability protocol (CCIP). Kelp DAO itself also migrated its rsETH token to Chainlink CCIP, moving away from the LayerZero-based bridge it attributed the exploited vulnerability to.

LayerZero, for its part, clarified that the exploit originated in a single point of failure in Kelp DAO’s implementation, which relied on a single LayerZero DVN as the sole verified route, despite warnings issued against that configuration.

Also read: Ripple Unlocks 1 Billion XRP in Scheduled June Escrow Release Worth $1.33B
Next
Author's Name
telegram Telegram Twitter Twitter Linkedin Linkedin Instagram Instagram
About Author Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc fermentum lectus eget interdum varius. Curabitur ut nibh vel velit cursus molestie. Cras sed sagittis erat. Nullam id ante hendrerit, lobortis justo ac, fermentum neque. Mauris egestas maximus tortor. Nunc non neque a quam sollicitudin facilisis. Maecenas posuere turpis arcu, vel tempor ipsum tincidunt ut.
Read More Articles by Author
WHAT'S YOUR OPINION?
Related News