Kelp DAO Attacker Transfers $175M in Ether Following Exploit
Key Takeaways:
- The Kelp DAO exploiter has moved $175 million worth of Ether, part of a larger $290 million theft.
- Funds were shifted to new blockchain addresses, suggesting an attempt at laundering.
- Arbitrum’s response includes freezing 30,766 ETH linked to the breach.
- Aave’s ETH V3 market resumes activity, but borrowing costs surge dramatically.
- Non-custodial platforms like THORChain and Umbra complicate fund tracing.
WEEX Crypto News, 2026-04-21 15:41:14
Movement of Stolen Ether After Kelp DAO Exploit
The attacker responsible for siphoning approximately $290 million from Kelp DAO has initiated the movement of 75,700 Ether, valued at roughly $175 million, evidently to launder the ill-gotten gains. Held in wallets flagged by Arkham and transferred in several large transactions on a Tuesday, these funds are now under scrutiny. A massive 25,000-ETH shift to a new address and over 50,700 ETH moved elsewhere highlight the calculated efforts to shroud these operations in anonymity.
Critique of LayerZero’s Security Protocols
The breach was facilitated through weaknesses in Kelp DAO’s use of the LayerZero-powered rsETH bridge, attributed to the reliance on a mono-path 1/1 decentralized verifier network (DVN). LayerZero had flagged this setup as a potential vulnerability due to its single point of failure—a glaring hole now punctuated by the attack.
Widespread Implications in DeFi Arenas
In the immediate fallout, Arbitrum’s security council preempted further asset loss by freezing 30,766 ETH related to the exploit in an intermediary wallet accessible solely via its governance. This decisive action underscores the integrated defense mechanisms within DeFi networks, but also highlights the lingering risks. Simultaneously, Aave bore the brunt, facing potential bad debt scenarios ranging from $123.7 million to $230.1 million, based on its incident analysis.
Fund transfers via non-custodial venues like THORChain—bypassing obligatory Know Your Customer (KYC) checks—underscore the sophistications in laundering schemes. Drawing on the narrative of the 2025 Bybit hack, where 83% of stolen Ether converted into Bitcoin went mostly through THORChain, the precedent for such moves further complicates recovery efforts.
Re-emergence of Aave’s Ethereum V3 Market
Post-freeze, Aave reopened its Wrapped Ether (WETH) reserves on the Ethereum Core V3 market, encouraging activity. Nevertheless, the halting of services across Ethereum Prime and other platforms persists, amid liquidity fears. Insights from DeFiLlama reveal a stark $10 billion drop in total value locked (TVL), reflecting cautionary withdrawals amid safety concerns.
Charting Future Risks and Outcomes
The uptick in Aave’s USDt borrowing rates from 3% to a staggering 14%—the highest since late 2024—reflects market volatility and reactive risk management. Fund outflows and fluctuating borrowing costs depict a DeFi space grappling with the ramifications of security breaches and the ensuing ripple effects.
[Place Image: Chart showing Kelp DAO Ether transfers over time]
FAQ
What triggered the Kelp DAO exploit?
The Kelp DAO exploit was prompted by vulnerabilities in its use of LayerZero’s rsETH bridge, particularly a single-point failure within its 1/1 decentralized verifier network.
How are non-custodial protocols involved in fund transfers?
Non-custodial protocols like THORChain and Umbra facilitate anonymous transactions without KYC checks, enabling laundered fund flows that evade regular monitoring systems.
How has Arbitrum responded to the exploit?
In reaction, Arbitrum’s security council froze 30,766 ETH to curb further misuse of funds, highlighting the importance of governance in protecting DeFi ecosystems.
What impact has the exploit had on Aave’s market activities?
While Aave reopened its WETH market, ongoing liquidity fears from the exploit have caused significant withdrawals and increased borrowing costs for the USDt market.
Can these exploited funds be retrieved effectively?
Retrieval is complex, especially when laundered through platforms like THORChain. However, tracing efforts continue, leveraging crypto forensic and governance controls.
[Place Image: Screenshot of Aave borrowing rate spike]
You may also like
What you bought on CEX is really not US stocks: Analyzing the 94% liquidation monopoly and the evaporation of equity under a five-layer pipeline
In such a crowded cross-border payment arena, where is the next stop for the future?
Why Is Bitcoin Down in 2026? What We Can Learn From 2022
The large models in the United States are moving towards closure in the name of security
From the white-haired stock god to the billionaire fund mogul, the smart people shorting Nvidia are all getting rich using the same framework
Morning Report | CoinEx becomes a key hub for Iran to evade sanctions, involving over $3.8 billion in funds; Kalshi seeks a new round of financing, with a valuation potentially rising to $40 billion
Global Launch: As predictions become the most scarce asset in the AI era, Manadia is defining the next generation of the value internet
Why do cryptocurrency projects always like to change their names?
Who is footing the bill for the $64 billion accounting frenzy?
I never expected that the first application of AI x Crypto would be in security auditing
What is your view on Binance's competitive advantages?
ETH has entered a non-consensus phase, and the turning point is approaching!
The shift in the cloud of the air: from despising stablecoins a year ago to the high-profile entry of capital today
The survival dilemma of small and medium exchanges behind the withdrawal anomalies exposed by AscendEX
Why Is Bitcoin Falling Below $60K? 5 Key Market Drivers Explained
Bitcoin has dropped sharply amid ETF outflows, Strategy stock weakness, AI stock rallies, and changing Fed expectations. Explore the key forces driving BTC’s latest correction and what traders should watch next.





