Kelp DAO Attacker Transfers $175M in Ether Following Exploit
Key Takeaways:
- The Kelp DAO exploiter has moved $175 million worth of Ether, part of a larger $290 million theft.
- Funds were shifted to new blockchain addresses, suggesting an attempt at laundering.
- Arbitrum’s response includes freezing 30,766 ETH linked to the breach.
- Aave’s ETH V3 market resumes activity, but borrowing costs surge dramatically.
- Non-custodial platforms like THORChain and Umbra complicate fund tracing.
WEEX Crypto News, 2026-04-21 15:41:14
Movement of Stolen Ether After Kelp DAO Exploit
The attacker responsible for siphoning approximately $290 million from Kelp DAO has initiated the movement of 75,700 Ether, valued at roughly $175 million, evidently to launder the ill-gotten gains. Held in wallets flagged by Arkham and transferred in several large transactions on a Tuesday, these funds are now under scrutiny. A massive 25,000-ETH shift to a new address and over 50,700 ETH moved elsewhere highlight the calculated efforts to shroud these operations in anonymity.
Critique of LayerZero’s Security Protocols
The breach was facilitated through weaknesses in Kelp DAO’s use of the LayerZero-powered rsETH bridge, attributed to the reliance on a mono-path 1/1 decentralized verifier network (DVN). LayerZero had flagged this setup as a potential vulnerability due to its single point of failure—a glaring hole now punctuated by the attack.
Widespread Implications in DeFi Arenas
In the immediate fallout, Arbitrum’s security council preempted further asset loss by freezing 30,766 ETH related to the exploit in an intermediary wallet accessible solely via its governance. This decisive action underscores the integrated defense mechanisms within DeFi networks, but also highlights the lingering risks. Simultaneously, Aave bore the brunt, facing potential bad debt scenarios ranging from $123.7 million to $230.1 million, based on its incident analysis.
Fund transfers via non-custodial venues like THORChain—bypassing obligatory Know Your Customer (KYC) checks—underscore the sophistications in laundering schemes. Drawing on the narrative of the 2025 Bybit hack, where 83% of stolen Ether converted into Bitcoin went mostly through THORChain, the precedent for such moves further complicates recovery efforts.
Re-emergence of Aave’s Ethereum V3 Market
Post-freeze, Aave reopened its Wrapped Ether (WETH) reserves on the Ethereum Core V3 market, encouraging activity. Nevertheless, the halting of services across Ethereum Prime and other platforms persists, amid liquidity fears. Insights from DeFiLlama reveal a stark $10 billion drop in total value locked (TVL), reflecting cautionary withdrawals amid safety concerns.
Charting Future Risks and Outcomes
The uptick in Aave’s USDt borrowing rates from 3% to a staggering 14%—the highest since late 2024—reflects market volatility and reactive risk management. Fund outflows and fluctuating borrowing costs depict a DeFi space grappling with the ramifications of security breaches and the ensuing ripple effects.
[Place Image: Chart showing Kelp DAO Ether transfers over time]
FAQ
What triggered the Kelp DAO exploit?
The Kelp DAO exploit was prompted by vulnerabilities in its use of LayerZero’s rsETH bridge, particularly a single-point failure within its 1/1 decentralized verifier network.
How are non-custodial protocols involved in fund transfers?
Non-custodial protocols like THORChain and Umbra facilitate anonymous transactions without KYC checks, enabling laundered fund flows that evade regular monitoring systems.
How has Arbitrum responded to the exploit?
In reaction, Arbitrum’s security council froze 30,766 ETH to curb further misuse of funds, highlighting the importance of governance in protecting DeFi ecosystems.
What impact has the exploit had on Aave’s market activities?
While Aave reopened its WETH market, ongoing liquidity fears from the exploit have caused significant withdrawals and increased borrowing costs for the USDt market.
Can these exploited funds be retrieved effectively?
Retrieval is complex, especially when laundered through platforms like THORChain. However, tracing efforts continue, leveraging crypto forensic and governance controls.
[Place Image: Screenshot of Aave borrowing rate spike]
You may also like
OpenAI Reveals It Has Confidentially Submitted an S-1 to the SEC, Keeping the Door Open for a Future IPO
On June 9, according to an OpenAI announcement, the company recently confidentially submitted a draft S-1 registration statement to the U.S. Securities and Exchange Commission (SEC), beginning the preliminary compliance process for a potential initial public offering. OpenAI said it chose to disclose this proactively because it expected the news might leak; however, the company has not yet set a specific listing timeline, and related arrangements may still take some time.
Latest research from 13 top universities including Cornell University: The current state, challenges, and misconceptions of the fusion of Crypto and AI
Deconstructing Anthropic: The Best AI Company, Possibly Also a Type of Organizational Invention
Apollo and Blackstone Reportedly Back $35 Billion Anthropic Chip Financing as Deal Details Remain Unclear
On June 9, according to currently available news alerts, Apollo and Blackstone Group participated in a $35 billion financing for an Anthropic “chip project.” Based on the original wording of the report, the funding has already been raised, but public information remains limited. The financing structure, use of proceeds, project entity, and whether Apollo and Blackstone participated through equity, debt, or project financing have not yet been disclosed.
Humanity Protocol Security Incident Escalates: More Than $31 Million Stolen From Related Addresses as Attacker Continues Selling H for ETH
On June 9, according to monitoring by Onchain Lens, more than $31 million has been stolen from addresses linked to Humanity Protocol, and the attack is still ongoing, with the hacker continuously swapping H tokens for ETH. Project founder Terence Kwok later confirmed the security incident on X, saying the issue involved a private key leak.
Bloomberg: As Bitcoin Weakens, Stablecoins and RWA Continue to Drive Expansion in Crypto Businesses
In June, Bloomberg reported that despite Bitcoin falling below $60,000 last week, wiping out about $235 billion in market value within seven days, and dropping close to 50% from last year’s peak, some core businesses in the crypto industry are still expanding, mainly in stablecoins, real-world asset tokenization (RWA), payments, and infrastructure. The report also noted that overall altcoin activity has contracted significantly: altcoin market capitalization has fallen from a peak of about $431 billion in November 2021 to around $170 billion, and among the tens of millions of tokens issued in recent years, fewer than 1,700 still maintain meaningful trading activity.
Galaxy Deep Research Report: How Hyperliquid's HIP-4 Upgrade Changes the Landscape of Prediction Markets?
Binance Research: RWA Market Expected to Expand Nearly 6x from Early 2025, with Public Equities and Onchain Payments Heating Up Together
In June, Binance Research said in its monthly market report that the real-world asset (RWA) market is expected to grow by about 589% from the beginning of 2025. Bond- and money market fund-related RWA expanded by about $6.5 billion, up 83% year over year, while publicly traded equity RWAs grew by about 422%. The report also noted that monthly crypto debit card transaction volume exceeded $747 million in May, up 48.6% year to date.
Japan to Assess a Framework for Yen Stablecoins and Crypto ETFs as Asia’s Compliant Payments Narrative Heats Up
Recently, according to the original report, Japan is considering the launch of yen stablecoins and cryptocurrency ETFs. Public information remains limited at this stage, and there is still no complete policy text, regulatory draft, or clear implementation timeline, so this is better characterized as a “policy discussion” rather than formal implementation. The original wording also noted that advancing stablecoin regulation in Asia is driving XRP usage and supporting growth in the XRPL ecosystem. However, based on currently available public information, there is not enough evidence to directly establish a clear causal relationship between this round of discussion in Japan and XRP or XRPL.
ZachXBT: Humanity private key leak and abnormal surge in H token should be viewed separately
On June 9, according to related disclosures, on-chain investigator ZachXBT posted an update on Humanity’s roughly $31 million security incident, saying that after further analyzing fund flows, he currently tends to believe the project team was not involved in an “inside job” or a self-staged attack. According to him, the official explanation about the private key leak was broadly accurate, but before the token unlock, the price of H had been artificially pushed higher, and the hacker later took advantage of that market environment; therefore, the private key leak and the earlier abnormal price pumping should be regarded as two separate and independent events. This reframing has shifted the market’s understanding of the nature of the incident. Earlier discussion around Humanity had focused on whether the team directly participated in the attack or used the security incident to cover up internal operations. ZachXBT’s latest remarks shift the focus from “whether it was self-theft” to “whether there were pre-unlock market structure issues.” He also questioned whether the team may have.
Morning Report | OpenAI has submitted an S-1 registration statement draft to the U.S. SEC; Morpho completes $175 million financing
Morning Report | BitMine increased its holdings by 126,971 ETH last week; trader Eugene announced his exit from the crypto market
Wang Chuan: How can one not feel anxious after the neighbor Old Wang made thirty times profit by investing in storage stocks? (Seven) - A quarter-century cycle
Cryptocurrency CEXs are flocking to sell US stocks, and traditional brokerages are facing an "uninvited guest."
$75 billion in foreign capital has fled, and South Korean retail investors have absorbed it all using leverage
Japan’s Three Megabanks Plan Joint Stablecoin Issuance in Fiscal 2026
MUFG, SMBC, and Mizuho reportedly plan to jointly issue fiat-pegged stablecoins in fiscal 2026, signaling Japan’s growing push into bank-led digital payment infrastructure.
Humanity Discloses H Token Dual-Chain Attack Details, With Losses on Ethereum and BSC Exceeding $36 Million
Humanity said the H token attack across Ethereum and BSC caused more than $36 million in losses after leaked ProxyAdmin keys enabled malicious contract upgrades and token minting.
White House Discusses CLARITY Act With Law Enforcement Ahead of Senate Vote
The White House discussed the CLARITY Act with law enforcement ahead of a Senate vote, focusing on illicit finance risks and developer protections.
OpenAI Reveals It Has Confidentially Submitted an S-1 to the SEC, Keeping the Door Open for a Future IPO
On June 9, according to an OpenAI announcement, the company recently confidentially submitted a draft S-1 registration statement to the U.S. Securities and Exchange Commission (SEC), beginning the preliminary compliance process for a potential initial public offering. OpenAI said it chose to disclose this proactively because it expected the news might leak; however, the company has not yet set a specific listing timeline, and related arrangements may still take some time.
Latest research from 13 top universities including Cornell University: The current state, challenges, and misconceptions of the fusion of Crypto and AI
Deconstructing Anthropic: The Best AI Company, Possibly Also a Type of Organizational Invention
Apollo and Blackstone Reportedly Back $35 Billion Anthropic Chip Financing as Deal Details Remain Unclear
On June 9, according to currently available news alerts, Apollo and Blackstone Group participated in a $35 billion financing for an Anthropic “chip project.” Based on the original wording of the report, the funding has already been raised, but public information remains limited. The financing structure, use of proceeds, project entity, and whether Apollo and Blackstone participated through equity, debt, or project financing have not yet been disclosed.
Humanity Protocol Security Incident Escalates: More Than $31 Million Stolen From Related Addresses as Attacker Continues Selling H for ETH
On June 9, according to monitoring by Onchain Lens, more than $31 million has been stolen from addresses linked to Humanity Protocol, and the attack is still ongoing, with the hacker continuously swapping H tokens for ETH. Project founder Terence Kwok later confirmed the security incident on X, saying the issue involved a private key leak.
Bloomberg: As Bitcoin Weakens, Stablecoins and RWA Continue to Drive Expansion in Crypto Businesses
In June, Bloomberg reported that despite Bitcoin falling below $60,000 last week, wiping out about $235 billion in market value within seven days, and dropping close to 50% from last year’s peak, some core businesses in the crypto industry are still expanding, mainly in stablecoins, real-world asset tokenization (RWA), payments, and infrastructure. The report also noted that overall altcoin activity has contracted significantly: altcoin market capitalization has fallen from a peak of about $431 billion in November 2021 to around $170 billion, and among the tens of millions of tokens issued in recent years, fewer than 1,700 still maintain meaningful trading activity.
