Cointelegraph
LINK$9.30 2.03%
TRX$0.3281 0.44%
BCH$458.06 1.23%
DOGE$0.09666 1.38%
XLM$0.1778 1.67%
ETH$2,329 3.09%
BNB$636.27 2.11%
SOL$86.05 3.14%
HYPE$41.45 0.71%
XMR$373.91 0.58%
XRP$1.42 2.08%
ADA$0.2486 2.73%
BTC$77,872 1.29%
Zoltan VardaiWritten byZoltan Vardai,Staff Writer
Bryan O'SheaReviewed byBryan O'Shea,Staff Editor

Kelp DAO exploiter launders nearly all 75,700 in stolen ETH through THORchain

Latest NewsPublishedApr 23, 2026

The wallet linked to the Kelp DAO exploit appears to have laundered most of the $175 million worth of stolen Ether, while another $71 million remains frozen by Arbitrum’s security council.

The exploiter behind the roughly $293 million Kelp DAO hack appears to have laundered nearly all of the unfrozen Ether stolen in the attack, narrowing recovery efforts to the tranche Arbitrum’s security council managed to freeze.

The Kelp Dao hacker appears to have laundered nearly all of the 75,700 Ether (ETH) stolen from the protocol on Saturday. The hacker primarily used the THORChain to swap the Ether for Bitcoin (BTC), generating about $910,000 in fee revenue for the protocol, according to blockchain analyst EmberCN in a Thursday X post.

The attacker began moving the funds on Tuesday, sending roughly 75,700 ETH, worth about $175 million at the time, into newly created wallets before routing the assets through THORChain and privacy protocol Umbra. Arkham data showed the attacker’s tagged main wallet had been largely emptied by Thursday.

Transferring the funds through Thorchain makes them more difficult to trace, reducing the chances of recovery. The transaction patterns signal that the “attackers are executing an exit strategy rather than sitting on the proceeds,” Arkham said in a Tuesday report.

Arbitrum’s security council separately froze 30,766 ETH tied to the exploit and moved the funds into an intermediary wallet that can now be accessed only through further governance action.

The attacker laundered the remaining funds just five days after they drained about 116,500 restaked Ether (rsETH), worth roughly $290 million to $293 million at the time, from Kelp DAO’s LayerZero-powered rsETH bridge on Saturday.

Source: EmberCN

Aave and Kelp working towards a resolution to contain the fallout

The exploit sent shockwaves across decentralized finance (DeFi) applications, including Aave, where the hacker used the stolen funds as collateral to borrow against the protocol and created about $195 million of bad debt, according to early estimates. 

Aave is now working with affected protocols to find a resolution that reduces the exploit’s contagion effect, according to Aave founder and CEO, Stani Kulechov. He wrote in a Wednesday X post:

“Our priority is our users, and every decision we are making is aimed at an orderly return to normal market conditions and the best possible outcome for everyone involved.”

In a Thursday X post, Kelp DAO also said that they are making progress towards a “suitable resolution,” adding that their efforts are directed towards “safeguarding our users and strengthening the protocol.” 

Related: Lazarus-linked macOS malware hits crypto and fintech firms

On Monday, Aave’s risk provider outlined two potential outcomes: roughly $123.7 million in bad debt under one scenario and about $230.1 million under another.  

The first scenario would spread losses across all rsETH holders on Ethereum mainnet and layer–2s, shrinking the bad debt on Aave but risking a 15% depeg in rsETH relative to Ether. The second would spread the entire loss across rsETH holders on Ethereum layer-2s, leaving Aave with $230 million in bad debt.

Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express 

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.