Crypto Times Logo Black
Google News Follow Banner
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • DeFi News
    • Blockchain News
    • Industry
  • Exclusive
    ExclusiveShow More
    The Robinhood Chain Paradox Built for Tokenized Stocks, Dominated by Memecoins
    The Robinhood Chain Paradox: Built for Tokenized Stocks, Dominated by Memecoins
    Senators to Brief Trump on CLARITY Act Path - Here's What to Expect
    Senators to Brief Trump on CLARITY Act Path – Here’s What to Expect
    CLARITY Act 5 Fights Still Unresolved Before the Merged Draft Drops
    CLARITY Act: 5 Fights Still Unresolved Before the Merged Draft Drops
    Strategy's Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet_
    Strategy’s Cash Reserve Shift Reveals Weaknesses in Leveraged Bitcoin Balance Sheet
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
    After Securing MiCA License, OKX Says Banking License Is Not a Priority
  • Opinion
    OpinionShow More
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Execution Gap: Why the Next Breakthrough in Financial AI is Human Behavior
    The Bitcoin Treasury Blueprint What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    The Bitcoin Treasury Blueprint: What Stress Testing on Strategy Inc.’s MSTR-STRC Reveals
    Why Wall Street is Divided Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    Why Wall Street is Divided: Michael Saylor’s Scarcity vs. Tom Lee’s Staking Empire
    The Arthur Hayes Paradox Macro Prophet or Market Opportunist
    The Arthur Hayes Paradox: Macro Prophet or Market Opportunist?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India's Digital Rupee Push?
    RBI Denies Gold Sale Amid Oil Crisis: Could It Speed Up India’s Digital Rupee Push?
  • Learn
    • Explained
    • How To
    • Insights
  • Videos
  • More
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
The Crypto TimesThe Crypto Times
  • All News
  • Market
  • Bitcoin
  • Ethereum
  • Altcoins
  • Regulations & Policies
  • Blockchain
  • DeFi
  • Industry
  • Exclusive
  • Opinion
Search
  • News
    • Market
    • Bitcoin
    • Ethereum
    • Altcoins
    • Regulations & Policies
    • Blockchain
    • DeFi
    • Industry
    • Exclusive
    • Opinion
  • Learn
    • Explained
    • How To
    • Insights
  • Quick Links
    • About Us
    • Our Authors
    • Contact Us
    • Editorial Policy
    • AI Policy
    • Sponsored & Advertorial Policy
  • Videos
  • Glossary
Follow US
© 2026 By Crypto Times. All Rights Reserved.
DeFi News

Kelp DAO Hacker Finishes Laundering $220M, Only $1.7M Left in Main Wallet

Arkham data shows the Kelp DAO exploiter holds just $1.7 million, with nearly $220 million routed through privacy tools and bridges.

Written By Kenrodgers Fabian
Fact Checked by Divya Mistry
Published 2026-06-02
Make The Crypto Times preferred on GoogleGoogle
Share
Kelp DAO Hacker Finishes Laundering $220M, Only $1.7M Left in Main Wallet
Show AI Summary
The Kelp DAO hacker has laundered nearly all remaining unfrozen funds, reducing recovery chances
Only $1.7 million remains in the original exploiter wallet, with $71 million frozen by Arbitrum
State-backed cybercriminals continue to outpace recovery efforts, posing a challenge to the digital asset industry

The hacker behind April’s $292 million Kelp DAO exploit has laundered nearly all of the remaining unfrozen funds, sharply reducing the chances of recovering stolen assets. 

On-chain data tracked by Arkham Intelligence shows only about $1.7 million remains in the original exploiter wallet, while most of the roughly $220 million moved through a network of privacy tools and cross-chain transfers.

The latest fund movements leave the $71 million frozen by Arbitrum as the only significant portion still within reach of recovery efforts. Arbitrum secured the assets shortly after the attack by freezing about 30,766 ETH linked to the exploiter. However, investigators now face a much tougher challenge as the attacker has largely erased the trail of the remaining funds through complex laundering routes.

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times,…

— Arbitrum (@arbitrum) April 21, 2026

The April exploit targeted Kelp DAO’s LayerZero bridge and ranks among the largest crypto thefts of the year. Investigators later linked the attack to TraderTraitor, a North Korean hacking group associated with Lazarus. As a result, the case has become another example of how state-backed cybercriminals continue to outpace traditional recovery efforts across the digital asset industry.

Arbitrum freeze preserves remaining recoverable funds

Arbitrum remains the only platform that has successfully secured a significant share of the stolen assets. The network froze about 30,766 ETH, worth more than $71 million, shortly after the Kelp DAO exploit. Arbitrum said its Security Council took the action after reviewing information provided by law enforcement and conducting technical analysis of the funds.

However, the frozen Ethereum now faces a separate legal battle. Families holding unpaid terrorism judgments against North Korea have filed claims seeking control of the assets. As a result, the U.S. District Court for the Southern District of New York issued a restraining order that prevents Arbitrum DAO from moving the funds while the case proceeds. 

The dispute has added another layer of uncertainty to recovery efforts, even as most of the remaining stolen funds have already disappeared through laundering channels.

Hacker used multiple privacy tools

The hacker began moving the stolen cryptocurrency on April 21, a day after Arbitrum froze more than $71 million linked to the exploit. According to Arkham Intelligence, the attacker transferred 75,701 ETH, worth about $175 million at the time, into three newly created wallets. The moves marked the start of a large-scale laundering effort that would eventually place most of the remaining funds beyond investigators’ reach.

Investigators traced the stolen funds as they moved through a series of privacy-focused crypto services. On-chain researcher ZachXBT first identified transfers through THORChain and Umbra. Further analysis showed the funds later passed through Wasabi CoinJoin, Tornado Cash, and several cross-chain routes designed to make tracking more difficult.

Security firm PeckShield estimates that roughly $176 million moved through those channels. As the money spread across multiple platforms and networks, the trail became increasingly difficult to follow. That left investigators with limited visibility into a large share of the stolen assets and further reduced the chances of recovery.

#PeckShieldAlert The @KelpDAO exploiter has begun laundering stolen funds (~$176M).

They have started bridging small batches of funds from #Ethereum to $BTC via @THORChain, @UmbraCash, @chainflip, and @BitTorrent. pic.twitter.com/4cm8dOjTWL

— PeckShieldAlert (@PeckShieldAlert) April 21, 2026

DPRK hackers remain a growing threat

The Kelp DAO exploit is part of a broader pattern of increasingly sophisticated attacks linked to North Korean cyber groups. In its incident report, LayerZero attributed the breach to TraderTraitor, an operation associated with the Lazarus Group. The same organization has also been linked to the separate $285 million attack on Drift Protocol, underscoring the growing scale of state-backed crypto crime.

The case adds to a year that has already seen North Korean actors dominate cryptocurrency thefts. Blockchain investigators at TRMLabs estimate the groups account for more than 76% of crypto-related losses in 2025. Chainalysis separately estimates that North Korea-linked hackers have stolen more than $2 billion worth of digital assets this year alone.

Although hopes of recovering most of the stolen funds have faded, Kelp DAO has completed much of its user recovery program. Through the DeFi United initiative, the project and its partners returned about 116,000 rsETH to affected users and restored normal platform operations. Aave also absorbed a large share of the bad debt left behind by the attack, helping limit the impact on the broader ecosystem.

The incident comes as overall crypto losses declined sharply in May. According to CertiK, hackers and exploits accounted for $68.3 million in losses during the month, down from $650 million in April. Even so, the Kelp DAO breach remains one of the largest crypto thefts of the year. 

Also Read: Radiant Capital Winds Down After 18 Months Without Fund Recovery

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.

Follow The Crypto Times on Google News to Stay Updated!      Google News

TAGGED:Crypto HackKelp DAO
Share This Article
Whatsapp Whatsapp LinkedIn Telegram Copy Link

Latest News

Bitcoin Faces Pressure as Coinbase Premium Index Hits 60-Day Record 
Rep. Tim Moore Says CLARITY Act Can Bring Crypto Firms Back to US
Rep. Tim Moore Says CLARITY Act Can Bring Crypto Firms Back to US
Nigeria Moves to Close Crypto Gaps With New Executive Order
Fake KRO Token India’s ED Arrests Three in ₹500 Cr Crypto Scam Probe
Fake KRO Token: India’s ED Arrests Three in ₹500 Cr Crypto Scam Probe
Why Is Ethereum (ETH) Price Down Today?
Why Is Ethereum (ETH) Price Down Today?

Find Us on Socials

You may also like

Across Protocol Reports First Attack on Solana After $34B in Bridge Volume

Across Protocol Reports First Attack on Solana After $34B in Bridge Volume

Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short

Solana Protocol DeFiTuna Hit by $580K Exploit, USDC Pool Left Short

Polychain-Backed Cascade Hacked for $1.34M in Locked User Funds

Polychain-Backed Cascade Hacked for $1.34M in Locked User Funds

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

Ostium Pauses Trading After Alleged $18M Arbitrum Vault Exploit

The Crypto Times Logo PNG

Providing real-time, accurate Crypto reporting. Your trusted source for Crypto News and Research.

Stay Updated

All News
Exclusive
Opinions
Learn
Videos
Glossary

Company

About Us
Our Authors
Editorial Policy
AI Policy
Advertorial Policy

Get In Touch

Contact Us
Career

Find Us on Socials

X-twitter Linkedin Telegram Youtube Instagram

© 2026 The Crypto Times | A BITROCK TECHNOLOGIES L.L.C. Company.

DMCA.com Protection Status
  • Terms and Conditions
  • Disclaimer
  • Privacy Policy
  • Cookie policy
Do Not Sell or Share My Personal Information