Kelp DAO Hacker Launders $220M in Stolen Funds in Six Weeks
The attacker behind the $293 million Kelp DAO exploit has successfully laundered approximately $220 million of unfrozen stolen assets using crypto mixers and cross-chain bridging, leaving only $1.7 million traceable on-chain.
FinCNews Editorial
View source
What Happened
The hacker responsible for the April 18 Kelp DAO exploit has successfully laundered approximately $220 million worth of stolen funds within six weeks, according to blockchain data provider Arkham and on-chain analysts. The attack resulted in the theft of 116,500 Kelp DAO restaked ETH (rsETH), totaling $293 million in value.
Of the stolen funds, Arbitrum's Security Council froze $71 million, leaving $220 million in unfrozen assets vulnerable to laundering. On-chain data shows the hacker-tagged wallet now contains only $1.7 million in traceable funds, indicating successful movement of the remaining stolen cryptocurrency.
Key Details
The laundering process occurred in two distinct layers, according to available blockchain data. The attacker first bridged stolen assets to Bitcoin using Wasabi, a privacy-focused cryptocurrency mixer, then returned the funds to Ethereum before executing final withdrawals and deposits.
The April 18 exploit alone contributed $293 million to the broader cryptocurrency theft total for April 2026, which reached $630 million across multiple incidents. The Kelp DAO incident represents one of the largest individual losses in that month's hacking activity.
Arbitrum's Security Council's $71 million freeze represents a partial recovery measure, but the successful laundering of the remaining majority of stolen funds significantly complicates potential asset recovery efforts.
Why It Matters
The rapid and near-complete laundering of $220 million demonstrates the effectiveness of available privacy tools and cross-chain mechanisms in obscuring cryptocurrency theft proceeds. This development undermines recovery prospects for Kelp DAO stakeholders and highlights operational challenges for blockchain security protocols.
For the broader Ethereum ecosystem and restaking protocols, the exploit and subsequent fund laundering raises concerns about asset custody security and the effectiveness of emergency freezing mechanisms. While Arbitrum's Security Council successfully froze a portion of stolen assets, the hacker's ability to launder the majority of funds within weeks suggests existing mitigation tools have significant limitations.
Investors and users of restaking platforms face renewed scrutiny regarding asset protection capabilities. The incident also demonstrates that even with on-chain transparency and forensic tools, sophisticated actors can successfully move stolen cryptocurrency through mixer services and cross-chain bridges.
What Happens Next
Ongoing on-chain analysis may continue tracking the remaining $1.7 million in the hacker-tagged wallet, though the success of previous laundering efforts suggests minimal additional recovery is likely. Arbitrum's frozen $71 million represents the only confirmed recoverable portion of the theft.
The Kelp DAO ecosystem will need to communicate recovery plans and protocol improvements to affected users. The broader restaking sector may implement additional security measures or custody improvements in response to the exploit's success.
Regulatory bodies and law enforcement agencies may attempt to trace laundered funds through regulated on-ramps or identify the actor behind the attack, though the use of privacy mixers and cross-chain bridges significantly complicates such efforts.
Disclaimer: This article is AI-assisted and for informational purposes only. Nothing published on FinCNews constitutes financial advice, investment recommendation or solicitation. Cryptocurrency markets are highly volatile. Always conduct your own research and consult a qualified financial advisor before making investment decisions. About our editorial standards →