Vavada Banner
BTC $78,724.00 (+4.12%)
ETH $2,402.07 (+3.76%)
XRP $1.44 (+1.24%)
BNB $643.28 (+2.21%)
SOL $87.43 (+2.68%)
TRX $0.33 (-1.79%)
DOGE $0.10 (+2.17%)
HYPE $41.22 (+4.89%)
LEO $10.27 (-0.52%)
ADA $0.25 (+1.68%)
BCH $463.51 (+4.02%)
XMR $375.33 (-2.40%)
LINK $9.40 (+0.51%)
XLM $0.18 (+0.67%)
CC $0.15 (-0.11%)
M $4.42 (+5.37%)
ZEC $320.11 (+2.72%)
LTC $56.05 (+1.58%)
AVAX $9.47 (+1.69%)
HBAR $0.09 (+1.98%)

Kelp DAO Exploiter Launders $80M in ETH

Twitter icon  •  Published 13 hours ago on April 22, 2026  •  Nikolas Sargeant

An attacker behind the $292 million exploit of LayerZero-powered cross-chain bridge Kelp DAO has laundered roughly $80 million worth of Ethereum.

Kelp DAO Exploiter Launders $80M in ETH

TL;DR

  • The Kelp DAO exploiter has laundered around $80 million since moving $175 million in ETH earlier.

The attacker behind the $292 million exploit of LayerZero-powered cross-chain bridge Kelp DAO has laundered roughly $80 million worth of Ethereum, according to blockchain analytics firm EmberCN, intensifying scrutiny on cross-chain liquidity routes and non-custodial swap protocols.

$292M Exploit and Onchain Movement

EmberCN reported that the attacker has moved about 34,500 ETH since shifting roughly $175 million off Ethereum earlier in the week. 

The activity suggests a continued effort to obscure fund origins following one of the larger recent cross-chain bridge exploits.

According to the analysis, a significant portion of the stolen ETH—around 30,766 ETH—was frozen after intervention by the Arbitrum Security Council, prompting the exploiter to route remaining funds through alternative channels.

The report added that a substantial share of the stolen assets was reportedly converted into Bitcoin via the cross-chain swap protocol THORChain, a decentralized liquidity network known for enabling permissionless asset swaps across blockchains.

EmberCN noted that the protocol has benefited from unusually high activity linked to the laundering process, with the attacker using it as a bridge between Ethereum and Bitcoin liquidity.

The report noted that the surge in illicit and arbitrage-driven flows pushed THORChain’s 24-hour swap volume to around $394 million—far above its typical daily range of $10 million to $35 million. The protocol reportedly generated approximately $456,000 in fees over the same period.

This latest development comes after THORChain was previously been used by the North Korea-linked Lazarus Group, which has been associated with multiple high-profile crypto hacks, including the Bybit exchange breach. Investigators have also suggested Lazarus may be linked to the Kelp DAO exploit.

While critics argue that THORChain enables laundering by refusing to block suspicious flows, the protocol has consistently defended its design as fully decentralized and censorship-resistant.

In a statement, THORChain said it operates without an admin key or centralized control, emphasizing that its network is governed by node operators enforcing neutral code rules rather than discretionary intervention.

This latest development comes after Kelp DAO responded to the $292 million exploit, blaming LayerZero’s default 1-of-1 DVN setup, which was criticized for creating a single point of failure.

Justin Sun Sues Trump-Linked World Liberty Financial Over Frozen WLFI Tokens
Next article Justin Sun Sues Trump-Linked World Liberty Financial Over Frozen WLFI Tokens
Nikolas Sargeant

Nik is a content and public relations specialist with an ever-growing interest in Crypto. He has been published on several leading Crypto and blockchain based news sites. He is currently based in Spain, but hails from the Pacific Northwest in the US.