Key Insights:
- KelpDAO hack sees the attacker laundering $176M via cross-chain bridges and privacy tools.
- Arbitrum freezes over $100M in ETH linked to the exploit.
- Hack traced to the rsETH bridge flaw, sparking wider DeFi concerns.
Amid a surge in crypto hacks, the KelpDAO hack has taken a new turn. In the latest development, the attacker has begun laundering stolen funds in the KelpDAO hack across multiple blockchains.
KelpDAO Hack Enters Laundering Phase as Funds Move
In the latest update on the latest KelpDAO hack, the attackers are reportedly moving the stolen funds. According to an X post shared by PechShieldAlert, the attacker has already started moving portions of the stolen funds through multiple transactions.
Early data shows that assets are being routed across different blockchains, including Ethereum and Bitcoin. The attackers are using cross-chain bridges and privacy-focused protocols to launder the stolen funds.
According to PeckShieldAlert, the KelpDAO hacker has sent nearly $176 million in stolen funds. The attacker is transferring smaller amounts across blockchains, mainly from Ethereum to Bitcoin.
The funds are routed through cross-chain platforms like THORChain, Chainflip, and BitTorrent, as well as privacy tools such as Umbra. This step-by-step movement is a common tactic used by hackers to make the money harder to trace. This is because it spreads the funds across different networks and hides their origin.
Data from Arkham Intelligence shows that the wallet holding the stolen funds executed two major transfers. These transactions involve $117 million and $58 million on the Ethereum blockchain during European trading hours on Tuesday.
Blockchain investigator ZachXBT noted that about $1.5 million has been bridged from Ethereum to Bitcoin through THORChain. Another $78,000 was sent via the privacy-focused protocol Umbra.
These initial transactions indicate that the attacker has started layering the laundering process. Layering involves splitting the money into different parts and sending them across various platforms.
It is worth noting that the same tactic was previously used by other hackers, including the Lazarus Group. The North Korean cybercrime syndicate, which specializes in cryptocurrency attacks, regularly utilizes cross-chain technology like THORChain to cover its tracks.
Arbitrum Freezes $100M in ETH Linked to KelpDAO Hack
This crypto hack news comes amid Arbitrum’s major decision. After identifying the ETH tokens linked to the KelpDAO hack, the Arbitrum team froze more than 30,000 ETH, valued at about $100 million.
This follows the $290 million KelpDAO hack, which took place on April 19, 2026. As earlier reported, the platform identified an unusual activity involving rsETH. Then the team paused rsETH contracts across the main network and several Layer 2 chains.
The exploit was later linked to a vulnerability in the rsETH adapter bridge, which handles token transfers between blockchains. According to the security firm Cyvers, the attacker drained nearly $293 million from the protocol.
The funds were first sitting in a wallet controlled by the hacker. The Security Council then shifted them to a secure intermediary address. This effectively locked them and prevented any further movement.
Importantly, this action did not disrupt regular users or apps on Arbitrum. Normal transactions continued as usual. Only the exploit-linked wallet was targeted. This highlights how the network can take precise action in emergencies without affecting its broader ecosystem.
Arbitrum explained that the decision was made with input from law enforcement. The authority is working to identify the attacker, which many believe is the Lazarus Group. For now, the frozen funds will remain inaccessible until further governance decisions are made.