Recovery hopes fade as Kelp DAO hacker launders nearly all $220M in stolen funds

The hacker behind the $293 million Kelp DAO exploit has laundered nearly all of the unfrozen stolen funds, or about $220 million, in just six weeks, according to Arkham data and onchain analysts.

The Kelp DAO hacker-tagged wallet appears to have laundered nearly all the stolen funds, with just $1.7 million remaining traceable in the wallet, according to blockchain data provider Arkham. The malicious actor drained 116,500 Kelp DAO restaked ETH (rsETH) on April 18, pushing the total amount stolen from crypto hacks to $630 million for April.

The funds were laundered in two layers: bridging to Bitcoin using crypto mixer Wasabi and then returning to Ethereum before withdrawing and depositing via mixing protocol Tornado Cash, according to onchain analyst Specter.

The laundering activity may significantly reduce the chances of recovering the remaining unfrozen funds.

An additional $71 million was frozen by Arbitrums Security Council on April 21. A governance proposal and a US court order previously approved the transfer of the frozen funds to an Aave-controlled multi-signature wallet for the rsETh recovery effort. The next hearing on the ownership claims tied to the frozen funds is set for Friday in New York, court documents show.

Kelp DAO Hacker-tagged wallet, total balance. Source: Arkham

The development comes a week after Kelp DAO said it restored its restaked Ether token as part of a five-week recovery effort, after the final tranche of 20,373.7 rsETH tokens was sent to the LayerZero smart contract responsible for locking, minting, burning and releasing rsETH during cross-chain transfers, Cointelegraph reported Tuesday.

Crypto hacks decrease by 90% in May, but DeFi security concerns persist

Cryptocurrency hacks logged a significant decrease during May, but it wasnt enough to soothe the growing concerns tied to the security of the decentralized finance (DeFi) industry.

Losses from cryptocurrency exploits fell to $68.3 million in May, marking a near 90% decline from the amount lost in April, according to crypto security platform CertiK. About $2.6 million was attributed to phishing attacks, while a total of $9.4 million was successfully recovered or returned.

Crypto exploit losses in May reached $68.3 million. Source: CertiK

Still, the $293 million Kelp DAO exploit triggered wider concerns about the safety of the industry, prompting DeFi protocols to reevaluate the security of their oracle providers.

Within three weeks after the exploit, Bitcoin DeFi platform Solv Protocol and liquidity protocol Tydro both migrated to Chainlinks Cross-Chain Interoperability Protocol (CCIP), seeking a more secure oracle provider.

Kelp DAO also migrated its rsETH token to Chainlink CCIP, moving away from its previous LayerZero-powered bridge after attributing the incident to weaknesses in its cross-chain setup.

However, LayerZero said on April 20 that the exploit resulted from a single point of failure in Kelp DAOs implementation, which relied on a single LayerZero DVN as the only verified path despite prior warnings against that configuration.