Kelp DAO Hacker Launders $220M, Recovery Hopes Dim
Nearly all unfrozen $220M from the $293M Kelp DAO exploit has been laundered via Wasabi and Tornado Cash, leaving only $1.7M traceable. The April hack prompted DeFi protocols to migrate to Chainlink CCIP, while a legal hearing over $71M frozen funds looms.
Quick Take
Hacker laundered $220M through Wasabi and Tornado, recovery bleak.
$71M frozen by Arbitrum, legal hearing on Friday.
Kelp DAO restored rsETH after 5-week recovery effort.
DeFi protocols migrate to Chainlink CCIP after exploit exposed weaknesses.
Market Impact Analysis
BearishLaundering reduces trust in compromised DeFi protocols; limited direct market impact beyond rsETH.
Speculation Analysis
Key Takeaways
- $220M of Kelp DAO’s $293M exploit laundered via Wasabi and Tornado Cash in six weeks.
- Only $1.7M remains traceable, crushing recovery hopes for the vast majority of stolen funds.
- $71M frozen by Arbitrum’s Security Council faces a legal hearing Friday in New York.
- DeFi protocols scramble to Chainlink CCIP after the exploit exposed critical cross-chain vulnerabilities.
What Happened
The Kelp DAO hacker laundered $220 million of the $293 million exploit in just six weeks, Arkham data shows. The funds moved through crypto mixer Wasabi onto Bitcoin, then back to Ethereum for processing through Tornado Cash. Only $1.7 million now sits in the hacker’s wallet, down from the 116,500 rsETH drained on April 18. An additional $71 million was frozen by Arbitrum’s Security Council three days after the attack. A US court order and governance proposal approved moving those frozen funds to an Aave-controlled multi-sig. The next legal hearing on ownership claims is set for Friday in New York.
The Numbers
The $293 million exploit accounted for nearly half of April’s total crypto hack losses. After $71 million was frozen, $220 million remained vulnerable—and now it’s almost entirely laundered. On-chain analyst Specter traced the path: bridging to Bitcoin via Wasabi, then returning to Ethereum for Tornado Cash mixing. May brought a sharp decline in exploit losses to $68.3 million, a 90% drop from April, but DeFi security concerns linger. The Kelp DAO incident pushed protocols to rethink oracle providers, with Solv Protocol and Tydro migrating to Chainlink CCIP within three weeks.
Why It Happened
The exploit stemmed from a single point of failure in Kelp DAO’s cross-chain implementation on LayerZero. Attackers seized control over the rsETH token’s locking and minting mechanism during transfers. Laundering through mixers like Wasabi and Tornado Cash allowed the hacker to obscure the trail, significantly reducing recovery odds. The speed and sophistication of the laundering operation suggest advanced planning, common in large DeFi heists. Kelp DAO restored rsETH after a five-week recovery effort, but the stolen value remains lost.
Broader Impact
The aftermath triggered a flight to safety. DeFi protocols are abandoning legacy bridges and oracles for Chainlink’s CCIP, seeking stronger security guarantees. The incident also revived debates about cross-chain vulnerabilities and the accountability of mixing services. While exploit losses dropped in May, the Kelp DAO case underscores that DeFi remains a high-risk environment. Legal proceedings over the frozen $71 million could set a precedent for handling stolen on-chain assets.
What to Watch Next
- Friday’s New York hearing will determine control of the $71 million frozen rsETH.
- Expect more DeFi protocols to announce migrations to Chainlink CCIP or similar oracle solutions.
- Regulatory pressure on mixers could intensify after this high-profile laundering.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
