TL;DR
- Laundering: The Kelp DAO attacker routed nearly all unfrozen ETH through THORChain and Umbra, emptying their main wallet and reducing recovery prospects.
- Arbitrum Freeze: Arbitrum’s security council secured 30,766 ETH tied to the Kelp DAO exploit, now the only recoverable portion after the rest was laundered.
- DeFi Contagion: Aave absorbed significant fallout from the Kelp DAO breach, facing up to $230 million in potential bad debt as risk teams evaluate loss‑sharing scenarios.
The fallout from the $293 million Kelp DAO exploit deepened this week as on‑chain data showed the attacker successfully laundering nearly all unfrozen Ether tied to the breach. Only the tranche halted by Arbitrum’s security council remains within reach, narrowing the window for meaningful recovery and intensifying pressure across decentralized finance. Kelp DAO now faces a complex path toward stabilizing its ecosystem while coordinating with affected protocols.
用时一天半,KelpDAO 黑客的 75,700 枚 ETH ($1.75 亿) 现在已经基本上都换成 BTC 了。
黑客把 ETH 跨链兑换成 BTC 主要走的协议是 THORChain,黑客的使用也为 THORChain 带去了 $8 亿的交易量以及 $91 万的平台手续费收入。
—————————————————-#Bitget VIP… https://t.co/YHNjV4jTGy pic.twitter.com/QMsFhsjWFx
— 余烬 (@EmberCN) April 23, 2026
Laundering Activity Accelerates Through THORChain
Blockchain analysts reported that the Kelp DAO attacker moved roughly 75,700 ETH into new wallets before routing the funds through THORChain and privacy tool Umbra. The swaps into Bitcoin generated about $910,000 in fees for THORChain and left the attacker’s primary wallet nearly empty. Arkham noted that the transaction patterns indicate an exit strategy rather than an attempt to hold the stolen assets, reducing the likelihood of retrieval.
Community Update
The past few days have been relentless. With the support of our partners, allies and community, discussions are moving in the right direction. We want to address our community directly. We are actively progressing towards a suitable resolution.
Kelp was built…
— Kelp (@KelpDAO) April 23, 2026
Arbitrum’s Freeze Becomes the Only Recoverable Segment
Arbitrum’s security council froze 30,766 ETH linked to the exploit, transferring the assets into an intermediary wallet accessible only through governance action. With the remaining funds laundered, this freeze represents the sole portion of the Kelp DAO haul that can still be secured. The exploit originally drained about 116,500 rsETH from the protocol’s LayerZero‑powered bridge, marking one of the largest restaking‑related breaches to date.
Aave Absorbs Heavy Contagion From the Exploit
The attacker used part of the stolen Kelp DAO funds as collateral on Aave, creating an estimated $195 million in bad debt. Aave founder and CEO Stani Kulechov said the protocol is working with impacted teams to restore normal market conditions. The exploit’s ripple effects highlight how interconnected DeFi liquidity has become, with Kelp DAO’s breach triggering stress across multiple platforms.
Risk Scenarios Outline Potential Loss Distribution
Aave’s risk provider outlined two possible outcomes: one scenario projects about $123.7 million in bad debt if losses are shared across all rsETH holders, potentially causing a 15% depeg. The second scenario concentrates losses on layer‑2 rsETH holders, leaving Aave with roughly $230 million in bad debt. Kelp DAO said it is progressing toward a suitable resolution focused on user protection.
