The hackers behind the largest crypto theft of the year are racing to launder their loot, even as parts of the industry scramble to block them.
Wallets linked to the roughly $300 million hack of Kelp DAO — a decentralised-finance protocol — have begun moving funds through services designed to obscure their trail, according to blockchain security firm Cyvers. About $175 million worth of stolen assets was shifted into two new wallets and is being routed through platforms including THORChain, Umbra and BitTorrent, Cyvers said.
The activity picked up on Tuesday, shortly after Arbitrum, a network running on the Ethereum blockchain, froze around $75 million of the stolen assets. Arbitrum described the measure as an emergency action taken following input from law enforcement.
The freeze is part of a broader industry effort to corner the attackers before they can cash out. That appears to have prompted the hackers to accelerate their efforts to move funds beyond reach.
ADVERTISEMENT
CONTINUE READING BELOW
The Kelp DAO exploit took place on Saturday, when hackers targeted a cross-chain bridge — a system that allows different blockchains to interact. Through the breach the attacker stole about 116,500 rsETH, a derivative form of Ether, the second-largest cryptocurrency. Total losses are estimated at about $293 million, making it the largest crypto hack so far this year.
The stolen tokens were quickly put to use. Roughly $200 million was deposited as collateral to borrow other cryptocurrencies on Aave — a decentralized lending platform where users can borrow crypto by pledging other digital assets. The move sparked fears about possibly worthless collateral on Aave and triggered a surge in withdrawals from the platform. Aave has recorded around $10 billion net outflows since the incident.
ADVERTISEMENT:
CONTINUE READING BELOW
Aave is assessing the impact of the outflows and will consider a range of responses if required, a spokesperson said in a written statement on Tuesday.
Security experts suspect that the hackers are likely affiliated with North Korea, based on the sophistication and scale of the exploit.
The crypto sector has long been a prime target for hacks: while digital assets can be stolen quickly, their movement is generally traceable on public blockchains, online shared ledgers of transactions. As a result, hackers typically try to obfuscate the trail by routing funds through multiple wallets and services, a process that can take days or even weeks to launder.
© 2026 Bloomberg
#Hackers #300m #crypto #theft #laundering #loot