When Arbitrum was temporarily blocked, someone quickly moved stolen cryptocurrency through THORChain, resulting in a surge of activity and $394 million in transactions as the attacker converted the funds into Bitcoin.
Recent on-chain data is helping us understand the Kelp DAO exploit, which was a major security incident involving cross-chain bridges. After some intervention from network authorities, the movement of stolen funds has increased. Experts monitoring the activity have identified a pattern of money laundering, specifically swaps from Ethereum to Bitcoin. This activity has also caused a significant and unusual increase in the amount of traffic on cross-chain protocols.
Kelp DAO Exploit Drives Record THORChain Volume and Fee Surge
According to blockchain analysis by EmberCN, the hacker who exploited Kelp DAO has already converted $80 million worth of stolen cryptocurrency (34,500 ETH) into untraceable funds. The hacker first transferred about $175 million in ETH from the Ethereum network before starting this process.
KelpDAO 黑客从昨天下午开始把 ETH 进行洗钱转移,到现在应该是洗走了 3.45 万枚 ETH ($8000 万)。
Most of the ETH has been converted to BTC through cross-chain swaps, and THORChain has earned significant transaction fees as a result. In the past 24 hours, THORChain’s trading volume surged to $360 million, a dramatic increase from its average daily volume of $20 million.
— 余烬 (@EmberCN)
It seems the Arbitrum Security Council’s intervention was a major factor in how the situation unfolded. When they froze approximately 30,766 ETH connected to the exploit, it probably forced the attacker to move any remaining funds quickly.
The majority of the stolen Ethereum was converted into Bitcoin using THORChain, a decentralized exchange. In just 24 hours, THORChain handled around $394 million worth of these conversions, earning about $456,000 in fees. This is a significant increase compared to its usual daily volume of $10 to $35 million.
THORChain Stands Firm on Neutrality Amid Lazarus Links to Exploit
Recent connections to past security breaches are causing worry. The Lazarus Group, a known cybercrime organization that cleans money stolen through cryptocurrency, has used THORChain before. LayerZero believes this same group might be behind the recent Kelp DAO hack.
THORChain has faced criticism for not stopping potentially problematic transactions. The platform defends this by saying it’s intentionally designed to be open and accessible to everyone, just like Bitcoin.
The team says there’s no single point of control – like an admin key or central authority – that can freeze funds. Instead, the network’s code and those running it are responsible for enforcement. Investigators are still tracking fund movements to understand how much was affected by the security breach.
Read More
- Last Furry: Survival redeem codes and how to use them (April 2026)
- Gear Defenders redeem codes and how to use them (April 2026)
- Brawl Stars April 2026 Brawl Talk: Three New Brawlers, Adidas Collab, Game Modes, Bling Rework, Skins, Buffies, and more
- All 6 Viltrumite Villains In Invincible Season 4
- The Mummy 2026 Ending Explained: What Really Happened To Katie
- Annulus redeem codes and how to use them (April 2026)
- Beauty queen busted for drug trafficking and money laundering in ‘Operation Luxury’ sting
- Total Football free codes and how to redeem them (March 2026)
- COD Mobile Season 4 2026 – Eternal Prison brings Rebirth Island, Mythic DP27, and Godzilla x Kong collaboration
- The Division Resurgence Best Weapon Guide: Tier List, Gear Breakdown, and Farming Guide
2026-04-22 21:01