The entity behind the roughly $290 million Kelp DAO breach has started moving large volumes of Ether into fresh wallet addresses, in what appears to be the early stages of obfuscating the stolen funds after the exploit.
Summary
- The attacker behind the $290M Kelp DAO exploit has moved 75,700 ETH worth ~$175M across new wallets, with early transfers routed via THORChain and Umbra.
- Arbitrum froze 30,766 ETH tied to the breach, while Aave faces potential bad debt between $123.7M and $230.1M after the attacker used stolen funds as collateral.
- LayerZero blamed a single-verifier setup for the exploit, while Kelp DAO disputed the claim, saying the configuration followed default infrastructure guidelines.
Data from Arkham shows the address tied to the incident transferred about 75,700 Ether, worth nearly $175 million, across three transactions on Tuesday. The movements included a 25,000 ETH transfer to a newly created wallet, along with additional transfers of 50,700 ETH and 0.7 ETH to another address.
On-chain investigator ZachXBT noted in a Telegram update that part of the stolen funds had already begun flowing through privacy-focused infrastructure, including THORChain and Umbra. He identified three THORChain transactions totaling about $1.5 million, alongside a separate $78,000 transfer routed via Umbra.
The exploit itself took place on Saturday, when roughly 116,500 restaked Ether (rsETH), valued between $290 million and $293 million at the time, was siphoned from Kelp DAO’s bridge built on LayerZero.
LayerZero attributed the breach to Kelp DAO’s use of a 1-of-1 decentralized verifier network, arguing that relying on a single verifier path created a “single point of failure” for cross-chain message validation. The firm said it had previously warned against such a setup and recommended multi-verifier configurations for high-value deployments.
The latest transfers came shortly after Arbitrum confirmed that its 12-member security council had intervened to freeze 30,766 ETH linked to the exploit. The funds were moved into an “intermediary frozen wallet” that can only be accessed through governance decisions.
Ripple effects from the breach extended to Aave, where the attacker reportedly used the stolen assets as collateral to borrow funds. Initial estimates suggested a $195 million shortfall, though Aave later outlined two possible scenarios in its incident report, ranging from about $123.7 million to $230.1 million in bad debt.
The use of non-custodial platforms such as THORChain adds complexity to recovery efforts, as such protocols do not enforce traditional Know Your Customer checks, making fund tracking more difficult once assets begin moving across chains.
Dispute emerges over root cause
While LayerZero has pointed to configuration choices as the core issue, it also suggested that North Korea’s Lazarus Group could be behind the attack.
Kelp DAO has rejected that framing, arguing that the so-called “single-validator” setup was not an unsafe customization but part of LayerZero’s documented defaults. The team said the compromised validator stack “is part of LayerZero’s own infrastructure,” not a third-party component.
Security researchers have since confirmed that the bridge relied on a 1-of-1 DVN structure, meaning a single signature was enough to validate cross-chain messages. Analysts noted that such a design allowed a forged instruction to pass as legitimate, ultimately enabling the release of 116,500 rsETH to the attacker’s wallet.
Kelp DAO maintains that it implemented LayerZero’s publicly available code and configurations across networks, suggesting that responsibility may not rest solely with the application layer but also with the underlying infrastructure provider.
