Kelp DAO Hacker Moves Funds After Arbitrum ETH Freeze
21 Apr 2026 · 13:46 UTC · CoinCentral RSS Feed · Original source
Read original at CoinCentral RSS Feed →
Summary
The Kelp DAO exploiter has begun moving stolen funds following Arbitrum's freeze of approximately $71 million in ETH. Blockchain investigators have tracked fund transfers from Ethereum to Bitcoin via THORChain bridge, with additional amounts routed through Umbra, a privacy protocol. Security firms estimate that up to $176 million in total stolen funds may have been transferred across multiple platforms. The ongoing movement of these funds suggests the attacker is attempting to obscure and potentially liquidate the stolen assets.
Why it matters
The Kelp DAO exploit represents a significant security incident with direct implications for Arbitrum and broader DeFi ecosystem confidence. Impact mechanisms include: (1) Loss of confidence in DeFi protocol security, triggering DeFi exit flows; (2) Concerns about Arbitrum's security posture and platform resilience, potentially affecting related projects; (3) Heightened scrutiny of cross-chain bridges and privacy protocol vulnerabilities; (4) Market dumping concerns as $176M in stolen funds circulates. The attacker's routing through THORChain and Umbra suggests intent to monetize and obscure stolen assets, potentially creating future selling pressure. Immediate market impact is tempered by the incident already being known (frozen funds represent recognized risk). Key uncertainties: liquidation timing and magnitude, whether market prices this as localized incident or systemic risk, recovery speed of DeFi sentiment. Security firm estimates provide reasonable confidence in fund movement scale, though exact amounts remain partially obscured by privacy measures.
Expected impact
The Kelp DAO exploit and subsequent fund movement by the hacker creates both immediate market concerns and potential medium-term implications. The reported movement of up to $176M across multiple platforms, including Bitcoin and privacy protocols, suggests the attacker is attempting to obscure and liquidate the stolen funds. This news generates negative sentiment in the crypto market, particularly affecting DeFi-focused assets and Arbitrum-related tokens due to security concerns. The freezing of $71M by Arbitrum demonstrates mitigation efforts, but the successful movement of additional funds raises questions about exchange and bridge security. Bitcoin may experience slight inflows from the hacker's fund bridging to BTC, but this is likely overshadowed by broader negative market sentiment surrounding the security incident. The longer-term impact depends on whether this incident triggers broader concerns about DeFi platform security or leads to contagion effects across the ecosystem.