KelpDAO Attacker Converts $175M in Stolen ETH to Bitcoin Through THORChain

Table of Contents A significant security breach at KelpDAO has resulted in the exploiter quickly transforming stolen Ethereum holdings into Bitcoin using cross-chain swap mechanisms. The perpetrator transferred 75,700 ETH in a matter of days, with laundering operations substantially diminishing the likelihood of fund retrieval. KelpDAO now sits at the center of coordinated response efforts as various platforms work to minimize broader damage. A major security vulnerability at KelpDAO resulted in the drainage of more than 116,500 restaked Ether from its LayerZero-integrated bridge infrastructure. Following the breach, the perpetrator transferred 75,700 ETH, valued at approximately $175 million, into newly created wallet addresses for obfuscation purposes. The transfer pattern demonstrated a deliberate strategy to evade monitoring and forensic analysis across multiple blockchain ecosystems. The exploiter primarily leveraged THORChain’s infrastructure to execute conversions from Ethereum into Bitcoin. This methodology added layers of complexity to transactions and significantly diminished the ability to trace fund movements. Consequently, the attacker completed the majority of conversions in a compressed timeframe. THORChain’s network handled approximately $800 million in trading activity stemming from these illicit transactions. The decentralized exchange protocol also collected roughly $910,000 in transaction fees from the laundering activity. KelpDAO remained at the epicenter as the conversion process approached its final stages. KelpDAO confronts substantial obstacles as the majority of stolen digital assets have already been moved beyond conventional recovery mechanisms. Nevertheless, Arbitrum’s security governance body successfully froze 30,766 ETH connected to the security breach. This secured portion remains locked in an intermediary address requiring governance authorization for any subsequent movement. On-chain analysis revealed the attacker drained the primary wallet after channeling funds through THORChain and Umbra protocols. These maneuvers decreased visibility and presented substantial challenges for investigative tracing operations. Consequently, recovery initiatives now predominantly rely on the frozen asset portion. Security researchers detected transaction behaviors characteristic of a rapid exit approach rather than long-term asset holding. The exploiter operated with speed and deliberately avoided maintaining significant balances in traceable wallet addresses. KelpDAO has now pivoted its strategy toward damage containment rather than pursuing complete asset retrieval. The KelpDAO security incident has generated significant ripple effects throughout decentralized finance ecosystems, particularly affecting Aave. The exploiter utilized stolen holdings as loan collateral to extract additional funds, generating substantial bad debt liability. Initial assessments estimated this uncollateralized debt near $195 million across compromised lending positions. Aave maintains active coordination with KelpDAO and additional protocols to minimize system-wide consequences. Risk management teams have outlined two potential resolution pathways involving loss allocation among rsETH token holders. The first approach would decrease Aave’s liability but potentially trigger a 15% depegging of rsETH relative to Ethereum. The alternative pathway would allocate losses to layer-two network holders while leaving Aave with greater debt responsibility. Each strategy presents distinct tradeoffs and affects protocol resilience through different mechanisms. KelpDAO remains integral to resolution deliberations as involved parties assess optimal pathways forward. KelpDAO continues developing a comprehensive response framework to safeguard users and restore operational stability. The protocol prioritizes implementing enhanced security measures while addressing the exploitation aftermath. Therefore, KelpDAO remains under intensive observation as recovery and damage control initiatives advance.