Kelp DAO bridge hackers launder $220M; most stolen funds now effectively untraceable

Huo Xing Finance reported that, as of June 2, attackers have largely laundered proceeds from the April Kelp DAO bridge exploit, in which about $292 million was stolen. Aside from roughly $71 million (about 30,766 ETH) that has been frozen, only around $1.7 million remains in the hackers' original address. On-chain investigators say the perpetrators ran repeated cross-chain hops and mixing activity using privacy-focused tools including THORChain, Wasabi, Tornado Cash, and Umbra, leaving most of the funds effectively untraceable. The probe has previously linked the incident to North Korea's Lazarus Group (TraderTraitor/UNC4899). A day after the attack, the hackers split roughly 75,700 ETH (about $175 million at the time) across multiple new wallets and bridged it to the Bitcoin network via THORChain, then mixed the flows through Wasabi CoinJoin, Tornado Cash, and other services. The related activity briefly lifted THORChain's daily trading volume to $394 million, more than 10 times its typical level. The assets considered most recoverable remain the 30,766 ETH frozen by the Arbitrum Security Council. Those funds now face additional legal complications: the U.S. District Court for the Southern District of New York previously issued a restraining order requiring a temporary freeze, after family members of certain North Korean terrorism victims sought to seize the assets to enforce compensation judgments.