- The attacker behind the $290 million Kelp DAO exploit has begun moving stolen funds, transferring ~$175M in ETH to new addresses.
- Arbitrum‘s security council froze ~$95M in stolen ETH, while Aave faces up to $230M in bad debt from the attack.
- The exploit’s fallout caused significant outflows from Aave, reducing its Total Value Locked by $10 billion.
The wallet behind the massive $290 million Kelp DAO exploit has sprung into action, moving tens of thousands of Ether to new addresses on Tuesday in an apparent laundering attempt. The attacker transferred about 75,700 ETH, worth roughly $175 million, across three transactions to freshly created wallets.
Blockchain investigator ZachXBT noted the funds began flowing through non-custodial protocols like THORChain and Umbra. These services can complicate tracing efforts, as THORChain does not require traditional Know Your Customer checks.
Consequently, the exploit created a single point of failure in Kelp DAO’s cross-chain bridge. LayerZero confirmed it had previously advised against the 1/1 decentralized verifier network setup used by the protocol.
Meanwhile, Arbitrum’s security council took emergency action to freeze 30,766 ETH tied to the attack. The funds were moved to an intermediary wallet accessible only through Arbitrum governance.
However, the damage spread to Aave, where the attacker used stolen funds as collateral. The lending protocol now faces between $123.7 million and $230.1 million in bad debt.
Consequently, Aave unfroze WETH reserves on its Ethereum Core V3 market on Tuesday. WETH reserves on several other networks remain frozen, however.
Meanwhile, borrowing rates for USDT on Aave spiked from 3% to 14%. This marked the highest figures since December 2024.
Fears over contagion caused significant outflows from the lending giant. Its TVL fell by about $10 billion to $16.4 billion as of Tuesday.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
