The hacker responsible for the KelpDAO exploit that left nearly $300 million in losses moved and laundered stolen funds across multiple blockchains, an operation that continues today and was exposed by security firm PeckShield on April 22, 2026.
According to on-chain traces, the attacker Use the route from Ethereum to Arbitrumfunds are converted into stablecoins such as USDT0 and sent to the Tron network using the LayerZero infrastructure. This type of movement, which combines bridging between networks and asset exchange, makes it possible to fragment traces and facilitate the movement of capital.
The use of stablecoins addresses the need to access greater liquidity and reduce exposure to volatility. Transfers between different networks make monitoring and possible blocking difficult.. In fact, some of the funds associated with the attack had already been tracked and even partially frozen, which may have motivated the use of more complex routes.
The incident dates back to April 18th. KelpDAO has fallen victim to an exploit that affects LayerZero-based rsETH bridges. This vulnerability was caused by an insecure system configuration that could allow an attacker to release large amounts of assets to addresses under their control.
incident There is a misunderstanding of responsibility between the parties involved.as reported by CriptoNoticias. While KelpDAO points to flaws in the infrastructure used, LayerZero claims the problem lies in the configuration employed by the protocol. In addition to these positions, Arbitrum, whose environment was also used in the funding route, points out its responsibility to both parties.
Beyond commitment amounts, this case once again highlights the risks associated with interoperability between networks. Cross-chain bridges have been one of the weakest points within the DeFi ecosystem for yearshas amassed some of the biggest exploits in this field. Although there is traceability, On-chain Although it is possible to track movements, recovering funds remains difficult, and everything seems to indicate that this type of incident will be repeated in the future.
(Tag translation) Blockchain
