Close Menu
    Home / About / Advertise / Contact
    News

    TraderTraitor Group Washes $220M in Kelp DAO Stolen Crypto Within Six Weeks

    Trader EdgeBy No Comments3 Mins Read

    Key Takeaways

    • The TraderTraitor cybercrime organization linked to North Korea successfully laundered approximately $220M in accessible assets taken from Kelp DAO during April 2026
    • Blockchain analysis reveals merely $1.7M still identifiable within the initial attacker-controlled addresses
    • Criminal actors utilized THORChain, Wasabi CoinJoin, Tornado Cash, and Umbra to obscure transaction trails
    • An additional $71M secured by Arbitrum’s Security Council continues to face legal challenges
    • Kelp DAO has since compensated affected users and transitioned to Chainlink CCIP infrastructure

    Cybercriminals associated with the North Korean TraderTraitor operation have successfully cleaned nearly the entire $220 million pool of accessible cryptocurrency stolen during the Kelp DAO security breach in April 2026. Analysis from Arkham Intelligence reveals that only $1.7 million can still be tracked within the perpetrators’ original digital wallets.

    The security compromise took place on April 18, 2026, when malicious actors extracted 116,500 rsETH tokens by exploiting weaknesses in Kelp DAO’s LayerZero bridge configuration. Combined losses totaled approximately $292ā€“$293 million, contributing to April’s overall cryptocurrency theft figure of $630 million.

    The money laundering process unfolded across two primary phases. Initially, perpetrators converted stolen assets to Bitcoin utilizing the Wasabi CoinJoin tumbling service, subsequently returning funds to Ethereum before channeling them through Tornado Cash. THORChain experienced significantly elevated transaction volumes throughout this operation.

    Stolen cryptocurrency also passed through Umbra, a privacy-centered payment platform. The strategic combination of Bitcoin obfuscation techniques and Ethereum anonymity protocols created substantial obstacles for law enforcement tracking efforts.

    Tracing the Movement of Stolen Assets

    Blockchain forensic data demonstrates that attackers transferred over 75,000 ETH into freshly established wallets immediately following the breach. Subsequently, these funds were fragmented and distributed across numerous blockchains and privacy-enhancing services.

    Cybersecurity researchers attributed the attack to TraderTraitor, alternatively identified as UNC4899. This North Korean state-linked cyber unit has been implicated in multiple significant cryptocurrency thefts throughout recent years.

    LayerZero issued a statement on April 20 clarifying that the vulnerability originated from Kelp DAO’s own implementation choices. The protocol had relied upon a solitary LayerZero DVN as its exclusive verification pathway, disregarding previous security recommendations against such configurations.

    The complete laundering operation concluded within approximately six weeks. Security analysts indicate the opportunity for recovering the unfrozen cryptocurrency has essentially expired.

    Legal Battle Over the Secured $71M

    Arbitrum’s Security Council successfully immobilized roughly $71 million in ETH on April 21. Both a United States judicial order and a governance referendum authorized transferring these assets to an Aave-supervised multi-signature wallet designated for rsETH restitution purposes.

    Nevertheless, families possessing terrorism-related court judgments against North Korea have simultaneously filed legal claims seeking access to these frozen assets. A judicial hearing regarding rightful ownership was calendared for Friday in New York.

    The resolution of this litigation remains uncertain. The $71 million frozen pool currently constitutes the sole remaining direct avenue for asset recovery.

    Cryptocurrency theft losses experienced a dramatic reduction in May, declining to $68.3 millionā€”representing nearly a 90% decrease from April, based on CertiK data. Approximately $9.4 million was successfully recovered or voluntarily returned throughout May.

    Despite this improvement, the Kelp DAO incident triggered widespread anxiety throughout the DeFi ecosystem. Within three weeks following the exploit, both Solv Protocol and Tydro transitioned to Chainlink CCIP. Kelp DAO similarly migrated its rsETH bridging architecture to Chainlink CCIP, abandoning LayerZero.

    Kelp DAO concluded its user compensation program. The concluding distribution of 20,373.7 rsETH tokens was transmitted to the LayerZero smart contract as the final step in a five-week recovery initiative, Cointelegraph documented.

    The stolen cryptocurrency itself, however, has predominantly vanished into an intricate cross-chain laundering infrastructure that investigators characterize as exceptionally challenging to penetrate.

    āœØ Limited Time Offer

    Get 3 Free Stock Ebooks

    Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.

    • Top 10 AI Stocks - Leading AI companies
    • Top 10 Crypto Stocks - Blockchain leaders
    • Top 10 Tech Stocks - Tech giants
    šŸ“„ Get Your Free Ebooks
    Free Stock Ebooks
    Share.

    šŸ“ˆ Futures & Crypto Trader šŸ” Sharing charts, strategies, & mindset tips to help you level up šŸšØ Not Financial Advice Follow on X @Pro_Trader_Edge

    KO Stocks

    Related Posts

    Add A Comment

    Comments are closed.

    No KYC. 70% Rakeback & 10% Cashback, Exclusive Thrill Originals!