The recovery effort tied to the Kelp DAO exploit has effectively reached its end. According to on-chain analysts, hackers linked to North Korea’s TraderTraitor group have laundered nearly all of the $220 million in unfrozen funds. It was stolen during April’s massive bridge attack.
Kelp DAO Hacker Has Laundered Nearly All $220M in Unfrozen Funds, Closing the Recovery Window
According to The Defiant, on-chain tracking data shows that the hackers behind the Kelp DAO bridge exploit, identified as North Korean threat group TraderTraitor, have laundered… pic.twitter.com/UlCj44BTa4
— Wu Blockchain (@WuBlockchain) June 2, 2026
Only about $1.7 million remains traceable in the original wallets. As a result, the opportunity for direct asset-by-asset recovery has largely disappeared. The development marks another setback for the crypto industry. It also highlights how state-backed attackers are becoming increasingly sophisticated in moving stolen funds across multiple blockchain networks.
The Kelp DAO exploit occurred in April 2026 and resulted in roughly $292 million being stolen through a LayerZero bridge vulnerability. Following the attack, Arbitrum’s Security Council froze approximately $71 million worth of ETH. However, the remaining $220 million remained accessible to the attackers.
According to reports from Arkham Intelligence and other blockchain investigators, the hackers moved the funds through a complex laundering network that included:
Investigators now estimate that only $1.7 million remains in the original wallets. The latest findings suggest the recovery window has effectively closed for the unfrozen funds.
The laundering process began shortly after the exploit. On-chain data shows the attackers transferred more than 75,000 ETH into newly created wallets. From there, the funds moved through multiple privacy-focused platforms and cross-chain services. Analysts said the operation combined Bitcoin mixing services with Ethereum privacy tools.
The strategy made transaction tracking significantly more difficult. The use of THORChain attracted particular attention. The protocol reportedly processed unusually high volumes as the stolen assets moved across chains. Security researchers linked the attack to TraderTraitor, a North Korean cyber group also known as UNC4899. The group has previously been associated with several major crypto thefts.
While most of the stolen assets have been laundered, the frozen funds remain a potential source of recovery. The Arbitrum freeze locked roughly $71 million in ETH shortly after the attack. However, those assets are now tied up in ongoing legal proceedings. Families holding terrorism judgments against North Korea have also filed claims related to the frozen funds. As a result, the final outcome remains uncertain. Meanwhile, Kelp DAO completed its user remediation process. The protocol migrated rsETH bridging operations to Chainlink CCIP and worked with industry partners to restore affected users.
The incident carries important lessons for both developers and investors. Over the past several months, the crypto industry has experienced a wave of major attacks targeting bridges, infrastructure providers, and DeFi protocols. Incidents involving Radiant, Wormhole, and Kelp DAO have exposed critical security weaknesses.
For developers, the attack reinforces the need for stronger bridge security, multi-layer validation systems, and improved monitoring tools. For investors, the exploit highlights the growing risks associated with cross-chain infrastructure. Bridge tokens and DeFi platforms often offer attractive yields. But many still rely on complex systems that remain vulnerable to sophisticated attacks.
The growing involvement of state-sponsored groups also raises concerns about future recovery efforts. Once stolen assets move through multiple chains and privacy services, recovering funds becomes significantly harder.
The Kelp DAO case may become one of the defining bridge exploits of 2026. While user funds were largely restored through protocol actions, the stolen assets themselves have effectively disappeared into a sophisticated laundering network. For the broader crypto market, the incident serves as another reminder that bridge security remains one of the industry’s biggest challenges. As attackers continue evolving their tactics, developers and investors alike will likely demand stronger safeguards across blockchain infrastructure.
The post Kelp DAO Recovery Ends as North Korea Launders $220M appeared first on Coinfomania.
Binance’s CZ remains completely unshaken by recent crypto market turbulence, advising digital asset holders to maintain a firm long-term perspective.
This significant transfer may impact Bitcoin market dynamics, influencing investor sentiment and potentially affecting cryptocurrency prices. The post Mt. Gox transfers $731M in Bitcoin to
A Polymarket trader has accused the prediction market platform of unfairly resolving a disputed market tied to Strategy’s first Bitcoin sale in years. The trader
The former NBA guard was hit with new federal sports bribery charges over an alleged six-digit kickback he received to manipulate his performance in a
Blockchain Bodega is here and you know the vibes. We’re at the intersection of hip-hop culture and web3, exploring this new digital frontier. Who better to guide you through these uncharted lanes than Ock Chain – The Bitcoin Boss and the Consensus Corner Boys?
Ock Chain doesn’t just cook up random details about cryptocurrency; he lives it. Ock’s been deep in the game since Bitcoin was just a baby.
And let’s not forget about the Consensus Corner Boys. They’re our skilled crew of blockchain enthusiasts. They’re here to educate, entertain, and enlighten.
Welcome to Blockchain Bodega!
Copyright © 2023 Blockchain Bodega. All rights reserved.