2 hours ago
952
A significant twist in one of the year’s largest cryptocurrency breaches has emerged as investigators unveil the Kelp DAO hack’s evolving narrative. The shocking incident, which transpired last week, saw the loss of nearly $292 million from the Ethereum-based Kelp DAO protocol due to intricate exploitation strategies. Recent analysis indicates a deliberate relocation of the ill-gotten gains across various blockchain networks.
Where Are the Missing Millions Heading?
Recent findings from blockchain security investigators, including PeckShield and ZachXBT, reveal the assailant’s strategic maneuvering with a focus on privacy-centric technologies to obscure their tracks. The analysis shows substantial amounts have shifted from the Ethereum mainnet to Bitcoin, leveraging privacy-enhancing services such as THORChain and Umbra, recognized for concealing users’ activities.
Reports from PeckShield state that the attacker has moved approximately $176 million through platforms like THORChain, Umbra, Chainflip, and BitTorrent. Ember CN, another analytics firm, highlighted that around 75,700 ETH, valued at roughly $175 million, was transferred after a temporary freeze on the Arbitrum network.
Problematic Mechanisms and Blame Game: Is Kelp DAO Pointing Fingers?
Kelp DAO had been a noteworthy player in the decentralized finance sector, prominently via its rsETH bridge on Ethereum. The hack has triggered debates over potential flaws in bridge design and message verification contributing to the exploitation. The LayerZero infrastructure, integral to these transactions, has faced scrutiny.
Ari Redbord from TRM Labs detailed that the vulnerability exploited involved initiating false messages through LayerZero’s lzReceive mechanism, resulting in a withdrawal of about 116,500 rsETH from Kelp DAO—18% of its total circulation.
“This outflow marked a significant incident in cross-chain security breaches,” Redbord noted, highlighting its severity within DeFi history.
Post-incident, LayerZero attributed the breach to potential involvement by the Lazarus group, a notorious hacking collective, blaming flaws in single-point message verification. In contrast, Kelp DAO pointed to weaknesses within LayerZero’s architecture.
Following the hack, about $71 million in ETH was frozen on Arbitrum, representing a significant countermeasure. Despite these efforts, the attacker continues rerouting smaller portions of the stolen assets across different networks using innovative methods.
Affected DeFi platforms, including Aave, SparkLend, Fluid, and Upshift, conducted urgent assessments to mitigate risk, sparking widespread industry discussions around asset stability and cross-chain debt complexities.
While clear resolution of fund movements post-attack remains elusive, transactions through privacy-oriented networks point to the attacker’s strategic planning for escape. Analysts suggest that these actions are more exploratory in nature than conclusive asset settlement.
Fund freezing has proven pivotal, yet the convoluted trail left by these intricate transfers highlights the mounting difficulty in tracing stolen assets, becoming an increasingly challenging global pursuit.
Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should conduct their own research.
English (US)