Prospects of Fund Recovery Diminish as Kelp DAO Attacker Washes Almost Entire $220M Haul
Nearly $220 million in pilfered cryptocurrency from the Kelp DAO breach has been laundered by the exploiter in an effort to obscure the trail, not including the $71 million that was successfully frozen by Arbitrum's Security Council.
The perpetrator responsible for the massive $293 million Kelp DAO security breach has successfully laundered almost the entire portion of unfrozen stolen assets, totaling approximately $220 million, within a mere six-week timeframe, based on information from Arkham data and blockchain intelligence experts.
The wallet associated with the Kelp DAO attacker shows that virtually all pilfered assets have been laundered, leaving only approximately $1.7 million in traceable funds within the wallet, as reported by Arkham, a blockchain data analytics provider. The cybercriminal successfully extracted 116,500 Kelp DAO restaked ETH (rsETH) on April 18, contributing to a staggering total of $630 million lost to cryptocurrency security breaches throughout the month of April.
According to blockchain investigator Specter, the stolen assets underwent a sophisticated two-stage laundering process: initially converting to Bitcoin through the Wasabi crypto mixing service, followed by a return journey to Ethereum prior to final withdrawal and deposit through the Tornado Cash mixing protocol.
This extensive laundering operation could substantially diminish the likelihood of successfully recovering the portion of funds that remain unfrozen.
Separately, $71 million in assets were successfully frozen by Arbitrum's Security Council on April 21. Both a governance vote and a United States court order have previously granted authorization for transferring the frozen assets to a multi-signature wallet controlled by Aave for the purpose of rsETh fund recovery operations. Court filings indicate that the upcoming hearing regarding ownership claims connected to the frozen assets is scheduled for Friday in New York.
This latest development follows just one week after Kelp DAO announced the successful restoration of its restaked Ether token following a comprehensive five-week recovery initiative, which concluded when the final installment of 20,373.7 rsETH tokens was transferred to the LayerZero smart contract that manages the locking, minting, burning and releasing of rsETH throughout cross-chain transactions, as Cointelegraph reported on Tuesday.
Cryptocurrency Security Breaches Drop 90% During May, Though DeFi Safety Worries Continue
Hacking incidents targeting cryptocurrency platforms registered a substantial decline throughout May, though this improvement failed to alleviate mounting anxieties related to the security posture of the decentralized finance (DeFi) sector.
Financial damages resulting from cryptocurrency security exploits decreased to $68.3 million during May, representing an almost 90% reduction compared to the losses sustained in April, according to data from CertiK, a cryptocurrency security monitoring platform. Approximately $2.6 million of these losses were linked to phishing attack campaigns, while a combined total of $9.4 million in stolen funds was either successfully recovered or voluntarily returned.
Despite this improvement, the massive $293 million Kelp DAO security breach sparked broader anxiety regarding the overall safety of the cryptocurrency industry, leading numerous DeFi protocols to conduct thorough reassessments of their oracle provider security measures.
In the span of just three weeks following the exploitation incident, both Solv Protocol, a Bitcoin DeFi platform, and Tydro, a liquidity protocol, completed migrations to Chainlink's Cross-Chain Interoperability Protocol (CCIP), actively pursuing a more robust and secure oracle provider solution.
Kelp DAO similarly transitioned its rsETH token infrastructure to Chainlink CCIP, abandoning its former LayerZero-powered bridge solution after determining that the security incident stemmed from vulnerabilities present in its cross-chain infrastructure configuration.
Nevertheless, LayerZero issued a statement on April 20 clarifying that the exploit was actually the consequence of a single point of failure within Kelp DAO's specific implementation, which had operated using only a single LayerZero DVN as the sole verified pathway despite having received prior warnings advising against such a configuration setup.