Umbra Privacy Protocol Disables Website Interface to Hinder Kelp Hack Perpetrators

Umbra Privacy Protocol Disables Website Interface to Hinder Kelp Hack Perpetrators

The privacy protocol Umbra has disabled its website interface in an effort to obstruct hackers, though acknowledges it cannot prevent direct interaction with its smart contracts or deployment of alternative versions of its open-source interface.

The crypto privacy protocol known as Umbra announced it has disabled its front-end interface to complicate efforts by hackers who have been leveraging it to transfer funds obtained through recent "high-profile hacks."

In a post shared on X this Tuesday, Umbra confirmed its awareness that approximately $800,000 in stolen cryptocurrency had been transferred through its platform.

The protocol explained that it chose to place the hosted iteration of its front-end interface into maintenance mode, with plans to bring it back online "as soon as we are assured that doing so won't create obstacles to the current recovery efforts."

The announcement arrives merely days following the exploitation of the Kelp protocol, which resulted in losses exceeding $280 million, with North Korean hackers being the primary suspects. Recent intelligence indicates that Umbra was among several protocols the attacker has been utilizing in attempts to bridge stolen assets from Ether to Bitcoin.

Hacking organizations based in North Korea face extensive sanctions from the United States, and numerous cryptocurrency platforms have taken action to freeze or impede the hackers' attempts to transfer the stolen assets.

However, Umbra acknowledged that there was "nothing we can do" to prevent individuals from directly interacting with its smart contracts or deploying a local or self-hosted iteration of its open-source front-end interface.

Roman Storm warns front end freeze isn't enough

Roman Storm, who co-founded the cryptocurrency mixer Tornado Cash, contended that the decision to suspend the front-end interface may prove insufficient to escape scrutiny from regulatory authorities.

Storm received a conviction in August for conspiring to operate an unlicensed money transmitting business, despite his argument that he lacked control over how the protocol was being utilized.

"Prosecutors in my case called me a liar when I said that I can't control Tornado Cash," said Storm, who beat charges of conspiring to violate US sanctions.

He asserted that regulatory authorities consider "changing a front end is the same thing as controlling an entire protocol."

"If you can make changes to the user interface, including further updates through new builds on IPFS, then you are in full control," he added.

In its announcement, Umbra clarified that its protocol was "useful for protecting the identity of the receiver, not the sender," and therefore wasn't useful for hackers wanting to obscure their money trail.

"All the stolen funds moved through the protocol can be identified, and we have been in touch with security researchers who are involved," it added.