Kelp DAO recovery fades as hacker spends around $220 million
The hacker behind the $293 million Kelp DAO exploit secured unfrozen stolen funds, or nearly $220 million, in just six weeks, according to Arkham Data and OnChain analysts.
The wallet of the Kelp DAO hacker's account appears to have compromised almost all of the stolen funds, with only $1.7 million remaining in the wallet, according to blockchain data provider Arkham. The malicious actor reentered 116,500 Kelp DAO ETH (rsETH) on April 18, bringing the total amount stolen from crypto hacks to $630 million for April.
The funds are held in two stages: linking to Bitcoin using crypto mixer Wasabi, then back to Ethereum before depositing using the Tornado Cash Mixing Protocol, according to onchain analyst Specter.
The withdrawal activity can greatly reduce the chances of finding the remaining untied funds.
An additional $71 million was frozen by the Security Council on April 21. The administration's proposal and a US court order approved previously frozen funds to Aave's controlled multi-signature wallet for the RSETh recovery effort. The next hearing on the ownership claim related to the frozen funds is scheduled for Friday in New York, court documents show.
Kelp DAO Hacker-Tagged Wallet, Total Balance. Source: Arkham
The development comes a week after Kelp DAO said it had returned the recaptured Ether token as part of a five-week recovery effort, after sending the final tranche of 20,373.7 rsETH tokens to the LayerZero smart contract responsible for locking, burning, burning and releasing rETH during cross-chain transfers, Cointelegraph reported.
Related: Verus Bridge Exploit Returns $8.5M After Bounty Offering
Crypto hackers dropped by 90% in May, but DeFi security concerns persist.
Cryptocurrency hacking decreased significantly in May, but not enough to alleviate security concerns of the growing decentralized finance (DeFi) industry.
Cryptocurrency mining fell to $68.3 million in May, a 90% drop from the amount lost in April. About $2.6 million was due to phishing attacks, and a total of $9.4 million was successfully recovered or recovered.
Crypto mining losses in May reached $68.3 million. Source: CertiK
Still, the $293 million KelpDao exploit has raised broader concerns about the security of the industry, prompting DeFi protocols to reevaluate the security of their blockchain providers.
Within three weeks of the exploit, Bitcoin DeFi platform's Solv protocol and liquidity protocol Tidro both migrated to Chainlink's Cross-Chain Interoperability Protocol (CCIP) in search of a more secure protocol provider.
Kelp Dao is moving its rsETH token to Chainlink CCIP, moving away from its previous LayerZero-powered bridge due to cross-chain vulnerabilities.
But LayerZero said on April 20 that the exploit occurred through a single point of failure in the Kelp Dao implementation, despite a warning on a LayerZero DVN as the only proven path to that configuration.
Magazine: The legal battle over who can claim DeFi's stolen millions
