News
21 Apr 2026, 10:05
KelpDAO Exploiter Moves 75,701 ETH to Mainnet, Begins Routing $175M to Bitcoin

Hours after the Arbitrum Security Council froze 30,766 ether tied to the KelpDAO exploit, the attacker moved all 75,701 ETH, roughly $175 million, to the Ethereum mainnet and began bridging the funds to bitcoin. Key Takeaways: After Arbitrum froze 30,766 ETH ($71M), the KelpDAO exploiter moved 75,701 ETH ($175M) to the Ethereum mainnet. Peckshield confirmed
21 Apr 2026, 10:01
KelpDAO Hacker Moves $176M Worth Stolen Funds; Arbitrum Freezes Funds

KelpDAO attacker transferred $176 million worth of stolen funds to new wallets using THORChain, Umbra, Chainflip, and BitTorrent. Investigators report ongoing laundering attempts, with funds moved across chains via Thorchain and smaller amounts routed through privacy tools. The exploit exposed gaps in DeFi security setups, as reliance on a single validation system allowed forged transactions and a $290 million breach. KelpDAO hacker has reportedly started laundering approx $176 million in stolen funds. On-chain data platform, PeckShield revealed that the attacker is currently moving small amounts of money from the Ethereum network to Bitcoin by using services such as THORChain, Umbra, Chainflip, and BitTorrent. This development comes hours after PeckShield data confirmed that 75,700 ETH linked to the exploit was transferred to two new wallet addresses. KelpDAO Attack: Latest Updates This transaction comes shortly after a significant intervention by the Arbitrum Security Council. The council successfully froze 30,766 ETH connected to the exploit. The frozen amount is valued at nearly $71 million. Irrespective of this action, the attacker still controls the remaining 75,700 ETH on the Ethereum network, which is worth roughly $175 million at current prices. #PeckShieldAlert The @KelpDAO exploiter has begun laundering stolen funds (~$176M). They have started bridging small batches of funds from #Ethereum to $BTC via @THORChain , @UmbraCash , @chainflip , and @BitTorrent . pic.twitter.com/4cm8dOjTWL — PeckShieldAlert (@PeckShieldAlert) April 21, 2026 The recovery process carried out by the Arbitrum Security Council has drawn attention across the crypto industry. According to an analysis shared by Dragonfly General Partner Haseeb Qureshi, the freeze was executed through a system-level transaction. This type of transaction, known as ArbitrumUnsignedTxType, cannot be initiated by regular wallet users. It can only be deployed through the network’s core system, specifically via ArbOS. The operation did not involve reversing transactions or rewriting blockchain history. Instead, it functioned as a direct state-level intervention. The attacker’s private key remains active, meaning it can still sign transactions. But, the ETH held in the affected address was moved by the system itself, and placed it out of the attacker’s reach. This action reflects the emergency powers granted to the Security Council under extreme conditions. The council stated that the move was necessary to protect the ecosystem. It confirmed that the intervention did not impact other users, applications, or chain activity. The recovered funds were transferred into a secure, frozen wallet. Any further movement of these assets will require coordination between custodians and relevant authorities. At the same time, tracking efforts suggest the attacker has already begun laundering part of the stolen funds. On-chain investigator ZachXBT reported that assets are being moved from Ethereum to Bitcoin using cross-chain protocols such as Thorchain. In addition, a smaller portion, around $78,000, has been routed through privacy tools like Umbra. These methods are commonly used to reduce traceability and complicate recovery. The exploit itself dates back to April 18, when KelpDAO suffered a major breach. According to an incident report released by LayerZero Labs, the attack resulted in losses of around $290 million. Early findings point to a compromise in the RPC infrastructure linked to the Decentralized Validation Network. The attacker managed to control certain RPC nodes and used a coordinated denial-of-service attack to force the system into relying on malicious nodes. This allowed the attacker to forge cross-chain messages and execute unauthorized transactions. The issue was traced back to KelpDAO’s use of a single validation setup. The protocol had not executed a multi-layered validation structure, which could have detected or prevented the forged activity. LayerZero confirmed that its core protocol remained unaffected and that other apps using stronger configurations were not impacted. All compromised infrastructure has since been replaced, and the affected systems are now functional again. LayerZero has urged other projects to opt for multi-validator setups to reduce similar risks. It has also paused certain services tied to weaker configurations and is working with global authorities to trace the stolen funds. Several reports have linked the attack to North Korea’s Lazarus Group, a well-known state-backed hacking collective. Even as the investigation is ongoing, the scale and method of the exploit align with previous incidents attributed to the group. The incident has also triggered criticism of security practices within decentralized finance. Ripple’s CTO, David Schwartz recently shared that many protocols have access to strong security tools but often avoid using them due to added complexity costs.
21 Apr 2026, 09:55
Arbitrum Security Council Freezes $71.5M in Ethereum linked to $292M KelpDAO Exploit

Arbitrum's emergency response to the KelpDAO exploit has sparked praise and criticism over the network's ability to freeze stolen assets.
21 Apr 2026, 09:12
KelpDAO hackers are laundering millions in stolen crypto, data show

KelpDAO hackers are moving $290M in stolen crypto across blockchains, using privacy tools to mask the trail as DeFi contagion fears move through the sector.
21 Apr 2026, 08:36
Arbitrum Locks $69M In ETH After Cold Wallets Exploit, Decentralization Debate Reignites Across Crypto Industry

Arbitrum, the popular Ethereum Layer-2 ecosystem responded to the KelpDAO exploit by having its Security Council issue an emergency freeze on more than 30,766 ETH that was tied to the breach. These funds, worth around USD 69 million, were tracked to an Arbitrum One wallet directly associated with the exploit, and emergency containment actions were quickly taken. According to Arbitrum’s official statement, the freeze was made in close coordination with law enforcement agencies that provided intelligence on the background of the exploiter. The Security Council stated that this intervention was intentional, balanced against the necessity for immediate response versus its mission to maintain network integrity. The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times,… — Arbitrum (@arbitrum) April 21, 2026 Unlike the earlier decentralized finance incidents where tapped assets were amounted to be irredeemably lost, this event appears to demonstrate convergence points in terms of blockchain governance structures being prepared to intervene with resolve whenever illegal activity can be irrecoverably shown up. This choice is a clear departure from traditional reactive defense methodologies often limited in scaling up to the high-value breaches of which these assets are victim themselves, failing to act due to lousy segmentation will mean user assets extinguished forever. Technical Intervention Secures Funds Without Disrupting Network Following an exhaustive technical evaluation and internal deliberation, the Arbitrum Security Council discovered an exact method to quarantine and safeguard the affected capital without disrupting general network functionality. This ensured that there was no collateral damage for any other user, smart contract or chain state. This intervention required exceptionally careful execution and any mistakes would trigger a chain reaction through the whole network, especially on Arbitrum where so many DeFi protocols are closely interconnected. Nevertheless, the operation succeeded. The 30,766 ETH were redirected to an intermediary frozen wallet last seen on April 20 at 11:26 PM ET. Access to these funds is now frozen from the original exploiter address and any adjustments can only be made through additional governance votes involving affected parties. This incident is a great case study in the continual progression of on-chain incident response tooling and that as new threats surface technical tooling evolves. MULTIGOV: New Era of Crypto Oversight Brought To You By Collaboration In Law Enforcement One of the unique aspects of this intervention is that law enforcement actually identifies the exploiter. This partnership signifies a new trend in the crypto space where decentralized platforms increasingly contact regulatory and judicial bodies more directly about illicit activities. Although blockchain technology promotes empowerment and resilience to interference from central entities, cases like the KelpDAO exploit underscore the practical need for coordination beyond merely protocol-level levers. Answering after a number of concerns that their actions were not going to be impactful, Arbitrum had its validator working in tandem with law enforcement, bolstering the feel of decisive and legitimate action while maintaining user safety and network stability. It could set a precedent for how future incidents unfold, as rapid on-chain developments are complemented by calls for more off-chain investigative tools. Decentralization Debate Intensified after Intervention And so over the years, we saw yet again a long-running debate in crypto land on what is the balance between decentralization and security resurfaced by the emergency freeze. Critics argue that the power to freeze funds flies in the face of decentralization ideals and raises fears of abuse. On the flip side, advocates contend that such interventions are a required progression. The position is clear, all networks can, and have recovered stolen coins and protected users outside its commitment to decentralization, not acting in name of decentralisation could be seen as distancing rather than principled belief. Such a pragmatic position tends to appeal to those in the community who care about results more than ideology. In the Arbitrum case concretely we see how theoretical commitments run into actual risks. Justin Sun Responds With Decentralization Claim For Tron News of the event attracted quick responses from high-profile industry figures, Justin Sun (founder of Tron) among them. In response to steps implemented by Arbitrum, Sun claimed that Tron is still “the most decentralized blockchain in the world.” In his statement, he seems to compare Tron’s governance ethos versus Arbitrum’s interventionist approach, articulating a philosophy that prioritizes decentralization at all costs. Ok. I'm officially announcing: the most decentralized blockchain in the world is Tron. https://t.co/dijxWG5rNc — H.E. Justin Sun (@justinsuntron) April 21, 2026 That timing hints at an attempt to take advantage of the current discussion, emphasizing ideological lines between blockchain ecosystems. Arbitrum may have shown its ability to apply an emergency break but having taken a clear position against any Tron interference, which goes more in line with the project’s core values or even mission. This divergence speaks to a more fundamental disunity in the industry as networks implement different governance models and security concerns. Industry Faces Critical Question On Security Versus Ideology In the end, Arbitrum freeze has resurrected a basic question: does every blockchain network need to maintain total decentralization, or use structures that function in tracing crises? Here, freezing and securing the $69 million worth of stolen ETH acted as a stop-gap to mitigate losses further down the line and preserve ecosystem value. This is the more validating outcome, for many, ultimately proving that controlled models can sit on top of decentralized infrastructure. At the same time, the episode drives another point home: The industry needs clear boundaries around governance. Without these transparent frameworks, such interventions carry the risk of red flags regarding precedence and centralisation of power. Events such as this incident will determine the course of a maturing crypto ecosystem. The balance between decentralization and security is no longer an academic debate, it is one being actively negotiated in decisions affecting the livelihoods of millions and the trust of global communities. Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services. Follow us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !
21 Apr 2026, 08:29
Aave TVL plunges 33% after Kelp hack: can AAVE still rally?

The DeFi ecosystem has been rattled since the Kelp hack a few days ago. The exploit has affected other DeFi platforms, including Aave, which has seen its Total Value Locked (TVL) drop by 33% over the past few days. However, AAVE, the native coin of the Aave ecosystem, remains in the green and could rally higher in the near term. Aave’s TVL plunges by 33% Decentralized finance (DeFi) protocol Aave has seen a sharp decline in activity, with its total value locked (TVL) falling 33% over the past week. Data obtained from DeFiLlama shows that Aave’s TVL now stands at $16.7 billion, down from the $34 billion recorded in January. Aave’s on-chain revenue also dropped from $1.1 million in early February to $625,000 on Monday. The decline comes despite a broader recovery across the cryptocurrency market, with major tokens posting gains amid improving macro and geopolitical sentiment. The decrease in TVL can also be traced to last week's $293 million exploit involving Kelp DAO's rsETH token. Hackers exploited a vulnerability in a LayerZero V2 bridge between Unichain and Ethereum on Saturday, enabling the withdrawal of 116,500 rsETH without a corresponding burn on the source chain. The assets were also used as collateral on Aave V3 deployments across Ethereum and Arbitrum, where borrowers opened positions against WETH and wstETH. In response to the attack, Aave DAO quickly contained the risk. Measures included freezing rsETH and wrsETH reserves across multiple V3 markets, setting loan-to-value ratios to zero, adjusting WETH interest rates, and restricting borrowing activity in key pools. According to LlamaRisk, the potential bad-debt scenario ranges from $123.7 million to $230.1 million, depending on how losses are distributed. In addition to the Kelp hack, Aave's recent governance tensions have also contributed to the decline. Aave DAO’s recent prolonged disputes over revenue allocation, fee structures, and the expanding role of Aave Labs have led to the exit of several major contributors, including BGD Labs, Chaos Labs, and the Aave Chan Initiative. Despite the TVL decline, AAVE is still trading above $92, up by less than 1% in the last 24 hours. AAVE establishes support at $87 The AAVE/USD 4-hour chart reflects a weak but stabilizing structure amid broader DeFi uncertainty. AAVE is trading at $92.34, with a bearish near-term bias as price remains below the 20-, 50-, and 100-period Exponential Moving Averages (EMAs), indicating continued downward pressure. Momentum indicators reinforce this view. The Relative Strength Index (RSI) sits around 40, while the Stochastic Oscillator hovers near 15, suggesting oversold conditions but only tentative signs of stabilization. Taken together, this points to sellers still in control, with any short-term recovery likely to face resistance unless momentum strengthens meaningfully. The bulls are trying to establish a strong support at $87. If the support level holds, AAVE could rally towards the immediate resistance at $98, followed by the 50-period EMA around $105.22 and the 100-period EMA near $121.46. A daily candle close above these levels could expose the more distant horizontal barrier at roughly $132.12 and the major cap near $182.21. However, if the bears regain control, immediate support is seen at the TLQ level around $87.30, with further demand expected near $77.11. The post Aave TVL plunges 33% after Kelp hack: can AAVE still rally? appeared first on Invezz









































