Kelp DAO Exploit Overview
A recent report indicates that the hacker responsible for the $293 million Kelp DAO exploit has successfully laundered approximately $220 million of the stolen assets within a span of six weeks. This laundering operation comes despite the fact that $71 million remains frozen due to action from Arbitrum’s Security Council. The exploiter managed to obfuscate nearly all traces of the stolen funds, leaving only around $1.7 million still identifiable within the tagged wallet, as reported by blockchain analysis firm Arkham.
The Hack and Laundering Method
The hack, which occurred on April 18, involved the theft of 116,500 Kelp DAO restaked Ether (rsETH), contributing to a total of $630 million lost in crypto hacks in April alone. To execute the laundering scheme, the hacker utilized a two-layer approach that included bridging to Bitcoin via the Wasabi mixer before moving the funds back to Ethereum, followed by withdrawals through the mixing protocol Tornado Cash, as per insights from onchain analyst Specter. This sophisticated laundering attempt presents significant challenges for the recovery of the stolen assets.
Response from Arbitrum Security Council
In an effort to stabilize the situation, the Arbitrum Security Council froze a separate $71 million related to the hack on April 21. Legal and governance steps are in place to transfer this frozen amount to a multi-signature wallet overseen by Aave for the recovery of the rsETH. A court hearing in New York, set to take place on Friday, will further investigate the claims surrounding the ownership of these assets.
Impact on the DeFi Sector
The laundering incident comes shortly after Kelp DAO announced the restoration of its rsETH token, completing a five-week recovery process that involved sending the last batch of tokens to the LayerZero smart contract responsible for managing cross-chain activities.
Despite a significant reduction in cryptocurrency hacks observed in May, where losses dipped by nearly 90% to $68.3 million, the fallout from the Kelp DAO exploit has raised alarm bells across the decentralized finance (DeFi) sector. Various protocols are reassessing their security measures, particularly concerning oracle functionalities. For instance, both Solv Protocol and liquidity platform Tydro have transitioned to Chainlink’s Cross-Chain Interoperability Protocol (CCIP) to enhance their security framework after the exploit. Kelp DAO has similarly migrated its rsETH to Chainlink CCIP, moving away from its prior reliance on LayerZero.
LayerZero’s Response
LayerZero has responded to the situation, stating that the exploit stemmed from a specific vulnerability in Kelp DAO’s system, which hinged on a single LayerZero DVN for verification, a configuration that had already received prior warnings due to its inherent risks.
Conclusion
The aftermath of the Kelp DAO hack exemplifies ongoing concerns regarding security in the DeFi arena, emphasizing the need for robust protective measures as the industry grapples with its vulnerabilities moving forward.
