Kelp DAO exploit: $175M stolen ETH laundered via THORChain

Arkham Intelligence says the Kelp DAO exploiter linked to Lazarus Group began laundering stolen ETH on April 21 by moving 75,701 ETH (~$175M) into newly created Ethereum mainnet wallets. Arkham estimates 50,700 ETH (~$117M) went to two fresh addresses and 25,000 ETH (~$58M) to a third. ZachXBT reports the Kelp DAO exploit outflows have already crossed chains: about $1.5M via THORChain and $78K via the privacy protocol Umbra. PeckShield estimates total laundering closer to ~$176M, spreading funds across THORChain, Umbra, Chainflip, and BitTorrent. On-chain signals suggest the original exploiter wallet was nearly emptied (gas <0.768 ETH), which can reduce recovery odds—especially if funds reach BTC rails. Trading impact: this follows Arbitrum Security Council’s freeze of $71M in stolen ETH on Arbitrum One. Separately, Aave has unfrozen WETH reserves on Ethereum Core V3, but liquidity remains tight and USDT borrow rates rose from ~3% to ~14%. For traders, the Kelp DAO exploit narrative increases short-term DeFi risk pricing and raises monitoring pressure around bridges and liquidity venues.
Bearish
This update is bearish for ETH in the near term because the Kelp DAO exploiter’s laundering shows ongoing, structured outflow behavior rather than a halted recovery. Moving ~75.7k ETH into fresh Ethereum wallets and then bridging parts via THORChain (and routing through privacy rails) can increase the probability of continued sell/exit pressure once liquidity conditions allow. At the same time, the Arbitrum freeze of $71M stolen ETH and the reported jump in Aave USDT borrow rates (to ~14%) signal stress across DeFi liquidity. Even if specific funds are locked, wider liquidity constraints can amplify volatility in ETH-related markets and worsen risk sentiment. Over the longer term, recoverability may remain limited if funds travel toward BTC rails, keeping uncertainty elevated; however, the overall price impact is most likely short-term as traders reprice DeFi bridge-exploit risk.