Kelp DAO Hacker Utilizes Tron in Ongoing Effort to Launder Stolen Funds

Recent analysis by blockchain security firm PeckShield reveals fresh activity from the wallet tied to the KelpDAO exploit. The hacker bridged ETH from Ethereum to Arbitrum using the Across Protocol, swapped the funds for USDT0 stablecoin, and then routed them onward to the Tron network via LayerZero's cross-chain infrastructure.

The transfers come days after the initial April 18 attack, in which the perpetrator drained roughly 116,500 rsETH—valued at about $292 million—from KelpDAO's LayerZero-powered bridge. The exploit hinged on a vulnerability in the bridge's verification setup, reportedly involving a single-verifier configuration that allowed a forged cross-chain message to trigger the release of unbacked tokens.

The movement of stolen funds has raised concerns over potential laundering and authorities' intervention. Observers note that Tron's ecosystem, known for high transaction volumes and stablecoin activity, could serve as a laundering waypoint or be used by authorities to track and recover the assets. USDT0's freezable nature adds another layer of risk for the attacker, as Tether maintains the ability to blacklist addresses tied to illicit activity.