The hacker who did the Kelp DAO exploit has begun to transfer a significant amount of stolen cryptocurrency, and approximately 175 million has already been transferred to several wallets. According to the blockchain data, the money was divided and channelled to various addresses, which is typical of large-scale crypto attacks. This stage is under close observation since it is normally very difficult to trace and recover the money when it starts to fly.
The transfers suggest the attacker is actively trying to stay ahead of investigators. By moving assets quickly and spreading them across networks, it becomes more difficult for security teams to follow the trail in real time. While this kind of activity is not unusual in large-scale hacks, the speed and volume involved here have raised concerns within the crypto community.
The incident began with a major breach that drained close to $290 million from Kelp DAO, a liquid restaking protocol. The attacker is believed to have exploited a flaw in the platform’s cross-chain infrastructure, which allowed them to mint or withdraw rsETH tokens without having the required backing.
rsETH is tied to staked Ether and is commonly used across decentralized finance platforms, especially as collateral in lending protocols. Because of this, the exploit didn’t remain isolated. Its effects quickly spread beyond Kelp DAO, creating a ripple effect across other services that relied on the token.
In the immediate aftermath, several platforms took precautionary steps to limit potential damage. Some restricted certain features, while others reviewed their exposure to rsETH to avoid further risk. The situation highlighted just how interconnected DeFi systems have become, where a vulnerability in one protocol can quickly impact others.
Following the exploit, a significant percentage of stolen funds was soon converted to Ether (ETH). At that point, the attacker began relocating the assets in several wallets and on various blockchain networks. Such activity is typical of major crypto hacks, as it contributes to the trail-breaking and makes tracking far more challenging.
Kelp DAO quickly acted on the unusual activity, halting its smart contracts to prevent additional damage. At that time, most of the money had been stolen. The team has since been liaising with blockchain security companies and partners to learn about how the exploit occurred and whether or not it is still possible to recover some of the funds.
The movement of around $175 million is what’s making things harder now. Each transfer spreads the funds further, making it tougher for investigators to follow where the money is going. The longer this continues, the lower the chances of recovering a meaningful portion of the assets.
This incident also brings attention back to cross-chain infrastructure. These systems are important for connecting different blockchains, but they’ve also become frequent targets because of how complex they are and the amount of value they handle.
For now, the focus remains on tracking wallet activity and looking for any window where the funds could be flagged or stopped. At the same time, the situation is another reminder that security risks in DeFi are still very real, especially when large sums are involved.