The wallet behind the $292M KelpDAO exploit has now laundered roughly $80M worth of ETH through Thorchain, according to a Coin Bureau post citing on-chain tracking. ETH is trading at $2,361.81 as of April 22, 2026, putting the laundered balance at approximately 33,870 ETH at current prices. The movement comes on top of the 30,766 ETH the Arbitrum Security Council froze earlier this month and represents the largest chunk of stolen funds to exit tracing tools since the attack.
Why Thorchain keeps showing up in post-hack flows
Thorchain is a decentralized cross-chain swap network that lets users move between Bitcoin, Ethereum, and other chains without centralized intermediaries. There is no KYC layer at the protocol level, and the network itself has no admin key that can pause or claw back a trade. That combination has made it the exit ramp of choice for a string of 2025 and 2026 exploits, from the Ronin residue flows to the more recent LayerZero and rsETH incidents.
For an attacker, the appeal is mechanical rather than ideological. Mixers and centralized exchanges carry blacklisting risk. Thorchain completes a swap atomically, splits the position across liquidity pools, and delivers a different asset on a different chain. Chain analytics can still follow the breadcrumbs, but the trail multiplies with each hop and the funds are harder to claw back once they settle into BTC, USDT, or other downstream assets.
The recovery math is getting thinner
The headline figure from the original KelpDAO LayerZero bridge drain was roughly $292M. Arbitrum's emergency freeze locked 30,766 ETH that the attacker staged on the L2, and Aave's risk team kept its V3 and V4 rsETH markets suspended while the dust settled. That froze balance, combined with what remained on Ethereum mainnet, had given recovery teams a plausible path to returning a meaningful share to depositors.
The Thorchain flows cut into that path directly. Once $80M in ETH is fragmented across cross-chain swaps, it is no longer a single target to freeze. Portions likely landed in BTC, meaning even a coordinated Ethereum-side response has limited reach. The longer the swap legs continue, the more the recoverable pool shrinks toward whatever is already under lock on Arbitrum or still sitting in tagged addresses on Ethereum.
What rsETH holders are actually watching now
The open question is not whether the remaining funds can be frozen. It is whether the KelpDAO treasury and any contributing counterparties will make rsETH holders whole for the laundered portion. Aave's contagion has already priced in a partial recovery scenario, with more than $6B in TVL exiting the protocol since the incident. A confirmed haircut on rsETH backing, or a drawn-out recovery timeline, would push that contagion further into neighboring lending markets that still list liquid restaking tokens.
Justin Sun's wallet pulled $274M in USDT out of Aave during the original freeze, a move that underscored how quickly whales exit when recovery odds slip. More Thorchain flows from the exploit address will likely trigger similar repositioning from large depositors across DeFi lenders this week.
Law enforcement has a narrow window
Thorchain has no central operator to subpoena, but node operators do hold identifiable roles and some jurisdictions have started pressuring upstream liquidity sources when hack proceeds move through the protocol. Any response would need the funds to remain in a traceable form long enough for a coordinated action, and that window is closing as swap legs continue and assets land in harder-to-touch form.
For the KelpDAO response team, the most likely path forward is the one already in motion: working with the Arbitrum Security Council on the frozen 30,766 ETH, pursuing any on-chain forensic trail that exits Thorchain into identifiable venues, and building a compensation structure for the portion that does not come back. None of those are fast processes, and depositors expecting a clean recovery are going to have to re-anchor expectations.
Overview
Roughly $80M of the KelpDAO exploit proceeds have now cleared Thorchain, according to Coin Bureau on-chain tracking. That amount sits on top of the 30,766 ETH the Arbitrum Security Council has frozen. The Thorchain leg removes a significant chunk of the stolen balance from straightforward recovery paths and increases pressure on KelpDAO to publish a compensation structure for rsETH holders.
