KelpDAO Hacker Launders $175M on Ethereum via Umbra Cash

The fallout from the recent KelpDAO exploit is still unfolding. After losing access to funds on Arbitrum, the attacker has now shifted focus to the Ethereum mainnet. 

Arbitrum Freeze of KelpDAO-Linked ETH Triggers Faster Laundering

According to EmberCN, after 30,766 ETH tied to the KelpDAO exploit was frozen on Arbitrum, the attacker started moving around 75,700 ETH on Ethereum mainnet, worth about $175 million.

Multiple small ETH transfers… pic.twitter.com/32qFGIBBLv

— Wu Blockchain (@WuBlockchain) April 21, 2026

New on-chain data shows that around $175 million worth of ETH is now being moved and split across multiple wallets. The goal appears clear: hide the funds and avoid tracking.

Funds Begin Moving After Arbitrum Freeze

The situation changed quickly after Arbitrum froze over $70 million linked to the attacker. That move likely forced the hacker to react fast. Soon after, large amounts of ETH started moving on Ethereum. Reports show about 75,700 ETH has already been shifted. These transfers are not random. They are being broken into smaller chunks. This method helps reduce visibility. Instead of moving one large amount, the attacker spreads funds across many transactions. With this, tracking becomes harder. Still, analysts continue to monitor every move closely.

Use of Privacy Tools Raises Concern

A key part of this activity involves Umbra Cash. This tool allows users to send funds in a more private way. Several small transfers have already passed through Umbra Cash. This suggests the attacker is testing and then scaling up the process. In addition, other tools like cross-chain bridges and swap platforms may also be used. These tools help move funds between networks and hide their origin. This is a common pattern in large exploits. First, test small transfers. Then increase volume once the path is clear.

Hack Tied to KelpDAO Exploit

The activity links back to the earlier hack on KelpDAO. That exploit drained close to $290 million in assets. The attack targeted systems connected to LayerZero. It used advanced methods to bypass normal checks and create fake transactions. After the breach, KelpDAO paused key contracts to limit further damage. Teams also started working with security experts and partners. While part of the stolen funds was recovered on Arbitrum. However, a large portion remains in motion on Ethereum.

Industry Reacts to Ongoing Situation

The crypto community is now watching closely. This incident has sparked debate on security and decentralization. Some experts support Arbitrum’s fast action to freeze funds. Others worry about the level of control such systems have. Michael Egorov shared concerns about this balance. He noted that if a network can freeze assets, it may start to resemble traditional financial systems.

Ok. I'm officially announcing: the most decentralized blockchain in the world is Tron. https://t.co/dijxWG5rNc

— H.E. Justin Sun 👨‍🚀 🌞 (@justinsuntron) April 21, 2026

Meanwhile, Justin Sun used the moment to highlight decentralization differences. He stated, “Ok. I’m officially announcing: the most decentralized blockchain in the world is Tron.” These reactions show a deeper issue. The industry is still deciding how to balance security with true decentralization.

What Happens Next

Right now, the hacker still controls a large amount of funds. Analysts are tracking wallet activity in real time. Law enforcement and blockchain teams are also involved. Their goal is to trace and possibly recover more assets. While this case highlights a bigger challenge. Even when some funds are frozen, attackers can adapt quickly across chains.

For users and projects, the lesson is clear. Strong security is not enough on its own. Systems also need better design and backup protections. As the situation develops, more updates are expected. For now, the KelpDAO exploit remains one of the biggest and most complex cases of 2026.