lp

KelpDAO announced on platform X that since April 18, it has been coordinating with Aave and ecological partners to advance the recovery work for rsETH holders. The initial gap of this incident was 163,200 ETH, and Kelp has currently recovered 40,300 rsETH, equivalent to about 43,000 ETH. The Arbitrum Security Committee has also secured an additional 30,700 ETH, leaving a remaining gap of approximately 89,500 ETH.Kelp stated that among the remaining gap, Mantle, Stani Kulechov, EtherFi, Lido, and Golem have publicly confirmed commitments totaling 43,500 ETH and are working with partners to formalize the relevant contributions. Kelp emphasized that rsETH holders are a priority.

According to the official announcement, Binance Wallet stated that it will open the Binance Alpha airdrop for collection today at 17:00.This event uses the updated Binance Alpha blind box (Alpha Box) model, and the airdrop pool includes tokens from multiple projects. Users with at least 228 Binance Alpha points can claim a token reward on a first-come, first-served basis. Claiming the airdrop will consume 15 Binance Alpha points.In addition, this airdrop has three reward tiers: Common (80% of the reward pool), Rare (15%), and Ultra Rare (5%), with each tier corresponding to different values of the Alpha blind boxes. Users will be assigned to one of the tiers when claiming, and rewards will be distributed according to the proportion of each tier. If the rewards are not fully distributed, the points threshold will automatically decrease by 5 points every 5 minutes.

According to on-chain analyst Onchain Lens, Antalpha deposited 1,950 XAUT (worth approximately $9.18 million) into Cobo, and the related funds subsequently flowed to Binance, with a connection to Metalpha, suspected to be sold through over-the-counter (OTC) channels. Currently, Antalpha still holds 46,348 XAUT, worth approximately $218 million.

Aave, in collaboration with multiple institutions, has launched the "DeFi United" rescue plan to address the approximately $292 million loss caused by the KelpDAO vulnerability attack and to prevent the spread of bad debts.The attack originated from a vulnerability in the LayerZero integration, where hackers forged uncollateralized rsETH and borrowed approximately $190 million in assets on Aave, leading to collateral distortion and triggering a bank run, causing the platform's TVL to evaporate by about $10 billion at one point.Currently, Lido Finance, EtherFi, and founder Stani Kulechov have proposed funding plans; Arbitrum has frozen some funds, but the remaining assets have been transferred through THORChain, making recovery difficult. The current focus is on joint funding to "patch the holes" and stabilize the DeFi lending system.

Lido has proposed to allocate up to 2,500 stETH (approximately $5.8 million) from the DAO to cover the asset gap of rsETH caused by the recent attack on Kelp DAO.Lido pointed out that the exploit based on LayerZero has led to insufficient rsETH reserves and triggered a chain reaction in the DeFi ecosystem, including rising interest rate pressures, a tightening lending market, and some leveraged strategies facing the risk of forced liquidation. The proposal emphasizes that these funds will only be used as part of a complete recovery plan, provided that the overall gap can be fully filled. Previously, the attack on Kelp DAO, amounting to approximately $292 million, had impacted Aave, causing bad debt issues, and its total locked value (TVL) once dropped by nearly $8 billion.

The on-chain analysis platform Santiment tweeted that six days after the Kelp event outbreak, there were obvious signs of "refugee trade" in the market.The Spark token SPK skyrocketed from $0.029 to $0.058 within 48 hours, an increase of over 100%. Meanwhile, whale transactions (over $100,000) surged from an average baseline of about 30 per day to 183 today.In contrast, the price of the AAVE token continues to decline, currently hovering around $92, even though Bitcoin had previously broken through $79,000 earlier this week.Santiment pointed out that this event did not solely cause destruction but led to a reallocation of funds— a liquidity crisis for one protocol turned into a bull market for another protocol.Note: "Refugee trade" is a metaphorical term in the crypto/DeFi space, specifically referring to the phenomenon where funds flee in large amounts from damaged or high-risk protocols, similar to refugees, and move to another protocol that is relatively safe and lower risk.

Lido has released the latest developments regarding the Kelp security incident, stating that its Earn series vaults are working with the management to address the issues, which involve two major risk points: the rsETH exposure and the liquidity tension in the lending market. Lido emphasizes that the core staking protocol has not been affected, and both stETH and wstETH remain safe and stable.Currently, only the EarnETH vault has an approximately 9% TVL exposure to rsETH, and related deposits and withdrawals have been suspended by the management, awaiting a solution. Approximately $70 million in ETH has been recovered from the previous attack, and the subsequent asset recovery and loss distribution are still in progress. In response to liquidity pressure, the management has reduced leverage and optimized the position structure, significantly decreasing the wETH debt exposure. If losses ultimately occur, EarnETH will activate a $3 million "first loss protection mechanism" (funded by the DAO). As for other vaults, DVV and EarnUSD have not been affected and are operating normally; the GGV sub-vault is currently experiencing negative returns due to the combination of circular staking strategies and rising lending rates, but adjustments are ongoing. Withdrawal requests submitted by users will be processed based on valuations prior to the incident.

According to official news, KelpDAO stated that in the past few days, the team has been continuously advancing the handling of related events with the support of partners, allies, and the community. The discussions are currently moving in a positive direction, and efforts are being accelerated to reach a suitable solution. The project party emphasizes that it always adheres to the core principle of "user first," and subsequent measures will gradually be implemented with the aim of safeguarding the overall interests of users.In the past four days, the Kelp team has been operating around the clock in collaboration with multiple parties, maintaining close communication with all relevant stakeholders, and making substantial progress on several potential solutions. This includes the Arbitrum Security Council taking measures to freeze the stolen funds, as well as SEAL 911 participating in the preliminary investigation to provide objective and clear analytical support for the incident.Kelp stated that the current focus of work remains on protecting user asset security and strengthening the protocol itself. This incident is not only of critical significance to the project but also has enlightening value for the entire industry. The team will continue to disclose subsequent progress through official channels and thanks the ecological partners and community for their ongoing support.Previous reports indicated that the KelpDAO hacker has essentially laundered $175 million in ETH into BTC.

According to on-chain analyst Yu Jin's monitoring, within a day and a half, the KelpDAO hacker has exchanged nearly all of the 75,700 ETH (175 million USD) for BTC.The hacker mainly used the THORChain protocol for cross-chain exchanges, contributing 800 million USD in trading volume and 910,000 USD in platform fee revenue to THORChain.

According to official news, Binance announced the launch of the Alpha page, which will display the Alpha points mechanism, historical Alpha event return situations, and the progress data of related tokens being listed on Binance. This page will serve as a centralized entry point for Alpha-related information, where users can view historical performance and participation status.

According to monitoring by Shield, the KelpDAO attackers have begun to transfer the stolen assets: they transferred some of the stolen ETH from the Ethereum mainnet across to Arbitrum via the Across Protocol, then exchanged it for USDT, and routed it to the TRON DAO ecosystem through LayerZero.This path shows that the attackers are diversifying and laundering funds through multi-chain bridges and stablecoin conversion methods, and the subsequent flow of funds still needs to be continuously tracked.

According to The Block, the decentralized AI infrastructure network Gensyn has launched its flagship product Delphi. This is a decentralized information marketplace platform settled by AI, where creators can create markets and earn a 1.5% fee based on transaction volume after the market successfully settles.Delphi is currently open for trading to all users, but only invited creators can create markets, with the mainnet expected to go live in the coming weeks. The platform is built on Gensyn's Ethereum Layer 2 network and uses verifiable smart oracles for settlement. Gensyn stated that Delphi has recorded millions of dollars in transaction volume since its testnet launch in December 2025.

According to a Bloomberg report citing Jefferies, a hacker attack on small crypto projects over the weekend, involving nearly $300 million, and the subsequent $10 billion fund run at the largest decentralized lending platform (the KelpDAO and Aave incident), may weaken Wall Street's interest in blockchain technology.Andrew Moss, an analyst at Jefferies' digital asset research team, pointed out that over the past year, banks, asset management companies, and payment institutions have been developing blockchain products similar to the technology system exploited by North Korean hackers. The report suggests that while such incidents are unlikely to directly impact traditional financial markets, it warns that traditional financial institutions may pause related processes and reassess risks before further advancing blockchain business.

The privacy protocol Umbra has shut down its hosted frontend website to prevent attackers from using the protocol to transfer stolen funds from recent security incidents.Umbra stated that approximately $800,000 had been transferred through its protocol, but the protocol is only used to hide the identity of the recipient, and the related transactions can still be tracked on-chain. This measure comes after the Kelp protocol was attacked, resulting in losses exceeding $280 million. Umbra stated that it will restore frontend services once it is confirmed that asset recovery efforts are not affected, but it cannot prevent users from continuing to use the protocol through smart contracts or self-hosted frontends.

Jefferies, a Wall Street investment bank, pointed out that the approximately $293 million attack incident on Kelp DAO exposed critical infrastructure risks, which may prompt traditional financial institutions to reassess the pace of blockchain and tokenization advancement.Jefferies believes that the attackers triggered market sell-offs and liquidity strains by minting uncollateralized tokens and engaging in cross-platform lending. This incident is thought to be related to the Lazarus Group and also highlights the single point of failure issues in the verification mechanisms of cross-chain bridges. As institutions accelerate the tokenization of assets (such as funds, bonds, and deposits), the associated risks may cause some banks and asset management institutions to delay deployment and prioritize examining system security. Especially in scenarios that rely on cross-chain infrastructure, security vulnerabilities could lead to market fragmentation, undermining the practical utility of tokenized assets.Despite short-term confidence being shaken, Jefferies still emphasizes that the long-term trend remains unchanged. Under the backdrop of regulatory advancements and continuous improvements in infrastructure, applications such as stablecoins still have growth potential. However, the industry as a whole is still in the early stages of development and requires time to enhance system robustness.

According to on-chain analyst Specter (@SpecterAnalyst), the North Korean hacker group TraderTraitor began laundering stolen funds from KelpDAO early this morning Beijing time, just three hours after the Arbitrum Council froze 30.7 ETH (approximately $71 million).The attackers split the remaining funds into three wallets, holding approximately 25,000 ETH (about $57.6 million), 25,700 ETH (about $59.2 million), and 25,000 ETH (about $57.9 million), with the third wallet immediately starting the laundering process, currently holding about 3,800 ETH (approximately $8 million). The funds are primarily being bridged to the Bitcoin network via THORChain, with about 99% of the funds flowing through this protocol, causing THORChain's trading volume to surge to $211 million that day, more than ten times its 30-day average, generating approximately $189,000 in fees.During this laundering process, the funds were also mixed with illicit proceeds from the BTC Turk (2025) and Bybit (2025) hacking incidents, with related funds currently tracked on the Bitcoin network totaling approximately 442 BTC (about $33 million), and the entire laundering process has utilized over 400 addresses.

According to on-chain analyst Ai Yi (@ai_9684xtpa), the Kelp DAO attacker transferred 50,700 ETH to 2 new addresses, worth $118 million.

On-chain investigator ZachXBT updated that the funds related to the KelpDAO attack have begun to be transferred, with approximately $1.5 million being cross-chain transferred from the Ethereum mainnet to the Bitcoin network via Thorchain, and another approximately $78,000 being transferred through Umbra.The initial source of funds for the related attack addresses came from Tornado Cash, and the money laundering and cross-chain transfers are still ongoing.