Griff Green, a well-known figure in the crypto security space, has flagged unusual movements of restaked ETH that he says signal illicit activity. The alert comes as investigators trace laundered funds through Thorchain, and the Arbitrum Security Council freezes $70 million tied to the same broader campaign against crypto theft. The developments underscore the growing risks in the restaking sector, where smart contract vulnerabilities can be exploited to move stolen assets.
What Griff Green Saw
Green reported that a batch of restaked ETH was being shifted in patterns consistent with money laundering — not typical staking behavior. The movements were detected on-chain and raised immediate red flags. Restaked ETH, a relatively new asset class used in liquid restaking protocols, is increasingly being targeted by bad actors looking to obscure the origins of stolen funds. Green didn't name the specific protocols involved, but the warning was direct: something isn't right.
Thorchain's Role in the Laundering Chain
Thorchain, the cross-chain liquidity protocol, has emerged as a key conduit for laundering funds from illicit crypto activities. Investigators say criminals are using Thorchain to swap stolen assets across blockchains, making them harder to trace. The involvement of a decentralized exchange with no KYC requirements is a recurring headache for law enforcement. This isn't the first time Thorchain has been linked to dirty money, but the scale of the current operation appears larger than previous cases.
Arbitrum's $70 Million Freeze
The Arbitrum Security Council acted quickly, freezing $70 million in assets believed to be connected to the same illicit flow. The freeze was executed via a governance action, one of the few times the council has used its emergency powers. The move is part of a broader battle against crypto theft, but it also highlights the tension between decentralization and the need for intervention. The frozen funds remain locked while investigators sort out ownership.
Smart Contract Risks in Restaking
The restaked ETH at the center of this case isn't just a laundering tool — it's also a vector for smart contract exploitation. Protocols that allow users to restake their ETH often rely on complex, unaudited code. If a vulnerability is found, it can be used to drain funds or manipulate the staking process. The current incident shows that restaked assets are a double-edged sword: they offer yield but also attract sophisticated attackers. So far, no specific exploit has been confirmed, but the risk is real.
The question now is whether more frozen assets will surface. The Arbitrum freeze bought time, but Thorchain's role means those funds could move again. Green's warning suggests the illicit activity is ongoing — and restaked ETH may not be safe just yet.




