Nearly all of the $220 million in unfrozen funds from April's $292 million LayerZero exploit have been moved, with on-chain analysts tracking only about $1.7 million still sitting in the original exploiter wallet. The Kelp DAO bridge hacker used privacy measures to launder the stolen crypto, effectively shutting the door on recovery efforts.
The scope of the theft
In April, the LayerZero cross-chain protocol suffered a $292 million hack. The attacker targeted the Kelp DAO bridge, a key part of the ecosystem. After the initial heist, around $220 million remained unfrozen — meaning law enforcement and security firms couldn't lock it down. That's the bulk of the stolen haul.
Now almost all of that money has been laundered. Arkham Intelligence, the blockchain analytics firm tracking the wallet, reports that just $1.7 million worth of crypto remains in the original exploiter address. The rest has been shuffled through privacy tools, likely mixing services or privacy coins, which makes tracing nearly impossible.
Why the recovery window closed
Unlike some hacks where stolen funds sit idle or get caught by exchanges, the Kelp DAO bridge hacker moved quickly. The $220 million was filtered through methods designed to obscure the transaction trail. Privacy measures have long been a headache for investigators, and this case is no different. Once funds enter a mixer or a privacy-focused blockchain, following them becomes a game of linking needles in a haystack — and often a lost cause.
The remaining $1.7 million in the exploiter's wallet is a minor leftover, likely a fraction that wasn't worth the effort to launder or that got left behind in a transaction error. Either way, the chance to recover the $220 million is effectively gone.
What this means for DeFi security
The LayerZero hack exposed vulnerabilities in cross-chain bridge infrastructure, a frequent target for attackers. Bridges hold large pools of tokens while they process transfers between blockchains, making them attractive — and lucrative — targets. The Kelp DAO bridge, in particular, was the entry point.
Security firms and developers have since tried to patch similar risks, but the aftermath of this exploit shows how quickly stolen assets can disappear. The hacker didn't leave a trail of breadcrumbs; they took a different route entirely, leaving investigators with nothing but a few crumbs.
For now, there's no clear next step for recovering the funds. The $220 million is likely scattered across multiple wallets and blockchains, hidden behind privacy protocols. Meanwhile, the $1.7 million that remains in the original wallet serves as a stark reminder of what was lost — and what wasn't.
