WuBlockchain
On-chain tracking data confirms that the North Korean threat group TraderTraitor has laundered approximately $220 million stolen in the Kelp DAO bridge exploit, routing funds through privacy-focused channels including THORChain, Wasabi, Tornado Cash, and Umbra. Only around $1.7 million remains in the hackers' original wallets — a figure so small it effectively signals the end of any viable transaction-by-transaction recovery effort.
Why it matters
TraderTraitor is one of the most sophisticated state-sponsored crypto theft operations active today, responsible for a string of nine-figure exploits that collectively fund North Korea's weapons programs. The Kelp DAO bridge attack follows a now-familiar playbook: exploit a cross-chain bridge, wait for any freeze orders to expire or be circumvented, then rapidly disperse funds across layered privacy protocols before investigators can coordinate a response. The speed and completeness of this laundering cycle — $220M moved with only $1.7M residual — underscores how narrow the intervention window is once funds are unfrozen.
Market impact
The closure of the recovery window is a direct blow to any creditors or liquidity providers who held out hope for on-chain restitution. For the broader DeFi sector, the episode reinforces the systemic vulnerability of cross-chain bridges and the inadequacy of reactive freeze mechanisms against a nation-state-level adversary. Privacy protocols THORChain, Tornado Cash, Wasabi, and Umbra will face renewed regulatory scrutiny as documented conduits in a DPRK-linked laundering operation of this scale.
TheBlock
CryptoSlate