\n
![](\"https:\/\/media.crypto.news\/2025\/08\/crypto-news-bull-tokenizing-Wall-Street-option02.webp\")
<\/p>\n
\n<\/p>\n
The attacker behind KelpDAO\u2019s nearly $300 million rsETH exploit is now laundering funds from Ethereum to Arbitrum and into Tron-based USDT.<\/p>\n
\n Summary<\/span>\n <\/p>\n <\/p>\n The attacker behind the nearly $300 million KelpDAO exploit<\/a> has begun laundering the haul, routing funds through Arbitrum and into Tron-based stablecoins, in a move that heightens fears over recoverability and traceability across DeFi.<\/p>\n On-chain data shows the exploiter bridging rsETH-derived assets to Arbitrum, swapping into $USDT, and then pushing value into the Tron ecosystem, a pattern investigators say is designed to fracture the audit trail and exploit liquidity on multiple networks.<\/p>\n <\/p>\n Analysts warned in a note that the roughly $293 million KelpDAO breach \u201cmay force major Wall Street banks to reassess the pace\u201d of their blockchain and tokenization projects, arguing the incident exposes \u201ccritical infrastructure risks associated with cross-chain bridges and single-validator configurations.\u201d<\/p>\n Andrew Moss, a digital assets analyst at Jefferies, said the exploit is likely to \u201cprompt major Wall Street banks to reconsider their blockchain initiatives,\u201d even if long-term use cases like stablecoins for cross-border payments remain intact.<\/p>\n The April 18 exploit drained 116,500 rsETH \u2014 worth about $290 million to $293 million \u2014 from KelpDAO\u2019s bridge, in what research desks have called 2026\u2019s largest DeFi loss so far.<\/p>\n LayerZero, whose infrastructure underpinned the rsETH bridge, said the incident was isolated to Kelp\u2019s 1-of-1 verifier setup and followed a compromise of RPC nodes, while KelpDAO has pushed back, arguing it implemented LayerZero\u2019s own defaults and that \u201cone forged signature was enough to make any cross-chain message look real.\u201d<\/p>\n As investors pulled an estimated $15 billion from DeFi following<\/a> the hack, the KelpDAO incident has amplified concerns that bridge design and validator assumptions are becoming systemic risk points for blue-chip protocols and institutional experiments alike.<\/p>\n Yahoo Finance reported that North Korean-linked attackers have stolen nearly $600 million from on-chain applications in the first quarter alone, with KelpDAO\u2019s $294 million loss<\/a> emerging as the latest shock to already cautious institutional allocators.<\/p>\n Adding to the anxiety, blockchain security firm SlowMist issued an alert about an active macOS malware strain dubbed \u201cMacSync Stealer\u201d (v1.1.2), which it described as \u201chigh-risk\u201d information-stealing malware targeting crypto users.<\/p>\n According to SlowMist, MacSync Stealer is capable of exfiltrating cryptocurrency wallets, browser-saved credentials, system keychains, and infrastructure keys such as SSH, AWS, and Kubernetes, often using fake AppleScript pop-ups to trick users into entering their passwords.<\/p>\n SlowMist urged users \u201cto avoid running macOS scripts from unverified sources and to be especially cautious of unexpected prompts for system passwords,\u201d noting that indicators of compromise have already been shared with partners.<\/p>\n With three of the day\u2019s top headlines tied to macOS<\/a> malware or DeFi bridge exploits, and Jefferies warning that marquee hacks like KelpDAO\u2019s could \u201ctemporarily slow TradFi tokenization adoption as firms reassess security risks,\u201d the gap between crypto\u2019s technical attack surface and Wall Street\u2019s risk tolerance is suddenly front and center.<\/p>\n <\/p><\/div>\n\n\n