This year is a worrying year given the various hacks perpetrated and honestly no one is safe.
I saw some posts and honestly I understand the pain because I myself have funds that disappeared in the past.
But here's a glimpse of what I've been able to discover.
The address 0xA707034429........478F0FBeFAd7 is an intermediate money laundering wallet belonging to the KelpDAO cluster, attributed to the Lazarus Group (North Korea)
What the on-chain data confirms:
The KelpDAO hack of April 19, 2026, drained 116,500 rsETH (~$292M) through a vulnerability in the LayerZero bridge. The funds were converted to ETH and then dispersed on April 21 to dozens of newly created wallets. This wallet is one of them, it was created on April 29 to act as a consolidation hop: it collects ETH from several chains (Base, Optimism, Polygon, BNB) via LI[.]FI, Across, and Relay, then sends everything in a single transfer to a main aggregator (ETH Millionaire [0x4feea1], $2.7M current value) via THORChain:
THORChain then converts this ETH into native Bitcoin, without KYC or any possibility of freezing the funds, it's exactly the same playbook as the Bybit 2025 hack ($1.46B). THORChain processed the vast majority of stolen funds from both the Bybit breach in 2025 and the KelpDAO hack in 2026, converting hundreds of millions of ETH into Bitcoin without any operator intervention.
The wallet linked to the KelpDAO exploit routed approximately 75,700 ETH (~$175M) through THORChain, boosting the protocol's daily volume to $394M, roughly eleven times its usual volume of less than $35M.
Unfortunately the remaining funds have been bridged and swapped into Bitcoin via THORChain, making recovery very complex. Current efforts are focused less on repatriating the funds and more on stabilizing the system through a coordinated recapitalization plan.
Data sources: #nansen
$ETH #HackerAlert #KelpDAOFacesAttack
