•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
A hacker linked to the KelpDAO exploit has swapped approximately 75,700 ETH for BTC in a single large transaction valued at roughly $175 million, according to on-chain data. The conversion is among the larger post-exploit asset rotations tracked in recent months and has drawn attention from blockchain analysts monitoring the movement of stolen funds.
Blockchain records show that a wallet tied to the KelpDAO rsETH exploit executed a swap of approximately 75,700 ETH into BTC. The transaction was flagged by on-chain tracking tools shortly after execution.
The wallet, 0xF9802c5EB6b972Ba686aFa7CA615910Ea8310b85, has been identified by blockchain intelligence platforms as connected to the KelpDAO rsETH exploit. Arkham Intelligence tagged the entity in its explorer database, enabling analysts to trace the flow of funds.
Converting a large ETH position into BTC after an exploit is a pattern observed by blockchain forensics teams in previous incidents. BTC’s liquidity and broader availability across services can make it a preferred asset for actors attempting to obscure fund trails.
At this scale, the swap also creates visible sell pressure on the Ethereum side of the trade. Large conversions between the two most liquid crypto assets tend to attract attention from traders and automated monitoring systems.
Once funds move from Ethereum to Bitcoin, the tracing challenge shifts between two different blockchain architectures. Ethereum’s account-based model produces different forensic signals than Bitcoin’s UTXO model, requiring investigators to bridge analytics across both chains.
The wallet’s prior tagging by Arkham Intelligence suggests that tracking efforts are active. However, converting to BTC may complicate recovery if the funds are later moved through privacy-enhancing tools or additional cross-chain hops.
The movement of exploit-linked funds renews attention on KelpDAO’s security posture and the broader risks facing liquid restaking protocols. When stolen assets are actively being converted rather than remaining idle, it can indicate the attacker is working to liquidate, which may reduce the probability of full fund recovery.
Large exploits and subsequent fund movements can erode user confidence in the affected protocol and in similar DeFi products. For KelpDAO users, the active laundering of stolen funds is a reminder that the incident remains unresolved based on the information available.
The incident underscores the importance of real-time monitoring and rapid response. Protocols that integrate on-chain alerting can detect large unauthorized movements faster, potentially enabling quicker coordination with exchanges to freeze assets before conversion.
The Arbitrum Foundation’s precautionary response to the rsETH exploit provides one example of cross-protocol coordination. Whether similar measures can be effective after funds have already been converted to BTC remains unclear from the available information.
A swap of this size is large enough to register on short-term order-flow analysis. For ETH, the conversion represents concentrated sell pressure. For BTC, the inflow adds marginal buy-side volume.
Market participants monitoring whale movements and exchange flows are likely to place the transaction within broader ETH/BTC ratio trends. The psychological effect may also matter: reporting that hackers are converting stolen funds into BTC can reinforce negative sentiment around DeFi security while highlighting Bitcoin’s role as a default exit asset.
The hacker swapped approximately 75,700 ETH, valued at roughly $175 million at the time of the transaction.
The ETH was converted to BTC.
Moving funds from Ethereum to Bitcoin changes the forensic landscape for investigators and can signal active laundering rather than dormant funds, which may reduce the likelihood of recovery.
Based on available information, the status of fund recovery efforts has not been confirmed. The active conversion suggests at least a significant portion of the exploited funds remains under the attacker’s control.
The wallet linked to the exploit can be viewed on Etherscan. Arkham Intelligence also maintains a tagged entity profile for the associated addresses.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
