The impact of the recent cyberattack on KelpDAO has rippled across multiple blockchain networks, with stolen assets quickly moved between chains and a significant portion funneled through ThorChain into Bitcoin. This incident has set off a cascade of effects throughout the wider crypto ecosystem.
BTC purchase and price volatility
As attackers rapidly converted stolen funds into BTC via ThorChain, the Bitcoin price soared, briefly surpassing $78,000. A massive spot purchase of $211 million in BTC fueled this sudden spike. However, the price failed to hold these highs, pulling back just as sharply. Analysts attributed the surge to large acquisition attempts by the attackers seeking liquidity.
The sharp price movement stemmed from a wave of abrupt spot market buying. According to CryptoAppsy data, BTC reached $78,000 following the attack, though market participants remained cautious about the sustainability of such purchases.
Record-breaking volume on ThorChain
ThorChain has increasingly become a preferred tool for attackers, thanks to its fully permissionless structure and decentralized design. In previous hacks, ThorChain’s resistance to oversight and intervention also made it attractive for moving illicit funds under the radar.
The ThorChain team points out that the platform offers no mechanism to intervene or freeze assets and lacks centralized control points or admin keys for user security. Instead, the network operates under the governance of 95 validators distributed worldwide.
During the incident, attackers managed to transfer about 25% of the assets on the Arbitrum network to other chains roughly three hours before authorities attempted to freeze them. Despite these maneuvers, analytics firms like Arkham Intelligence continued tracking suspect wallets. In total, 442 BTC were dispersed to 400 different addresses. ThorChain processed transaction volumes ten times higher than its daily average, setting a yearly record for transaction fees. Attackers executed an average of 146 transactions per hour, creating notable activity across the protocol.
Post-hack clean-up and liquidity impact
A portion of the assets involved in the KelpDAO breach was mixed with funds linked to earlier attacks involving BTC Türk and Bybit in 2025. Although ThorChain and similar protocols did not intervene directly, parts of the broader ecosystem attempted to freeze assets wherever possible to limit damage.
Leading investigators reported that attackers intentionally moved funds onto the main Bitcoin network, splitting them among various addresses to complicate tracking efforts. This tactic effectively nullified asset-freezing attempts. Notably, groups like TraderTraitor—allegedly connected to North Korea—have employed similar strategies in previous operations.
The aftermath of the KelpDAO attack extended beyond the protocol itself, triggering losses across networks such as Ethereum, Hyperliquid, Arbitrum, and Solana. Ethereum saw a 17.73% decrease in total value locked, Hyperliquid fell by 17.68%, Arbitrum by 13.65%, and Solana by 6.14%. Analysts estimate that Aave accumulated an additional $177 million in bad debt in the process.
These developments have renewed concerns about the dual risks present in decentralized finance protocols. A security breach in one ecosystem can trigger capital outflows and losses across interconnected protocols, largely due to cross-chain liquidity flows. Ultimately, the sophisticated mixing tactics employed by attackers make monitoring and preventative responses extremely difficult.
