- Balancer hacker exchanged 7,000 ETH for 204.7 BTC by THORChain as monitoring expanded.
- The KelpDAO attacker moved roughly 75,700 ETH into BTC, producing $910,000 in THORChain charges.
- Cross-chain swaps are rising stress on exchanges, bridges, and blockchain analytics firms.
Balancer hackers moved the stolen funds this week after a pockets related to the November exploit transformed ETH to Bitcoin by THORChain. The swap came about on-chain, and analysts tracked exercise that mirrors the routes of current KelpDAO abusers. The transfer attracted consideration as a result of each incidents used cross-chain liquidity to maneuver stolen ETH out of Ethereum.
In response to on-chain analyst Ember, wallets linked to Balancer exchanged 7,000 ETH for 204.7 BTC (value about $15.88 million). The pockets nonetheless contained 15,000 ETH of Ethereum (value roughly $34.65 million) and 204.7 BTC of Bitcoin.
THORChain root hyperlinks two exploit trails
This timing follows a significant transformation by the KelpDAO exploiter. The attacker reportedly transformed almost the entire 75,700 ETH, value about $175 million, into BTC inside a couple of day and a half.
In response to the identical report, this exercise generated roughly $910,000 in charge earnings for THORChain. Arkham Intelligence additionally tracked 75,701 ETH transferring to a brand new pockets on April twenty first earlier than going by THORChain and Umbra.
Parallel routes stored the motion of each funds below shut monitoring. In each circumstances, attacker-controlled wallets used THORChain to maneuver ETH to BTC by way of separate transactions and protocols.
KelpDAO breach stays a significant incident in 2026
The KelpDAO incident stays one of many largest DeFi breaches of 2026. Safety agency Halborn introduced that attackers stole $292 million after exploiting the compromised infrastructure. Halborn additionally linked the theft to a DDoS failure with the 1-of-1 verifier setup.
The corporate additional acknowledged that the attackers, believed to be affiliated with Lazarus, could have accelerated their withdrawal after Arbitrum’s Safety Board froze roughly $71 million in stolen ETH. This freeze made the motion of the fund much more tense. The attacker moved a big ETH steadiness to a brand new pockets after which routed it to a cross-chain path.
Balancer losses proceed after November exploit
In response to Verify Level Analysis, the Balancer case stems from a November 2025 exploit that focused the Balancer V2 ComposableStablePool contract. The assault resulted within the exfiltration of $128.64 million throughout six blockchains inside half-hour.
Crystal Intelligence later reported {that a} $19 million restoration effort had lowered the loss to $98 million. Nevertheless, a lot of the stolen funds have been nonetheless below the attacker’s management.
Total, the most recent swaps show how abusers are profiting from unauthorized liquidity throughout post-hack funds transfers. For exchanges, bridges and analytics firms, cash-out makes an attempt stay the following apparent stress level.
Associated: Ethereum stays above $2,300 regardless of $606 million misplaced in two hacks
Disclaimer: The data contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any form. Coin Version just isn’t liable for any losses incurred because of using the content material, merchandise, or companies talked about. We encourage our readers to do their due diligence earlier than taking any motion associated to our firm.