- Balancer hacker exchanged 7,000 ETH for 204.7 BTC via THORChain as monitoring expanded.
- The KelpDAO attacker moved roughly 75,700 ETH into BTC, producing $910,000 in THORChain charges.
- Cross-chain swaps are growing stress on exchanges, bridges, and blockchain analytics corporations.
Balancer hackers moved the stolen funds this week after a pockets related to the November exploit transformed ETH to Bitcoin via THORChain. The swap befell on-chain, and analysts tracked exercise that mirrors the routes of latest KelpDAO abusers. The transfer attracted consideration as a result of each incidents used cross-chain liquidity to maneuver stolen ETH out of Ethereum.
In line with on-chain analyst Ember, wallets linked to Balancer exchanged 7,000 ETH for 204.7 BTC (price about $15.88 million). The pockets nonetheless contained 15,000 ETH of Ethereum (price roughly $34.65 million) and 204.7 BTC of Bitcoin.
THORChain root hyperlinks two exploit trails
This timing follows a serious transformation by the KelpDAO exploiter. The attacker reportedly transformed almost all the 75,700 ETH, price about $175 million, into BTC inside a few day and a half.
In line with the report, this exercise generated roughly $910,000 in price earnings for THORChain. Arkham Intelligence additionally tracked 75,701 ETH transferring to a brand new pockets on April twenty first earlier than going via THORChain and Umbra.
Parallel routes saved the motion of each funds below shut monitoring. In each circumstances, attacker-controlled wallets used THORChain to maneuver ETH to BTC through separate transactions and protocols.
KelpDAO breach stays a serious incident in 2026
The KelpDAO incident stays one of many largest DeFi breaches of 2026. Safety agency Halborn introduced that attackers stole $292 million after exploiting the compromised infrastructure. Halborn additionally linked the theft to a DDoS failure with the 1-of-1 verifier setup.
The corporate additional acknowledged that the attackers, believed to be affiliated with Lazarus, could have accelerated their withdrawal after Arbitrum’s Safety Board froze roughly $71 million in stolen ETH. This freeze made the motion of the fund much more tense. The attacker moved a considerable amount of ETH balances to a brand new pockets after which routed them via a cross-chain path.
Balancer losses proceed after November exploit
In line with Examine Level Analysis, the Balancer case stems from a November 2025 exploit that focused the Balancer V2 ComposableStablePool contract. The assault resulted within the exfiltration of $128.64 million throughout six blockchains inside half-hour.
Crystal Intelligence later reported {that a} $19 million restoration effort had lowered the loss to $98 million. Nevertheless, a lot of the stolen funds have been nonetheless below the attacker’s management.
General, the most recent swaps reveal how abusers are making the most of unauthorized liquidity throughout post-hack funds transfers. For exchanges, bridges and analytics corporations, cash-out makes an attempt stay the subsequent apparent stress level.
Associated: Ethereum stays above $2,300 regardless of $606 million misplaced in two hacks
Disclaimer: The data contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any form. Coin Version will not be answerable for any losses incurred because of using the content material, merchandise, or companies talked about. We encourage our readers to do their due diligence earlier than taking any motion associated to our firm.