- Crypto investigator ZachXBT detected a merge in the flow of the funds linked to the Kelp DAO and Humanity Protocol exploits.
- The trend rules out possible insider involvement and strengthens previous findings pointing to foreign actors.
Recent months have witnessed two major exploits that cost Kelp DAO (WRSETH) and Humanity Protocol (H) millions of dollars. A leading crypto investigator now suggests that the perpetrators behind both incidents are likely connected, possibly operating as a single group.
Convergence of Kelp DAO and Humanity Protocol Stolen Funds
According to a report attributed to ZachXBT, the stolen funds from the Kelp DAO and Humanity Protocol attacks converged in a single wallet address just after midnight on Saturday (UTC). Their flows overlapped under transaction hash 5d31655a905b1b39ce1a477268b5084cc821157371860b792e60a3fa4aa24931.
ZachXBT noted that analysts initially suspected insider control and market‑making manipulation via centralized exchanges after the H‑token attack. The timing of the exploit, just before investor token unlocks, reinforced those concerns.
The new findings, however, rule out insider involvement and align with LayerZero (ZRO) Labs’ earlier assessment linking the North Korean Lazarus Group to Kelp’s pseudonymous attacker, TraderTraitor.
The Kelp DAO Incident
The April Kelp DAO breach was the largest crypto theft of 2026, draining roughly $292‑$294 million in a short period.
The attack erased about $400 million from Kelp’s total value locked (TVL) within hours and triggered a contagion effect that impacted Aave (AAVE), causing a $7 billion TVL decline across the ecosystem.
Reports indicate Kelp DAO managed to freeze approximately $71 million of the illicit proceeds, while the remainder escaped detection.
The debate centers on whether the breach resulted from security lapses at Kelp DAO or a failure in LayerZero’s omnichain messaging protocol.
The Humanity Protocol Heist
In early June, Humanity Protocol suffered a $36 million loss across three transactions. The attacker executed a Sybil attack on a network designed to prevent such vulnerabilities, causing the H‑token to plunge nearly 90 % within hours.
The breach exploited a single point of failure: the protocol entrusted one individual with six signer keys for its multi‑sig and hot wallets.
Also Read
- Fed’s 2026 Stress Test Shows Major Banks Withstand a 10% Unemployment Shock
- GnosisDAO’s $223M Governance Vote Sets Precedent for Treasury Redemption
- Why a selloff in gold and silver is dragging bitcoin down
- Bank of England Drops Individual Stablecoin Caps, Imposes £40B Market Limit and Looser Reserve Rules