鏈上分析師 Specter 監測顯示,北韓駭客組織 TraderTraitor 於 4 月 22 日開始對 KelpDAO 被盜資金實施洗錢操作,距 Arbitrum 安全委員會凍結約 30,766 枚 ETH 後僅三小時。攻擊者將資金以 THORChain 橋接至比特幣網路,導致日交易超過 30 日日均值 10 倍。
洗錢操作細節:三個錢包、混合手法與跨鏈轉移
(來源:Arkham)
攻擊者將剩餘資金拆分至三個錢包:第一個持有約 2.5 萬枚 ETH(約 5,760 萬美元),第二個持有約 2.57 萬枚 ETH(約 5,920 萬美元),第三個在收到資金後立即開始洗錢,目前僅剩約 3,800 枚 ETH(約 800 萬美元)。
被盜資金在洗錢過程中與 BTC Turk(2025)及 Bybit(2025)駭客事件的非法所得相混合,這是 TraderTraitor 組織的典型操作模式——通過整合多起事件的資金,增加鏈上追蹤難度。Specter 指出,雖然其追蹤到 356 個相關地址,但仍有若干中間錢包未納入統計,整個過程使用的地址總數超過 400 個。
KelpDAO 攻擊的連鎖影響:Aave 壞帳到 DeFi TVL 驟降
根據 Messari 分析,此次攻擊的根本原因在於 LayerZero EndpointV2 的 1:1 DVN 配置,允許攻擊者偽造跨鏈訊息。攻擊者入侵兩個 LayerZero DVN 節點後,模擬 rsETH 銷毀並觸發了 116,500 個 rsETH 的未授權釋放。
下游影響迅速蔓延至整個 DeFi 生態:Aave 壞帳估計在 1.237 億至 2.301 億美元之間,TVL 從約 458 億美元降至 357 億美元;整體 DeFi TVL 在 48 小時內下降超過 130 億美元;AAVE 代幣下跌約 25%;WETH 市場達到 100% 的使用率,引發 62 億美元的資金外流。
早期應對措施與 rsETH 持有者補償計畫
主要應對措施包括:Arbitrum 安全委員會凍結約 30,766 枚 ETH;Kelp 暫停主網和 L2 層所有 rsETH 合約;LayerZero 禁止未來使用 1:1 DVN 配置。Kelp 正考慮對 rsETH 持有者採取 16% 的比例損失補償措施,但 Messari 指出此舉可能影響受影響協議的用戶信心和恢復動態。
常見問題
TraderTraitor 為何選擇 THORChain 作為洗錢通道?
THORChain 是無需許可的跨鏈流動性協議,允許在不同區塊鏈之間兌換資產且不要求 KYC 驗證。此前在 Bybit 駭客事件中,TraderTraitor 也採用了相同的 THORChain 通道,顯示這已成為北韓駭客組織在大規模竊盜後的固定操作模式。
此次洗錢為何要與 Bybit 和 BTC Turk 事件的資金混合?
資金混合是洗錢的標準操作手法,將多起事件的被盜資金合併後,使追蹤人員更難以識別特定資金的原始來源和歸屬。KelpDAO 被盜資金在 THORChain 流通過程中,已與 2025 年 BTC Turk 及 Bybit 駭客事件的非法資金相混合,形成更難解開的資金鏈。
Kelp 的 16% 比例損失補償計畫如何影響 rsETH 持有者?
若補償計畫最終確認,rsETH 持有者將按持倉比例承擔約 16% 的損失,意即每 100 個 rsETH 的持有者,資產名義價值將被打折約 16%。補償機制有助於部分緩解受影響用戶的損失,但也可能影響市場對 rsETH 及 Kelp 協議整體的信心恢復速度。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Articoli correlati
Ethereum Liquid Supply Hits 2024 Low on Binance
Abstract: CryptoQuant reports a notable contraction in Ethereum's liquid supply on Binance, with liquid ETH dropping to about 534,000 from a total reserve of 3.44 million. The trend, termed liquidity dryup, could reduce near-term selling pressure and provide price support if demand improves.
Summary: CryptoQuant notes Binance's ETH liquid supply fell to ~534k of 3.44M total, signaling a liquidity dryup that could ease selling pressure and support prices if demand strengthens.
CryptoFrontier1h fa
Ondo Team Moves $34M in Tokens to New Wallet Amid Potential Selloff Concerns
Ondo's team moved $34 million worth of tokens to a new wallet on April 22; analysts warn such transfers often funnel to centralized exchanges, potentially causing price declines.
GateNews2h fa
Abraxas Capital Adds 54 BTC, Expanding Long Position to $5M on Hyperliquid
Abraxas Capital boosted its BTC long by 54 BTC (~$4.2M) in two hours, taking longs to $5M at $77,450 avg. After closing shorts on April 12, it began a rolling long build-up.
Abraxas Capital increased BTC exposure on Hyperliquid by 54 BTC in two hours, signaling a rolling long build-up after closing shorts.
GateNews2h fa
BitMine Stakes $141.95M ETH via Coinbase Prime
Tom Lee's firm BitMine has staked approximately 61,000 ETH worth $141.95 million through Coinbase Prime, according to on-chain data cited by Arkham on April 22, 2026. The move signals a long-term commitment to Ethereum rather than preparation for a sale, as staking locks assets to support the
CryptoFrontier2h fa
比特币突破 78,000 美元,以太坊站上 2,390 美元:市场恐慌情绪退潮
比特币突破 78,000 美元,以太坊站上 2,390 美元。本文复盘 4 月 13 日至 22 日的 V 型反转走势,解析爆仓数据与恐惧贪婪指数的演变轨迹。
GateInstantTrends3h fa
