Kelp DAO and Humanity Protocol Stolen Funds Merged — Is One Attacker Behind Both Hacks?

A fresh twist has emerged in the investigations surrounding two major DeFi exploits from 2026. On-chain evidence now suggests that funds stolen from both Kelp DAO and Humanity Protocol were funneled through the same transaction channels — raising the alarming possibility that a single threat actor, or closely coordinated group, was responsible for both attacks.

Blockchain investigator ZachXBT was the first to flag the suspicious overlap, noting that proceeds from the two separate incidents had recently been merged in what appears to be a deliberate laundering operation.

**How the Funds Were Moved**

According to data shared by Specter, the individual behind the Humanity Protocol breach transferred 15,403 ETH — valued at approximately $23.6 million — into a newly created Ethereum address. The assets were subsequently bridged over to the Bitcoin network, where they were consolidated with funds already linked to the Kelp DAO exploit.

At this point, more than $8 million of the stolen assets from the Humanity Protocol hack alone have been successfully laundered. Security researchers have pointed out that this particular method — pooling proceeds from multiple operations into a single Bitcoin wallet before routing them through mixers and OTC desks — is a signature technique associated with North Korea's Lazarus Group.

**Scale of the Original Exploits**

The Kelp DAO incident stands out as one of the largest DeFi breaches of 2026. The protocol's LayerZero bridge was drained of roughly $292 million in April of that year. Humanity Protocol suffered its own breach just two months later in June, losing around $32 million after hackers compromised a developer's device and gained access to deployer accounts and team-controlled wallets.

**North Korea Connection Gains Traction**

Prior to this latest development, the Humanity Protocol hack had fueled speculation about potential insider involvement. However, the newly discovered link to Kelp DAO's laundering trail has shifted attention toward an organized external actor — one potentially tied to state-sponsored cybercrime.

The North Korean connection carries serious legal implications. U.S. court plaintiffs currently hold over $877 million in unpaid judgments against North Korea, and legal arguments have been made that funds traceable to North Korean-affiliated entities can be subject to seizure as part of satisfying those outstanding claims.

**Broader Security Concerns for DeFi**

This fund commingling comes at a particularly turbulent moment for decentralized finance. MEV bots continue to expand their influence across on-chain markets, and as highlighted by the Jaredfromsubway.eth incident, even sophisticated trading infrastructure remains vulnerable to manipulation by skilled bad actors.

The convergence of these events underscores the deepening security crisis facing the DeFi sector. Adding to the gloomy picture, Ethereum's price slipped to an intraday low of $1,581.76 amid broader market weakness during this period.

**Key Takeaways**

The commingling of stolen assets from the Kelp DAO and Humanity Protocol exploits suggests a shared attacker or tightly connected criminal network. With over $8 million already laundered from the Humanity Protocol breach alone, and the total stolen across both incidents exceeding $320 million, investigators are now treating these cases as potentially interconnected — and the trail is pointing toward one of the most notorious hacking operations in the world.