The post KelpDAO Exploiter Moves 75,700 ETH Across Two New Wallets After Arbitrum’s Freeze Announcement appeared first on Coinpedia Fintech News
The KelpDAO exploiter moved 75,700 ETH (approximately $175 million) across two new wallet addresses on April 21, 2026. This happened just hours after Arbitrum’s Security Council announced that froze 30,766 ETH linked to the same hack.
Meanwhile, this suggests the attacker is actively trying to stay ahead of recovery efforts.
KelpDAO Exploiter Moves $175M ETH to New Wallets
Arbitrum’s Security Council had hardly finished celebrating their freezing of 30,766 ETH (worth $70 million) when the exploiter made their next move.
According to blockchain security firm PeckShieldAlert, the KelpDAO attacker transferred a total of 75,700 ETH to two brand new wallet addresses.
On-chain data confirms the transfers are clearly split into two parts.
- Firstly, around 25,000 ETH ($57.93M) were sent to address 0xF980…15910.
- Secondly, around 50,700 ETH ($117.48M) were sent to the address 0xABc8…36FAD.
Meanwhile, both transactions were flagged, and the source wallet is labeled Kelp DAO Exploiter 1 on-chain trackers.
Splitting funds across multiple wallets is a common tactic. It helps reduce visibility and makes it harder for investigators to follow the money trail.
Old Wallet Nearly Empty, Not Even Gas Fees Left
The original wallet has now been almost completely drained. Only about 0.768 ETH remains, not enough to cover future transaction fees. This clearly shows the attacker has exited the address and shifted operations to new wallets.
That freeze clearly triggered an immediate response from the exploiter, who wasted no time scattering the remaining funds.
What Comes Next?
For now, the situation is still tense. All attention is on whether Arbitrum’s Security Council, law enforcement, and blockchain trackers can act quickly enough to follow the new wallet movements.
The 30,766 ETH that was frozen earlier is still safely locked. However, the 75,700 ETH now sitting in two new wallets is not secured, making the next steps very important.
At the same time, security teams are now closely watching these new addresses. Any further movement could give clues about the attacker’s next step.
