Two Massive Crypto Hacks May Have One Mastermind

Add TechGaged as your preferred source on Google

See more TechGaged stories across Google News and Discover.

Add

Mixed transactions in funds stolen from Humanity Protocol and Kelp DAO seem to suggest a potential overlap or coordination between the attackers in both events, possibly eliminating insider involvement.

Insiders ruled out

On June 27, on-chain detective ZachXBT said on his personal channel that funds from the recent Humanity Protocol exploit and the Kelp DAO exploit “commingled suggesting potential overlap between the attackers for both incidents.”

There were concerns regarding the Humanity Protocol about “insider supply control and active market making tactics on CEXs where the exploit coincided shortly before investor unlocks, the investigator writes.

Latest Stories

3 min read • 42 minutes ago

This XRP ETF Milestone Could Be a Turning Point

3 min read • 2 hours ago

Michael Saylor Hints at Another Bitcoin Purchase With ‘More Charts’ Post

3 min read • 2 hours ago

A Busy Week Ahead: What Could Trigger the Next Market Move?

Read all latest stories →

“However I believe the new evidence from above rules out insiders as being behind the exploit.”

The two hacks

On April 18, 2026, some $292 million was stolen from Kelp DAO’s LayerZero bridge due to compromised infrastructure. LayerZero said the exploit didn’t come from a bug in its protocol but from how Kelp DAO configured its security. It’s widely believed that the infamous North Korean government-linked Lazarus Group was the attacker.

The attacker then used a significant portion of those funds as collateral on Aave V3 to borrow legitimate assets, leaving the protocol exposed to an estimated $124 million to $230 million in potential bad debt.

By late April, the Kelp DAO exploiter fully exited Ethereum exposure, swapping 75,701 ETH worth roughly $175 million into Bitcoin.

Meanwhile, on June 9, 2026, $32 million was taken from Humanity Protocol team addresses and deployer. This happened after a developer’s device was compromised. Humanity founder Terence Kwok said that “we’ve detected a security incident involving the compromise of private keys belonging to a member of the Humanity Foundation.”

At the time, ZachXBT questioned whether the incident was solely the result of stolen private keys and suggested the possibility of involvement of a market maker or insider. He stated that he wasn’t buying the team’s version of events and described the explanation as convenient.

Based on the investigation above, this doesn’t seem to be the case, he found.