Umbra disables hosted front end after $800K was routed
Umbra took its hosted front end offline after roughly $800,000 tied to the Kelp exploit moved through the protocol, and will restore it when it won’t impede recovery work.
Umbra put its hosted front end into maintenance mode after learning roughly $800,000 in stolen funds linked to the recent Kelp exploit had been routed through the protocol. The team said the site will be restored when doing so will not create obstacles to ongoing recovery efforts.
The protocol’s smart contracts remain on-chain and open source. Users can still interact with Umbra by running a local or self-hosted copy of the front end, and the team noted it cannot technically stop people from using the contracts directly.
The Kelp exploit involved more than $280 million in stolen assets and has been connected by investigators to suspected North Korean actors. Reports indicate the exploiter attempted to bridge funds from Ether to Bitcoin using multiple services, with Umbra identified among the protocols used in some transfers. U.S. sanctions restrict entities tied to North Korea, and multiple security teams and platforms have been tracing, freezing or otherwise attempting to impede the flow of those funds.
Umbra described the protocol as protecting the identity of receivers, not senders, and said the transactions that moved the stolen funds are identifiable. Umbra wrote on X, “All the stolen funds moved through the protocol can be identified, and we have been in touch with security researchers who are involved.”
Roman Storm, a co-founder of the crypto mixer Tornado Cash, warned that disabling a hosted front end may not shield developers or operators from legal scrutiny. Storm was convicted in August of conspiring to operate an unlicensed money transmitting business and was acquitted on a separate charge of conspiring to violate U.S. sanctions. He told reporters prosecutors in his case treated control of a front end as evidence of control over the entire protocol and added, “If you can make changes to the user interface, including further updates through new builds on IPFS, then you are in full control.”
Umbra said the maintenance action is intended to reduce the convenience of a centralized pathway for moving funds while letting the protocol’s smart contracts remain available on-chain. The team said it is coordinating with security researchers and recovery efforts as work continues.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
