Kelp DAO experienced a significant security breach on April 18, resulting in the theft of approximately $292 million in assets. The attackers, identified as the North Korean Lazarus group, utilized a sophisticated money laundering process to obscure the stolen funds. Initially, they prepared infrastructure using Tornado Cash to anonymize transactions and pre-fund wallets for gas fees. The attack exploited a vulnerability in Kelp's cross-chain contract, allowing the transfer of 116,500 rsETH to the attackers. Following the theft, the attackers quickly converted the stolen rsETH into liquid assets using DeFi lending protocols like Aave and Compound. They deposited the rsETH as collateral and borrowed ETH, effectively laundering $292 million in tagged assets into $190 million in clean Ethereum. The funds were then fragmented and dispersed across multiple wallets, utilizing cross-chain swaps via THORChain and other privacy protocols to further obscure their trail. Ultimately, the laundered funds were converted into USDT on the Tron network and cashed out through over-the-counter brokers, evading detection and sanctions. This incident highlights the challenges in preventing and tracing crypto money laundering, as the attackers exploited the open and composable nature of DeFi systems. The Kelp DAO hack serves as a stark reminder of the vulnerabilities within the crypto ecosystem and the sophisticated methods employed by cybercriminals to launder stolen assets.