Privacy-focused crypto protocol Umbra has placed its front end website into maintenance mode after discovering that hackers were using the service to move stolen funds linked to recent high-profile attacks. The protocol confirmed that approximately $800,000 in stolen assets had been transferred through its system, prompting immediate action to limit misuse.
The decision follows the major Kelp protocol exploit, which resulted in losses exceeding $280 million and is widely suspected to be linked to North Korean hacking groups. Reports indicated that attackers attempted to route funds through Umbra while bridging assets from Ether to Bitcoin. Umbra stated that its hosted interface will remain offline until recovery efforts are complete and authorities confirm it will not hinder investigations.
Limits of Control Over Open-Source Smart Contracts
Despite shutting down its public interface, Umbra acknowledged it cannot prevent users from interacting directly with its smart contracts or running locally hosted versions of its open-source front end. The team emphasized that decentralization limits direct intervention once contracts are deployed on-chain.
Roman Storm, co-founder of Tornado Cash, warned that pausing a front end may not satisfy regulators. He referenced his own legal case, where prosecutors argued that modifying user interfaces could be interpreted as exercising control over an entire protocol.
Protocol Transparency and Ongoing Security Cooperation
Umbra clarified that its system primarily protects the identity of recipients rather than senders, meaning transaction trails remain traceable. The team added that all stolen funds routed through its network can still be identified and that it is actively coordinating with security researchers to support ongoing recovery and investigation efforts.
Disclaimer
This content is for informational purposes only and does not constitute financial, investment, or legal advice. Cryptocurrency trading involves risk and may result in financial loss.