Privacy-focused crypto protocol Umbra has taken its front-end website offline after hackers used the platform to move funds tied to recent major exploits. The team announced the decision on X (formerly Twitter) on April 22, 2026, stating it is aware that approximately $800,000 in stolen funds was routed through its protocol.
The move comes just days after the Kelp protocol was exploited for over $280 million, an attack suspected to have been carried out by North Korean hackers linked to the Lazarus Group. Reports indicate that the exploiter attempted to use Umbra to bridge funds from Ethereum to Bitcoin, as North Korean hacking groups are heavily sanctioned by the US.
Umbra placed its hosted front end into maintenance mode and said it will restore access “as soon as we are assured that doing so won't create obstacles to the current recovery efforts.” However, the team emphasized that the protocol’s smart contracts remain live onchain and cannot be disabled. Users can still access the open-source code through local or self-hosted versions. Umbra added there is “nothing we can do” to stop alternative access methods.
Umbra also argued that its protocol is designed to protect the identity of the receiver, not the sender, making it ineffective for hackers trying to obscure their money trail. “All the stolen funds moved through the protocol can be identified, and we have been in touch with security researchers who are involved,” the team stated.
Roman Storm, co-founder of the crypto mixer Tornado Cash, cautioned that Umbra’s action may not be enough to avoid legal scrutiny. Storm, who was convicted in August of conspiring to operate an unlicensed money transmitting business, said prosecutors in his case viewed front-end control as proof of full protocol control. “If you can make changes to the user interface, including further updates through new builds on IPFS, then you are in full control,” Storm warned.
The incident adds to growing pressure on DeFi platforms and privacy tools, as the crypto market also reacted to another exploit: Volo Protocol, a liquid staking platform on Sui, lost about $3.5 million from its WBTC, XAUm, and USDC vaults, freezing affected vaults and recovering $500,000.
