Privacy-focused protocol Umbra announced it has disabled its hosted front end to hinder hackers who have been using the site to move funds from recent high-profile breaches. The team said it is aware that about $800,000 in stolen assets passed through its service and that the hosted front end has been put into maintenance until it can be restored without impeding ongoing recovery efforts.
The decision follows the large-scale exploitation of the Kelp protocol, which saw more than $280 million taken in an attack that observers suspect was carried out by North Korean-linked hackers. Reports indicate the exploiter attempted to use services including Umbra to bridge assets from Ether to Bitcoin. U.S. authorities have heavily sanctioned North Korean hacking groups, and multiple crypto platforms have tried to block or freeze the movement of the stolen funds.
Umbra cautioned, however, that taking down the hosted front end does not prevent anyone from interacting with its smart contracts directly or from running a local or self-hosted copy of its open-source front end. The team emphasized that Umbra’s purpose is to protect the receiver’s identity, not the sender’s, and said the stolen funds routed through the protocol can be traced. They also said they are coordinating with security researchers involved in the response.
Roman Storm, co-founder of the crypto mixer Tornado Cash, warned that disabling a front end may not shield a project from legal exposure. Storm—who was convicted in August for conspiring to operate an unlicensed money transmitting business after arguing he did not control how Tornado Cash was used—said prosecutors treated his claim of lacking control as false. He argued that authorities equate the ability to modify a user interface, including deploying updates to builds on IPFS, with control over the entire protocol.
Umbra’s removal of the hosted interface aims to hinder ease of access, but Storm’s experience suggests regulators and prosecutors may view such measures as insufficient if they believe operators can influence or control protocol access. Umbra maintains that its design does not offer anonymity for senders and that activity routed via its contracts remains identifiable as part of recovery and enforcement efforts.
Cointelegraph is committed to independent, transparent journalism and produces this report in line with its Editorial Policy; readers are encouraged to verify information independently.