Umbra pulls its hosted front end after hackers route stolen funds through protocol
Privacy-focused crypto tool Umbra has taken its hosted front end offline after investigators found roughly $800,000 in stolen funds passed through the protocol while attackers moved loot from recent high‑profile exploits. The team said the maintenance-mode shutdown is intended to make it harder for bad actors to use Umbra’s hosted interface while tracing and recovery work continues.
Umbra announced the decision on X on Tuesday, saying the step followed reports that funds tied to “high‑profile hacks” had been routed through its system. The team stressed that the move only affects Umbra’s hosted website; the protocol’s smart contracts remain live onchain and cannot be disabled by the project. Users can still run the open‑source front end locally or self‑host versions, and the team acknowledged there is “nothing we can do” to stop those alternative access methods.
The project clarified how its privacy design works: Umbra’s privacy features obscure the identity of the receiver, not the sender, and the team argued the protocol is not an effective tool for hiding the origin of stolen funds. “All the stolen funds moved through the protocol can be identified, and we have been in touch with security researchers who are involved,” Umbra said, adding it is cooperating with those working on recovery and tracing.
The action comes days after the Kelp exploit, a drain of more than $280 million that investigators have linked to North Korea’s Lazarus Group. Reports suggest Umbra was one of the tools the exploiter attempted to use while converting assets from Ether to Bitcoin. The use of privacy and mixing tools to obfuscate flows has put extra pressure on crypto teams and compliance efforts as major hacks continue to surface.
Not everyone believes pulling a hosted front end will shield teams from legal scrutiny. Roman Storm, co‑founder of Tornado Cash, warned that prosecutors have previously treated control of a front end as evidence of control over a protocol. “Prosecutors in my case called me a liar when I said that I can’t control Tornado Cash,” he said, arguing that the ability to alter a user interface — including updates via IPFS — can be construed as full control. His comments underscore the growing legal debate about developer responsibility for open‑source crypto tools.
Umbra’s decision to disable its hosted interface highlights the limited but immediate steps projects can take to disrupt attacker workflows, even when core contracts are immutable. That response arrives amid a broader wave of exploits: around the same time, Volo Protocol — a liquid staking platform on Sui — reported a loss of roughly $3.5 million from its WBTC, XAUm and USDC vaults. Volo said it froze the affected vaults, coordinated with the Sui Foundation and partners, recovered about $500,000, and will absorb the losses rather than pass them on to users.
As hacks keep routing stolen assets across decentralized rails, DeFi projects face rising pressure to act quickly and transparently when illicit funds start moving. Umbra’s front‑end shutdown is a snapshot of the tradeoff teams confront: they can take down centralized interfaces to slow attackers, but cannot fully disable decentralized, onchain tools.
Read more AI-generated news on: undefined/news
