Privacy-focused crypto protocol Umbra has taken its front-end website offline after hackers used the platform to move funds tied to recent major exploits. 

The team said the move is meant to make it harder for attackers to use the hosted interface while recovery efforts continue.

Umbra said it is aware that about $800,000 in stolen funds passed through its protocol. The project placed its hosted front end into maintenance mode and said it will restore access once it is sure the site will not interfere with ongoing efforts to trace and recover assets.

Umbra takes site offline

Umbra announced the decision in a post on X on Tuesday. The team said the step followed reports that funds from recent “high-profile hacks” had moved through the protocol.

The project said it acted after learning that stolen crypto had been routed through its system. It said taking down the hosted interface was one way to slow activity linked to the attackers while investigators work on recovery.

Umbra also said the shutdown only affects its own front end. The team made clear that the protocol’s smart contracts remain live onchain and cannot be disabled by the project.

It added that users can still access the open-source code through local or self-hosted versions. Umbra said there is “nothing we can do” to stop those alternative methods of access.

Protocol says its design does not hide the sender

Umbra said its privacy features protect the identity of the receiver, not the sender. The team argued that the protocol is not an effective tool for criminals trying to hide the source of stolen money.

In its statement, Umbra said, ”All the stolen funds moved through the protocol can be identified, and we have been in touch with security researchers who are involved.” The team said it is cooperating with those working on the case.

The move came days after the Kelp exploit, which saw more than $280 million drained from the protocol. Reports have pointed to Umbra as one of the tools the exploiter tried to use while moving assets from Ether to Bitcoin.

Investigators have linked the Kelp exploit to North Korea’s Lazarus Group. That group remains under heavy US sanctions, and crypto firms have been taking steps to block or slow its attempts to move stolen assets.

Roman Storm says front-end pause may not satisfy authorities

Roman Storm, co-founder of Tornado Cash, said Umbra’s action may not be enough to shield the project from legal pressure. He argued that prosecutors have previously treated front-end control as proof of protocol control.

Storm said, ”Prosecutors in my case called me a liar when I said that I can’t control Tornado Cash.” He added that authorities may view changes to a front end as control over the full system.

He also said, ”If you can make changes to the user interface, including further updates through new builds on IPFS, then you are in full control.” His comments reflect the legal debate around open-source crypto tools and how much responsibility developers carry.

That debate has grown as more hacks move through public blockchain infrastructure. Umbra’s response shows how teams are trying to limit misuse, even when they cannot fully shut down decentralized tools.

DeFi security pressure rises after another exploit

The Umbra action came as the crypto market was already reacting to another exploit. Volo Protocol, a liquid staking platform on Sui, said it lost about $3.5 million from its WBTC, XAUm, and USDC vaults.

Volo said it froze the affected vaults, alerted the Sui Foundation and ecosystem partners, and later froze $500,000 in exploited assets. The team also said it plans to absorb the losses rather than pass them to users.

The two cases add to growing pressure on DeFi platforms and related tools. Projects are facing closer attention over how fast they respond when stolen funds begin moving across the market.