TLDR
- Emergency action by Arbitrum’s Security Council secured 30,766 ETH (approximately $71 million) associated with the Kelp DAO breach
- Assets were transferred to a governance-controlled address, blocking the hacker’s access
- This recovery represents approximately 25% of the total $292 million taken during Saturday’s attack
- North Korea’s Lazarus Group has been identified as the likely perpetrator by LayerZero, the bridge provider
- The emergency measure passed with nine affirmative votes from the 12-member council following extensive deliberation
In an emergency response Monday evening, Arbitrum’s Security Council successfully locked down 30,766 ETH valued at roughly $71 million linked to the Kelp DAO security breach. The cryptocurrency has been relocated to an intermediary address that requires additional governance approval for any movement.
Confirmation of the asset freeze arrived at 11:26 p.m. ET on April 20. The compromised ether can no longer be touched by the wallet that previously controlled it.
This intervention follows Saturday’s attack on Kelp DAO’s bridge infrastructure, which operates on LayerZero technology. The breach occurred on April 19 when malicious actors extracted 116,500 rsETH through compromised verification systems. Financial damages from the incident total between $292 and $293 million.
rsETH functions as a liquid restaking token created by Kelp DAO. The token signifies a holder’s staked ethereum allocation within the network.
LayerZero, which provides the bridge technology at the center of the incident, has stated with preliminary certainty that North Korea’s Lazarus Group orchestrated the attack. The company has remained silent regarding the Arbitrum asset freeze.
The secured $71 million accounts for roughly one-fourth of the overall stolen amount. This marks the most substantial single recovery effort undertaken in reaction to the security breach.
How the Freeze Was Decided
Arbitrum’s Security Council consists of 12 elected representatives from the Arbitrum community. The body maintains emergency authority for critical situations like this breach. The asset freeze received approval from nine council members.
Council representative Griff Green stated the group approached this decision with great care, acknowledging there were “countless hours of debates, technical, practical, ethical and political.” The council emphasized that law enforcement provided input during their deliberations.
Arbitrum verified that the freeze targeted only the specific compromised funds and left all other network users and applications unaffected.
Controversy Over the Freeze
The council’s action has sparked pushback from segments of the cryptocurrency community. Several voices on X have raised concerns about whether the freeze compromises Arbitrum’s decentralized nature. Detractors contend that immobilizing assets through council authority conflicts with fundamental blockchain principles of permissionless operation.
Those defending the intervention point to user protection and network stability as justification.
The freeze intensifies an ongoing disagreement between Kelp DAO and LayerZero regarding accountability for the breach. With $71 million now secured, any subsequent loss-sharing negotiations begin with a partial recovery already in place, potentially reducing the need for insurance claims, legal proceedings, or treasury allocations.
The perpetrators leveraged stolen Kelp tokens as collateral to obtain additional cryptocurrency through Aave, a lending platform, generating bad debt that rippled across the broader DeFi lending ecosystem.
Kelp DAO has announced ongoing collaboration with ecosystem partners to establish a recovery fund while evaluating options for loss distribution and legal coordination.
The possibility of freezing additional stolen assets hinges on tracking the attacker’s fund movements and whether other blockchain networks with comparable emergency mechanisms choose to intervene.
