Arbitrum Freezes $71M in Kelp DAO Exploit Funds
Arbitrum's Security Council froze 30,766 ETH ($71M) linked to the $292M Kelp DAO exploit, moving funds to a governance-controlled wallet. The action followed law enforcement input and recovers about a quarter of the stolen rsETH, intensifying the blame game between Kelp and LayerZero.
Quick Take
Arbitrum Security Council froze $71M in ETH from Kelp DAO bridge exploit.
The exploit drained $292M in rsETH via compromised verifier infrastructure.
LayerZero attributes the attack to North Korea's Lazarus Group.
Freeze recovers ~25% of funds, escalating Kelp-LayerZero dispute.
Market Impact Analysis
BearishSecurity exploit on a major restaking token undermines confidence in DeFi and bridge security, but quick governance action limits downside.
Speculation Analysis
Key Takeaways
- Arbitrum's Security Council froze $71 million in ETH connected to the Kelp DAO exploit, transferring 30,766 ETH to a governance-controlled wallet.
- The exploit drained $292 million in rsETH after attackers compromised verifier infrastructure on Kelp's LayerZero-powered bridge.
- LayerZero preliminarily attributes the breach to North Korea's Lazarus Group, while the freeze escalates the dispute between Kelp and LayerZero over responsibility.
- The action recovers about one-quarter of the stolen liquid restaking tokens, with further clawbacks dependent on where remaining funds moved.
What Happened
Arbitrum's Security Council moved 30,766 ETH — worth $71 million — to an intermediary wallet late Monday, freezing assets linked to the massive Kelp DAO exploit. The funds, now under governance control, can only be released through further Arbitrum DAO action. The council acted on law enforcement input identifying the exploiter, executing the freeze without disrupting users or applications.
The move recovers roughly one-quarter of the $292 million in rsETH drained from Kelp's LayerZero-powered bridge on Saturday. Attackers exploited compromised verifier infrastructure to pull 116,500 rsETH, a liquid restaking token. The frozen ether is no longer accessible to the address that held it, though the remaining stolen funds remain at large.
The Numbers
The Kelp DAO exploit ranks among the largest DeFi thefts of 2025, with $292 million in rsETH siphoned in a single transaction. Arbitrum's freeze reclaims 30,766 ETH ($71 million), cutting the outstanding loss by about 25%. The transfer completed at 11:26 p.m. ET on April 20, according to the Arbitrum Foundation. While $71 million is a significant recovery, over $220 million in assets remain unaccounted for, depending on how the attacker routed the funds across chains.
Why It Happened
The exploit stemmed from a critical failure in Kelp's verifier infrastructure, which underpins its LayerZero-powered bridge. When those verifiers were compromised, the attacker gained the ability to drain rsETH at scale. LayerZero swiftly attributed the attack with “preliminary confidence” to the Lazarus Group, a North Korean state-backed hacking collective notorious for crypto heists.
Arbitrum's Security Council, a body of elected signers with emergency powers, intervened after receiving law enforcement intelligence on the exploiter. Such governance-level freezes are rare and controversial — they inject discretionary control into permissionless networks. Still, the council framed the action as protective, avoiding harm to Arbitrum users while clawing back funds. The freeze has sharpened the blame game between Kelp and LayerZero, as both firms face pressure to account for the security lapse.
Broader Impact
This incident sets a precedent for emergency governance actions on layer-2 networks. It tests the boundaries between decentralization and real-world liability, especially when law enforcement gets involved. For DeFi, the freeze offers a partial blueprint for mitigating hacks, but it also raises alarms about the potential for centralized overreach. The recovery provides a $71 million buffer that will shape how losses are socialized, whether through insurance, legal settlements, or treasury contributions.
What to Watch Next
- Cross-chain freezes: Whether Arbitrum's move prompts other chains with emergency powers to freeze additional stolen funds as they surface.
- Kelp's recovery plan: Details on the recovery fund, unpausing of the bridge, and legal coordination with LayerZero and law enforcement.
- LayerZero's response: If the bridging protocol implements security upgrades or publicly addresses responsibility, given the attribution to Lazarus Group.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
