TLDR
- Emergency governance action secured 30,766 ETH (approximately $71 million) connected to the Kelp DAO security breach
- Assets were transferred to a governance-managed address, preventing attacker access
- The secured amount represents approximately 25% of the total $292 million theft that occurred Saturday
- LayerZero has indicated with preliminary confidence that North Korea’s Lazarus Group orchestrated the attack
- A supermajority of council members—nine out of twelve—approved the emergency freeze following extensive deliberation
In an unprecedented emergency response on Monday evening, Arbitrum’s Security Council authorized the freezing of 30,766 ETH valued at roughly $71 million that was traced to the Kelp DAO security breach. The cryptocurrency has been relocated to a governance-controlled intermediary address that requires additional community approval for any future access.
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times,…
— Arbitrum (@arbitrum) April 21, 2026
The freezing action received official confirmation at 11:26 p.m. Eastern Time on April 20. The compromised wallet that initially contained the stolen assets can no longer access these funds.
This intervention follows Saturday’s exploitation of Kelp DAO’s bridge infrastructure, which operates on LayerZero technology. The breach occurred on April 19 when attackers successfully extracted 116,500 rsETH by exploiting vulnerabilities in the verifier system. Industry estimates place total damages between $292 and $293 million.
rsETH functions as a liquid restaking token provided by Kelp DAO. The token serves as proof of a participant’s staked ethereum holdings within the protocol.
LayerZero, the technology provider whose infrastructure was compromised, has stated with preliminary certainty that the notorious Lazarus Group from North Korea executed the breach. The company has remained silent regarding Arbitrum’s fund-freezing decision.
The secured $71 million constitutes roughly one-quarter of the complete stolen amount. This represents the most significant single asset recovery effort undertaken in response to the incident.
How the Freeze Was Decided
Arbitrum’s Security Council comprises 12 community-elected members who possess emergency authorization powers for critical situations. The freezing measure passed with nine affirmative votes.
Security Council member Griff Green emphasized the gravity of their choice, stating the group “did not make this decision lightly,” and referenced “countless hours of debates, technical, practical, ethical and political.” The council also disclosed consultation with law enforcement agencies during their deliberation process.
Arbitrum has verified that the freezing action exclusively targeted the compromised funds without impacting other network participants or decentralized applications.
Controversy Over the Freeze
The emergency action has sparked debate within the cryptocurrency community. Numerous users on X have raised concerns about whether this intervention compromises Arbitrum’s commitment to decentralization. Detractors contend that council-mandated asset freezes contradict fundamental blockchain principles of permissionless operation.
Advocates for the intervention argue it safeguards community members and preserves network credibility.
The freeze intensifies the ongoing disagreement between Kelp DAO and LayerZero regarding liability for the security failure. With $71 million now secured, future negotiations about loss distribution have a significant buffer before considering insurance claims, legal proceedings, or treasury allocations.
The perpetrators additionally leveraged stolen Kelp tokens as collateral for cryptocurrency loans on Aave, a decentralized lending protocol, generating bad debt throughout the broader DeFi lending ecosystem.
Kelp DAO has announced collaboration with ecosystem stakeholders to establish a recovery fund while assessing options for loss distribution and legal coordination strategies.
The possibility of securing additional stolen assets hinges on tracking the attacker’s asset movements and whether other blockchain networks with comparable emergency governance mechanisms implement similar interventions.
