BREAKING: $71M Stolen by Kelp DAO Hackers? Wait… It’s Actually a Good Thing!

by

In a stunning twist that would make even the most jaded Hollywood producer weep, the Arbitrum DAO has taken a giant leap toward… well, not exactly “unlocking” but more like “releasing” $71 million that was… um… frozen? Because nothing says “financial freedom” like a multisig wallet managed by Aave Labs, Kelp DAO, Certora, and EtherFi. Who needs a plan when you’ve got a 3-of-4 Gnosis Safe?!

  • More than 90% of Arbitrum DAO voters backed the proposal to release $71 million in frozen ETH tied to the Kelp DAO exploit. Because who wouldn’t want to give away $71 million to a group that includes Aave Labs, Kelp DAO, Certora, and EtherFi? Sure, why not!
  • The proposed recovery plan would move 30,765 ETH into a multisig wallet managed by Aave Labs, Kelp DAO, Certora, and EtherFi. Because nothing says “trust” like a 3-of-4 signature requirement. Or maybe it’s just a fancy way of saying “we’re all in this together… or not.”

According to Snapshot voting data, more than 90.5% of participating voting power backed the proposal before the voting window was scheduled to close Thursday at 6:54 pm UTC, with 173.9 million ARB tokens cast in favor. Around 18.1 million ARB, representing 9.4% of the vote, abstained, while fewer than 2,000 ARB tokens opposed the measure. Because nothing says “democracy” like 9.4% of voters being too busy to care.

Co-authored by Aave Labs, Kelp DAO, LayerZero, EtherFi, and Compound, the proposal would release 30,765 ETH that Arbitrum’s Security Council froze on April 21 after the attacker behind the Kelp DAO exploit moved assets onto Arbitrum One. At current prices, the frozen ETH is worth about $71 million. Because nothing says “security” like freezing assets and then trying to un-freeze them with a 90% majority.

Arbitrum said at the time that the Security Council acted with input from law enforcement regarding the exploiter’s identity and transferred the assets into a controlled wallet without affecting network activity or user applications. Because nothing says “transparency” like a controlled wallet that’s also a mystery box.

The latest vote advances the “DeFi United” recovery initiative toward a binding on-chain proposal that would be submitted through Tally as a Constitutional Arbitrum Improvement Proposal. If approved, the ETH would be transferred into a recovery wallet controlled through a 3-of-4 Gnosis Safe managed by representatives from Aave Labs, Kelp DAO, Certora, and EtherFi. Because nothing says “collaboration” like a 3-of-4 requirement. Or maybe it’s just a way to ensure no one person can steal the loot.

Legal claims continue hanging over frozen ETH

Court filings previously submitted in the U.S. District Court for the Southern District of New York introduced competing claims over the same funds after plaintiffs tied to unpaid terrorism-related judgments against North Korea sought to restrain any movement of the ETH. Because nothing says “international drama” like a lawsuit involving North Korea and a Lazarus Group.

Lawyers representing the plaintiffs argued that the frozen assets constituted property linked to the Democratic People’s Republic of Korea because LayerZero’s investigation had attributed the exploit to North Korea’s Lazarus Group. The filing named both Lazarus Group and APT-38 as instrumentalities of the DPRK under legal arguments tied to the Foreign Sovereign Immunities Act and the Terrorism Risk Insurance Act. Because nothing says “legal complexity” like tying a crypto hack to a sovereign state.

Gerstein Harrow LLP filed the action on behalf of Han Kim and Yong Seok Kim, whose case stems from the killing of Reverend Kim Dong-shik by North Korean agents. Combined claims tied to three separate judgments exceeded $877 million before interest, according to the filing. Because nothing says “emotional appeal” like a $877 million lawsuit over a murder.

Arbitrum DAO’s recovery proposal also included an indemnification clause drafted by Aave Labs to protect the Arbitrum Foundation, Offchain Labs, and Security Council members from claims connected to the freeze or release of the assets. Because nothing says “cover your back” like a legal clause that’s as confusing as a crypto whitepaper.

Recovery effort still faces major shortfall

Even if the governance proposal ultimately passes, the recovery plan still faces a gap of roughly 76,127 rsETH, currently valued at about $174.5 million, according to the proposal authors. Because nothing says “optimism” like a shortfall larger than the Empire State Building.

Protocols participating in the “DeFi United” initiative, including Mantle, EtherFi Foundation, Lido DAO, Ethena, Golem Foundation, Ink Foundation, LayerZero, and Tydro, have collectively pledged around 43,000 ETH worth roughly $101 million to contain fallout from the exploit and partially restore rsETH backing. Because nothing says “teamwork” like a bunch of protocols throwing money at a problem they didn’t cause.

The exploit itself drained approximately 116,500 rsETH worth nearly $292 million from Kelp DAO’s LayerZero-powered bridge on April 18. LayerZero said its investigation found that compromised RPC nodes and a 1-of-1 decentralized verifier network configuration allowed forged cross-chain messages to mint unbacked rsETH. Because nothing says “security” like a 1-of-1 verification system. Or maybe it’s just a fancy way of saying “we messed up.”

Kelp DAO disputed LayerZero’s criticism over the bridge configuration, stating that the setup followed LayerZero’s documented default deployment framework and had previously been discussed with the protocol. Because nothing says “friendly rivalry” like a DAO arguing over who’s to blame for a $292 million hack.

Read More

2026-05-08 10:57