Bootstrap Gallery
  1. Home
  2. Markets

Arbitrum Secures $71 Million in Ether Linked to Kelp DAO Exploit

A significant portion of the funds stolen from Kelp DAO is now frozen. On Monday night, Arbitrum's Security Council took decisive action, locking down approximately $71 million worth of ether by moving 30,766 ETH into a special intermediary wallet. This wallet can only be accessed through additional governance measures. The funds in question are linked to the recent $292 million rsETH exploit that occurred on Saturday. rsETH is a token representing a user's stake in restaked ether, issued by KelpDAO. The Security Council's swift action was taken with input from law enforcement, who have identified the exploiter. The council ensured that the freeze did not affect any users or applications on Arbitrum. The transfer was completed at 11:26 p.m. ET on April 20, as announced by Arbitrum on X. The stolen funds are no longer controlled by the original address. This move recovers about a quarter of the total amount drained from Kelp's LayerZero-powered bridge on Saturday, when attackers exploited a vulnerability in the verifier infrastructure, pulling out 116,500 rsETH. LayerZero has preliminarily attributed the attack to North Korea's Lazarus Group. As a layer-2 blockchain, Arbitrum processes transactions at a lower cost and settles them on the main Ethereum chain. Its Security Council has the emergency power to intervene in such scenarios, although such actions are rare and can be controversial due to the discretionary control they introduce over user funds. The freeze provides Kelp with a partial recovery option, in addition to any further actions law enforcement and chain-tracing firms may take. It also escalates the dispute between Kelp and LayerZero over who is responsible for the exploit, as the $71 million offset could impact the socialization of remaining losses. Kelp is working with ecosystem partners on a recovery fund and considering next steps, including unpausing, loss socialization, and legal coordination. The possibility of freezing more stolen funds depends on the attacker's movements of rsETH or its derivatives and whether other chains will take similar action.