Arbitrum Security Council Freezes $71 Million in Ether Linked to Kelp DAO Exploit

A significant portion of the funds stolen from Kelp DAO is now frozen. The Arbitrum Security Council took decisive action on Monday, relocating 30,766 ETH, worth around $71 million, to a secure wallet that can only be accessed through further governance action. This move comes after the recent $292 million rsETH exploit, where rsETH, a liquid restaking token representing a user's position in restaked ether, was compromised. The council acted based on input from law enforcement regarding the exploiter's identity, ensuring that no Arbitrum users or applications were impacted. The transfer was completed on April 20 at 11:26 p.m. ET, according to Arbitrum's statement, and the stolen funds are no longer controlled by the original address. This action recovers about a quarter of the total amount drained from Kelp's LayerZero-powered bridge on Saturday. The exploit, attributed to North Korea's Lazarus Group, resulted in the theft of 116,500 rsETH. Arbitrum, a layer-2 blockchain, has a Security Council with emergency powers to take protective action in such scenarios. However, interventions on user funds are rare and controversial. The freeze provides Kelp with a partial recovery option, in addition to any further actions by law enforcement and chain-tracing firms. It also escalates the dispute between Kelp and LayerZero over responsibility for the exploit, as any broader socialization of remaining losses now has a $71 million offset. Kelp is coordinating with ecosystem partners on a recovery fund and weighing next steps, while LayerZero has not publicly commented on the Arbitrum freeze. The ability to freeze more stolen funds depends on the attacker's movements of rsETH or its derivatives and whether other chains with similar emergency powers choose to act.