Arbitrum Secures $71 Million in Ether Linked to Kelp DAO Exploit

Following a significant exploit, a substantial portion of the stolen funds from the Kelp DAO incident have been frozen. Arbitrum's Security Council took swift action, moving approximately $71 million worth of ether (30,766 ETH) into a secure, intermediary wallet on Monday. This wallet can only be accessed through additional governance measures, effectively putting the funds on hold. The exploit in question involved the theft of $292 million in rsETH, a liquid restaking token representing a user's position in restaked ether. The Security Council's decision was made with input from law enforcement, who provided information regarding the exploiter's identity. The freeze was executed without disrupting any Arbitrum users or applications. According to Arbitrum, the transfer was completed at 11:26 p.m. ET on April 20. This action recovers about a quarter of the total amount stolen from Kelp's LayerZero-powered bridge on Saturday. The attackers had exploited compromised verifier infrastructure to pull 116,500 rsETH, with preliminary confidence attributing the attack to North Korea's Lazarus Group. As a layer-2 blockchain, Arbitrum processes transactions more efficiently and settles them on the main Ethereum chain. Its Security Council has emergency powers to intervene in such situations, although governance-level interventions on user funds are rare and can be contentious due to the introduction of discretionary control. The freeze provides Kelp with a partial recovery option, in addition to any further recoveries by law enforcement and chain-tracing firms. This development also heightens the ongoing dispute between Kelp and LayerZero over responsibility for the exploit, as any broader distribution of remaining losses now has a $71 million offset before considering legal action, insurance, or treasury contributions. Kelp is currently coordinating with ecosystem partners on a recovery fund and exploring next steps, including the possibility of unpausing, loss socialization, and legal coordination with affected parties. The potential for freezing more stolen funds depends on the attacker's subsequent movements of rsETH or its derivatives and whether other chains with similar emergency powers choose to act.