Arbitrum Secures $71 Million in Ether Linked to Kelp DAO Exploit

A significant portion of the Kelp DAO exploit funds has been immobilized. On Monday night, Arbitrum's Security Council took action to freeze approximately $71 million worth of ether, totaling 30,766 ETH, associated with Saturday's $292 million rsETH exploit. This frozen amount has been moved to an intermediary wallet, which can only be accessed through additional Arbitrum governance measures. The rsETH token, issued by KelpDAO, represents a user's stake in restaked ether. Following input from law enforcement regarding the exploiter's identity, the Security Council executed the freeze without disrupting any Arbitrum users or applications. According to Arbitrum's statement, the transfer was completed at 11:26 p.m. ET on April 20, and the stolen funds are no longer under the control of the original address. This move recovers about a quarter of the total amount drained from Kelp's LayerZero-powered bridge on Saturday, when attackers exploited compromised verifier infrastructure to pull 116,500 rsETH. The incident has been attributed to North Korea's Lazarus Group with preliminary confidence by LayerZero. As a layer-2 blockchain, Arbitrum processes transactions more affordably and settles them back to the main chain. Its Security Council, comprising elected signers with emergency powers, took protective action in this scenario. However, interventions on user funds at the governance level remain rare and contentious due to the introduction of discretionary control over an otherwise permissionless network. The freeze provides Kelp with a partial recovery option, in addition to potential recoveries by law enforcement and chain-tracing firms. This development also escalates the ongoing dispute between Kelp and LayerZero regarding responsibility for the exploit, as any broader socialization of remaining losses now has a $71 million offset before legal coordination, insurance, or treasury contributions come into play. Kelp is coordinating with ecosystem partners on a recovery fund and evaluating next steps on unpausing, loss socialization, and legal coordination with affected counterparties, while LayerZero has not publicly commented on the Arbitrum freeze. The possibility of freezing more stolen funds depends on the attacker's movements of rsETH or its derivatives before consolidation and whether other chains with similar emergency powers choose to act on their portions of the flow.