Arbitrum Secures $71 Million in Ether Linked to Kelp DAO Exploit

Following the recent Kelp DAO exploit, Arbitrum's Security Council has successfully frozen a significant portion of the stolen funds. On Monday night, the council secured 30,766 ETH, valued at approximately $71 million, by moving it to an intermediary wallet that can only be accessed through additional governance measures. This decisive action was taken in response to the $292 million rsETH exploit that occurred on Saturday. The rsETH token, issued by KelpDAO, represents a user's stake in restaked ether. The Security Council's swift response was facilitated by input from law enforcement regarding the exploiter's identity, ensuring that the freeze was executed without impacting any Arbitrum users or applications. The transfer was completed at 11:26 p.m. ET on April 20, according to Arbitrum's statement. This move has recovered roughly a quarter of the total amount drained from Kelp's LayerZero-powered bridge, which was compromised by attackers who exploited vulnerable verifier infrastructure. The stolen funds are no longer under the control of the original address. Arbitrum, a layer-2 blockchain built on top of Ethereum, has a Security Council with emergency powers to take protective action in such scenarios. However, governance-level interventions on user funds are rare and can be controversial due to the introduction of discretionary control over an otherwise permissionless network. The freeze provides Kelp with a partial recovery option, in addition to any further actions taken by law enforcement and chain-tracing firms. This development also escalates the ongoing dispute between Kelp and LayerZero over responsibility for the exploit, as any broader socialization of remaining losses now has a $71 million offset to consider before legal coordination, insurance, or treasury contributions come into play. Kelp is currently coordinating with ecosystem partners on a recovery fund and weighing next steps on unpausing, loss socialization, and legal coordination with affected counterparties. The possibility of freezing additional stolen funds depends on the attacker's movements of rsETH or its derivatives and whether other chains with similar emergency powers choose to act on their portions of the flow.