- $71 million in ETH frozen on Arbitrum following a crypto exploit
- Aave requests court to lift freeze or require $300 million bond
- Hack linked to Kelp DAO’s rsETH token involving about $290 million
- Plaintiffs claim North Korea connection via Lazarus Group
- “DeFi United” recovery effort raised over $300 million
Legal Dispute Over Frozen Arbitrum Funds
A case in a U.S. federal court is examining whether funds recovered after a hack can be redirected away from affected users. Aave has asked a federal court in New York to unblock approximately $71 million in cryptocurrency frozen on the Arbitrum network.
Aave LLC has filed an emergency motion to vacate a restraining notice served on Arbitrum DAO on May 1, 2026 that attempts to seize approximately $71 million in ETH belonging to victims of the April 18 exploit.
A thief does not gain lawful ownership of stolen property simply by… pic.twitter.com/NwgKIdU1L7
— Aave (@aave) May 4, 2026
In a memorandum filed Monday, Aave stated that the court-ordered freeze is preventing the return of funds recovered after an exploit tied to Kelp DAO’s rsETH token. The company requested either the immediate lifting of the freeze or that plaintiffs post a bond of at least $300 million if the freeze remains. Aave argued that the funds belong to its users and not to any attacker. The filing stated that recovery efforts, described as “DeFi United,” involved multiple decentralized finance communities working to restore assets and system stability.
Delay Could Cause Irreparable Harm to Aave and Crypto Ecosystem
Aave argued that if the court upholds Gerstein Harrow’s notice, it could deter future recovery efforts for North Korea-related hacks due to the possibility of additional legal challenges in recovering funds. The company further stated that such a precedent could incentivize bad actors to target more crypto protocols.
Aave’s lawyers also warned that the delay is causing irreparable harm to the protocol, its users, and the wider DeFi community, “none of which can be later cured by monetary damages.”
They added that if the situation continues: If the immobilized assets remain subject to a freeze and are not made available to restore value to Aave protocol users, the entire DeFi ecosystem risks being destabilized, Aave’s lawyers said.
“While Aave protocol users cannot retrieve their assets from the Aave protocol, if those assets were being used for collateral for other positions elsewhere then continued restraint on the immobilized assets may render those users unable to meet their related collateral obligations.”
Aave further challenged the plaintiffs’ claims: “Plaintiffs in this case showed up, contending – based on conjecture from posts on the internet – that the thief was North Korea, and that by stealing the assets for a few hours, North Korea somehow became the rightful owner of those assets such that Plaintiffs here could restrain them for their own purposes,” lawyers for Aave said.
“The immobilized assets do not belong to North Korea or any affiliated entities. Instead, the immobilized assets belong to the users of the Aave protocol who were victimized when a third-party thief effectively stole their assets during a cyber exploit April 18, 2026.”
Background of the Kelp DAO Exploit
The dispute originates from an April hack involving Kelp DAO, a platform allowing users to stake Ethereum and receive rsETH tokens. Attackers manipulated a system that transfers tokens across blockchains, created fake rsETH, and used it to borrow approximately $290 million.
The impact spread quickly as users withdrew funds, liquidity declined, and lending pools were rapidly exhausted. Billions of dollars exited the platform within a short period, and some users were unable to access their deposits. Following the exploit, Arbitrum’s Security Council froze about 30,766 ETH, valued at roughly $71 million, and placed the assets under governance control. These funds are now central to the ongoing legal proceedings.
Claims, Recovery Efforts, and Legal Questions
Plaintiffs holding unpaid judgments against North Korea argue that the attacker is likely linked to the Lazarus Group. Based on this claim, they assert that the frozen assets can be treated as North Korean property and seized. Aave rejected this argument, stating that the funds belong to users who are not connected to any alleged wrongdoing. The filing emphasized that these users have no known relationship to North Korea.
In parallel, Aave and other organizations, including Consensys, Lido, Compound, and the Avalanche Foundation, launched a recovery initiative called “DeFi United.” The effort raised more than $300 million to restore rsETH value and address losses.
The filing also raised questions about whether Arbitrum DAO can be treated as a legal entity capable of being served in the manner attempted by plaintiffs. This issue may affect how the case proceeds. Attorneys for the plaintiffs stated that the restraining notice against Arbitrum DAO is not intended to support recovery efforts but instead has the opposite effect.
FAQs
1. Why were $71 million in ETH frozen on Arbitrum?
The funds were frozen following a crypto exploit linked to Kelp DAO’s rsETH token. Arbitrum’s Security Council placed the assets under control to prevent further losses and stabilize the ecosystem.
2. What is Aave requesting from the court?
Aave has asked the court to either lift the freeze on the funds or require plaintiffs to post a bond of at least $300 million if the freeze remains in place.
3. What is the connection to North Korea and the Lazarus Group?
Plaintiffs claim the attacker may be linked to North Korea’s Lazarus Group and argue the frozen funds could be treated as North Korean property. Aave disputes this claim, stating the assets belong to its users.
4. What is the “DeFi United” recovery effort?
“DeFi United” is a joint initiative by Aave and other crypto organizations to restore losses from the exploit. The effort has raised over $300 million to support affected users and stabilize the protocol.
Source: CourtListener
