Arbitrum Locks Hacker Funds After Kelp DAO Bridge Attack 

Image Credit: Shutterstock

On Monday night, Arbitrum’s Security Council froze 30,766 ETH worth approximately $71 million at the time of the freeze, moving funds linked to Saturday’s $292 million exploit of Kelp DAO’s rsETH liquid restaking token into a governance-controlled wallet. Only a further Arbitrum governance vote can unlock them.

Arbitrum Security Council Freezes $71 Million Late Monday With Law Enforcement Input

The transfer was confirmed at 11:26 p.m. ET on April 20, according to Arbitrum’s statement posted on X. Nine of the Security Council’s 12 members voted to execute the freeze. The council said it acted on law enforcement’s input regarding the exploiter’s identity and carried out the freeze “without impacting any Arbitrum users or applications.” The seized funds are no longer accessible to the address that originally held them.

The attack targeted Kelp DAO’s LayerZero-powered bridge, with attackers draining 116,500 rsETH, Kelp’s liquid restaking token, through what LayerZero described as compromised verifier infrastructure. LayerZero said in a subsequent statement it had preliminary confidence the attack was carried out by North Korea’s Lazarus Group. The attribution has not been independently confirmed by Kelp DAO or external security researchers.

Arbitrum is a layer-2 blockchain, a network built on top of Ethereum that processes transactions at a lower cost before settling them back to the main chain. Its Security Council is a body of elected signers with emergency powers to take protective action in scenarios like this one. 

The council can act quickly without a full governance vote, though any decision to distribute or return frozen funds would require one. Governance interventions over user funds are rare and have drawn criticism for giving discretionary control over a permissionless network. 

$71 Million Recovered, $221 Million Still Outstanding

The frozen ETH accounts for approximately one quarter of the total amount drained in the attack. It gives Kelp a partial recovery base, alongside whatever assets law enforcement and blockchain tracing firms may recover separately. The scale of what remains unrecovered, roughly $221 million as of 08:30 UTC on April 22, means the freeze alone does not resolve Kelp’s broader recovery challenge.

With $71 million now frozen, Kelp has a partial offset before any loss-sharing arrangements, legal action, or treasury contributions are finalized. LayerZero has not publicly commented on the Arbitrum freeze.

No Recovery Timeline Set as Kelp Negotiates With Partners and LayerZero

Kelp has said it is coordinating with ecosystem partners on a recovery fund and is weighing next steps on unpausing the protocol, loss socialization, and legal coordination with affected counterparties. The freeze introduces a concrete variable into those deliberations, but the protocol remains paused, and no recovery timeline has been confirmed.

Whether additional funds can be seized depends on where else the attacker moved funds before converting or consolidating them, and if other networks have governance mechanisms capable of taking similar action. No other chain has announced a comparable freeze.

The intervention is one of the largest governance actions in Arbitrum’s history and has already drawn debate over whether other layer-2 networks should adopt similar emergency powers.