Key Takeaways
- Emergency freeze immobilizes 30,766 ETH (approximately $71 million) associated with the Kelp DAO security breach
- Assets transferred to governance-managed wallet, cutting off attacker access
- Frozen amount represents about 25% of the total $292 million stolen during Saturday’s incident
- North Korea’s Lazarus Group preliminarily identified as responsible party by LayerZero
- Emergency measure passed with nine affirmative votes from the 12-member council
In a decisive emergency response Monday evening, Arbitrum’s Security Council implemented an urgent freeze on 30,766 ETH valued at roughly $71 million, funds directly linked to the Kelp DAO security incident. The cryptocurrency has been transferred to an intermediary address that requires additional Arbitrum governance authorization for any future access.
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times,…
— Arbitrum (@arbitrum) April 21, 2026
Official confirmation of the freeze came at 11:26 p.m. Eastern Time on April 20. The compromised ether is now completely inaccessible to the wallet that previously controlled it.
This emergency intervention follows Saturday, April 19’s exploitation of Kelp DAO’s LayerZero-integrated bridge infrastructure. Malicious actors successfully extracted 116,500 rsETH by exploiting vulnerabilities in compromised verification systems. Financial damages from the security breach total between $292 and $293 million.
rsETH functions as a liquid restaking token created by Kelp DAO. The token represents users’ staked ethereum holdings within the protocol.
LayerZero, whose bridge technology was exploited, indicated with preliminary certainty that North Korea’s notorious Lazarus Group orchestrated the attack. The company has remained silent regarding Arbitrum’s asset freeze decision.
The secured $71 million constitutes roughly one-quarter of the complete stolen sum. This marks the most substantial single recovery effort implemented in response to the breach.
Decision-Making Process Behind the Freeze
Arbitrum’s Security Council operates as a 12-member governance body selected by the Arbitrum community. The council maintains emergency authorization for crisis scenarios. The freeze passed with nine members supporting the action.
Council participant Griff Green emphasized the group “did not make this decision lightly,” acknowledging “countless hours of debates, technical, practical, ethical and political.” The council additionally confirmed coordination with law enforcement agencies during deliberations.
Arbitrum representatives assured that the freeze exclusively targeted the compromised funds without impacting other network participants or decentralized applications.
Community Response and Debate
The council’s decision has sparked debate within cryptocurrency circles. Social media platform X has seen users questioning whether such freezing authority contradicts Arbitrum’s decentralization commitments. Detractors contend that council-mandated fund immobilization conflicts with foundational blockchain principles of permissionless operation.
Advocates counter that the intervention safeguards users while preserving network credibility.
The freeze additionally intensifies ongoing disagreement between Kelp DAO and LayerZero concerning accountability for the security failure. With $71 million now secured, future negotiations regarding loss distribution have a substantial recovered portion before considering insurance mechanisms, litigation strategies, or treasury allocations.
The perpetrators additionally leveraged stolen Kelp tokens as collateral for cryptocurrency loans on Aave lending protocol, generating bad debt throughout the broader decentralized finance lending ecosystem.
Kelp DAO representatives stated they’re collaborating with ecosystem participants on establishing a recovery fund while assessing options for loss distribution and legal coordination efforts.
Possibilities for freezing additional stolen assets hinge on the attacker’s fund movement patterns and whether other blockchain networks possessing comparable emergency capabilities choose to intervene.
