Arbitrum Security Council Intervenes to Freeze $71 Million in Stolen Ether Linked to Kelp DAO Attack

Arbitrum's Security Council recovers $71 million in ETH linked to the Kelp DAO hack. Learn how governance intervention is shaping the recovery of stolen assets.

By: AXL Media

Published: Apr 21, 2026, 8:16 AM EDT

Source: Information for this report was sourced from CoinDesk

Emergency Intervention Recovers Fragment of Stolen Assets

The Arbitrum Security Council executed a decisive emergency maneuver late Monday night, successfully freezing 30,766 ETH valued at approximately $71 million. This action directly targeted funds associated with the weekend's catastrophic $292 million exploit of Kelp DAO, a liquid restaking platform. By moving the assets into a secure intermediary wallet, the council has effectively stripped the original attacker of control over a significant portion of the haul. According to official statements from the Arbitrum team, the transaction was finalized at 11:26 p.m. ET on April 20, marking a critical turning point in the ongoing recovery efforts.

Law Enforcement Coordination and Network Integrity

The decision to intervene was not made in isolation, as the council reportedly acted upon specific intelligence provided by law enforcement agencies regarding the exploiter's identity. Despite the centralized nature of such a freeze, the council emphasized that the operation was conducted with surgical precision, ensuring that no other Arbitrum users or decentralized applications were impacted. This use of emergency powers highlights the unique, albeit controversial, role that elected signers play within the Arbitrum ecosystem when faced with high-value criminal activity.

North Korean Links and Bridge Infrastructure Failures

Investigations into the Saturday breach have pointed toward sophisticated state-sponsored actors, with bridge provider LayerZero attributing the attack to North Korea's Lazarus Group with preliminary confidence. The exploit targeted compromised verifier infrastructure, allowing the attackers to drain 116,500 rsETH from the network. This incident has sparked intense scrutiny of the LayerZero-powered bridge that Kelp DAO utilized, raising questions about the resilience of cross-chain security protocols against advanced persistent threats originating from North Korean cyber units.