Arbitrum emergency freezes KelpDAO hacker’s 30,766 ETH

On April 21, the Arbitrum Security Committee announced that it had taken emergency action to freeze 30,766 ETH on the Arbitrum One chain that is associated with the KelpDAO hacker attack. With the assistance of law enforcement agencies, the Security Committee confirmed the attacker’s identity and designed a technical plan to transfer the funds to an interim freeze wallet without affecting any other chain status or Arbitrum users.

Action Details: How to precisely freeze funds without affecting other users

The Arbitrum Security Committee’s statement emphasized the high precision of this action—throughout the process, it does not affect “any other chain status or Arbitrum users,” nor does it affect the normal operation of any Arbitrum application.

According to the announcement, before taking action, the Security Committee conducted “a large amount of technical investigation and deliberation” to confirm a viable technical solution, and, with the assistance of law enforcement agencies, identified the attacker’s identity. The frozen 30,766 ETH is currently held in an interim freeze wallet; only Arbitrum’s governing entities can take further actions to transfer these funds, and any subsequent operations must be coordinated with the relevant parties (including law enforcement agencies).

The Ripple Effects of the KelpDAO Attack: Aave TVL Shrinks from $26.4B to $18.6B

The source of the frozen ETH was the KelpDAO vulnerability attack on April 18. The attacker stole 116,500 rsETH, resulting in losses of about $293 million. The attacker then deposited the stolen rsETH as collateral into the Aave V3 platform and borrowed a large amount of wETH, creating roughly $195 million in bad debt on Aave’s books.

The Aave protocol subsequently suffered severe cascading impacts: nearly $8 billion in funds exited the protocol, the AAVE token fell by about 20% in a single day, and TVL shrank from about $26.4 billion to $18.6 billion, causing Aave to temporarily lose its leading position among DeFi platforms.

Broader Implications: The Discussion on the Boundaries of Law Enforcement on Decentralized Networks

This freeze action represents a precedent worth broad discussion for decentralized governance: an L2 security committee, with the assistance of law enforcement agencies, proactively intervened and froze assets tied to specific on-chain addresses. While efficiently intercepting stolen funds, it has also reignited industry debate about how much ability decentralized networks should have to intervene—when, by whom, and against what standards on-chain fund freezes should be authorized and executed will be a governance challenge that the entire industry will need to continually face going forward.

Frequently Asked Questions

How did the Arbitrum Security Committee freeze funds without affecting other users?

The Security Committee used a technical solution targeted at specific addresses, transferring funds from addresses associated with the attacker to an interim freeze wallet, while keeping all other status on the Arbitrum One chain unchanged and without affecting the normal operations of any other users, contracts, or applications. Specific technical details have not been fully disclosed yet.

How will the next steps be handled for the 30,766 ETH that were frozen?

These funds are currently held in an interim freeze wallet that only Arbitrum’s governing entities can access. Any subsequent transfers of funds can be executed only after coordinating with the relevant parties (including law enforcement agencies). The specific plan for returning the funds has not yet been announced and is expected to be determined based on investigation progress and legal procedures.

What are the subsequent impacts of this freeze action on the KelpDAO vulnerability incident?

Freezing this batch of ETH effectively limits the attacker’s ability to access certain stolen funds, reducing the risk of the funds being further transferred or laundered. However, the full subsequent developments of the Kelp DAO incident—including the handling of Aave bad debt, the legal accountability of the attacker, and compensation plans for losses across agreements—are still ongoing.