Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
#ArbitrumFreezesKelpDAOHackerETH
Arbitrum Security Council Freezes $71 Million in ETH Linked to Kelp DAO Exploit
On April21,2026, the Arbitrum Security Council took unprecedented emergency action by freezing30,766 ETH worth approximately $71 million, marking a significant development in the aftermath of the massive Kelp DAO exploit that occurred just days earlier.
The Original Exploit
The incident began on April18,2026, when attackers successfully drained approximately116,500 rsETH (restaked ETH) from Kelp DAO, valued at roughly $292 million. This attack targeted Kelp DAO's LayerZero-powered bridge infrastructure through a sophisticated compromise of the protocol's verification system. The exploit leveraged a vulnerable1-of-1 Data Verification Network configuration, where attackers poisoned RPC nodes and executed a DDoS attack on backup systems to bypass security measures.
Security researchers and blockchain analysts have preliminarily attributed the attack to North Korea's Lazarus Group, also known as TraderTraitor, based on distinctive funding patterns traced through Tornado Cash and the group's established infrastructure poisoning techniques. This marks the second major attack attributed to Lazarus within a three-week period and represents one of the largest DeFi exploits of2026.
**The Arbitrum Intervention**
Following the exploit, the attacker bridged a significant portion of the stolen funds to Arbitrum One, consolidating approximately30,766 ETH in the address0x5d3919f12bcc35c26eee5f8226a9bee90c257ccc. This concentration of funds presented a critical opportunity for intervention.
On April21 at approximately06:45 UTC, the Arbitrum Security Council invoked its emergency powers to execute a direct transfer of the frozen ETH to a governance-controlled intermediary wallet at0x0000 The council emphasized that this action was taken with input from law enforcement regarding the exploiter's identity and was executed without impacting any other Arbitrum users or applications.
The technical execution involved a state transition through upgraded system contracts and client code, consuming approximately21,000 gas with no event logs generated. This approach allowed the Security Council to effectively seize the funds while maintaining network stability for all other participants.
**Impact on DeFi Ecosystem**
The exploit had immediate ripple effects across the decentralized finance landscape. The attacker utilized the unbacked rsETH as collateral on Aave V3 and V4 markets across both Ethereum mainnet and Arbitrum, borrowing52,834 WETH on Ethereum and29,782 WETH plus821 wstETH on Arbitrum. This created a bad debt crisis for Aave estimated between $123 million and $230 million.
In response, Aave rapidly froze rsETH markets on both V3 and V4 versions within hours of the exploit, preventing additional rsETH from being deposited as collateral. Aave founder Stani Kulechov confirmed that the asset no longer carries borrowing power, and the community is expected to discuss whether rsETH should be permanently delisted from all Aave markets.
Kelp DAO's emergency response included pausing relevant contracts and blacklisting attacker wallets, which successfully prevented a secondary attack targeting an additional40,000 rsETH worth approximately $95 million. The protocol is currently working with LayerZero, Aave, and other stakeholders on comprehensive recovery plans.
**Decentralization Debate**
The Arbitrum Security Council's intervention has ignited intense debate within the cryptocurrency community regarding the nature of decentralization in Layer2 networks. Critics have labeled the action as evidence of "decentralization theater," arguing that the existence of emergency powers capable of freezing user funds contradicts the fundamental principles of permissionless blockchain systems.
Supporters counter that the intervention represents responsible stewardship, preventing hostile nation-state actors from liquidating stolen assets and potentially mitigating broader market damage. The frozen funds now require formal governance approval to move, establishing a transparent process for determining their ultimate disposition.
**Ongoing Developments**
While the Arbitrum freeze represents the largest recovery of stolen funds to date, the attacker continues to move remaining assets through various channels including THORChain and Umbra. Total value locked across the DeFi ecosystem dropped sharply following the exploit, with Ethereum declining17.7% and Arbitrum experiencing a13.7% decrease.
Multiple protocols are currently negotiating loss allocation and recovery strategies. The incident has renewed calls for enhanced bridge security standards and more robust verification mechanisms across cross-chain infrastructure. LayerZero has publicly criticized Kelp DAO's single-DVN configuration, while Kelp DAO maintains that the setup was implemented according to LayerZero's own documentation.
The case represents a watershed moment for Layer2 governance and emergency response capabilities, establishing precedent for how rollup networks may respond to large-scale security incidents involving state-sponsored actors. As investigations continue and governance processes unfold, the outcome will likely influence regulatory perspectives on blockchain intervention mechanisms and the evolving balance between decentralization ideals and practical security considerations.