#ArbitrumFreezesKelpDAOHackerETH
The Arbitrum Security Council has frozen 30,766 ETH (71M) seized by hackers linked to the North Korean Lazarus Group. This is a historic intervention following the largest DeFi exploit of 2026.
What happened?
On April 18, 2026, 116,500 rsETH (292M) were stolen in an attack on Kelp DAO's LayerZero-powered bridge. The attackers bypassed LayerZero's single validator (1-of-1 DVN) configuration using RPC poisoning and DDoS, generating forged cross-chain messages.
Arbitrum's Intervention:
- 30,766 ETH were frozen on April 20, 2026, at 23:26 ET
- Funds were moved to an intermediary wallet accessible only through Arbitrum governance
- The Security Council acted on information from law enforcement regarding the attacker's identity
Technical Details:
- The attack was carried out using RPC poisoning targeting LayerZero infrastructure
- Kelp DAO had not implemented multi-DVN configuration recommendations
- LayerZero announced it will no longer sign 1-of-1 DVN configurations to prevent further attacks
Market Impact:
- DeFi TVL dropped 13 billion in 48 hours (99.5 billion → 86.3 billion)
- Aave's poor debt forecast: 123.7 million in Scenario 1, 230.1 million in Scenario 2
- ETH price remained stable after the incident (2,300)
Points of Discussion:
This intervention conflicts with decentralization principles. Dan Robinson from Paradigm: "Decentralization is not a suicide pact." On the other hand, there are concerns that such emergency powers could be misused.
Current Status:
- Attackers transferred 1.5M from Ethereum mainnet to Bitcoin after Arbitrum freeze (ZachXBT report)
- Kelp DAO is evaluating rescue fund and loss socialization options
- Aave WETH markets partially reopened
Important: This event demonstrates how critical infrastructure security and multiple validator configurations are in DeFi. It is reported that in April 2026, the Lazarus Group stole a total of 575M through attacks on Drift (285M) and Kelp DAO (292M).
The Arbitrum Security Council has frozen 30,766 ETH (71M) seized by hackers linked to the North Korean Lazarus Group. This is a historic intervention following the largest DeFi exploit of 2026.
What happened?
On April 18, 2026, 116,500 rsETH (292M) were stolen in an attack on Kelp DAO's LayerZero-powered bridge. The attackers bypassed LayerZero's single validator (1-of-1 DVN) configuration using RPC poisoning and DDoS, generating forged cross-chain messages.
Arbitrum's Intervention:
- 30,766 ETH were frozen on April 20, 2026, at 23:26 ET
- Funds were moved to an intermediary wallet accessible only through Arbitrum governance
- The Security Council acted on information from law enforcement regarding the attacker's identity
Technical Details:
- The attack was carried out using RPC poisoning targeting LayerZero infrastructure
- Kelp DAO had not implemented multi-DVN configuration recommendations
- LayerZero announced it will no longer sign 1-of-1 DVN configurations to prevent further attacks
Market Impact:
- DeFi TVL dropped 13 billion in 48 hours (99.5 billion → 86.3 billion)
- Aave's poor debt forecast: 123.7 million in Scenario 1, 230.1 million in Scenario 2
- ETH price remained stable after the incident (2,300)
Points of Discussion:
This intervention conflicts with decentralization principles. Dan Robinson from Paradigm: "Decentralization is not a suicide pact." On the other hand, there are concerns that such emergency powers could be misused.
Current Status:
- Attackers transferred 1.5M from Ethereum mainnet to Bitcoin after Arbitrum freeze (ZachXBT report)
- Kelp DAO is evaluating rescue fund and loss socialization options
- Aave WETH markets partially reopened
Important: This event demonstrates how critical infrastructure security and multiple validator configurations are in DeFi. It is reported that in April 2026, the Lazarus Group stole a total of 575M through attacks on Drift (285M) and Kelp DAO (292M).
