Some Kelp DAO loot is no longer going anywhere.
The Arbitrum Security Council froze 30,766 ETH worth approximately $71 million on Monday night, moving funds linked to Saturday’s $292 million rsETH exploit to a mezzanine wallet that can only be accessed through new Arbitrum governance actions.
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH held at the Arbitrum One address that is connected to the KelpDAO exploit. The Security Council acted with the input of law enforcement regarding the identity of the exploiter and, at all times,…
– Referee (@arbitrum) April 21, 2026
The council said it acted based on input from authorities regarding the identity of the exploiter and executed the freeze “without affecting any Arbitrum users or applications.”
The transfer was completed at 11:26 pm ET on April 20, according to Arbitrum’s statement on X. The stolen funds are no longer controllable by the address that originally held them.
The move recovers roughly a quarter of the total amount drained from Kelp’s LayerZero bridge on Saturday, when attackers mined 116,500 rsETH by exploiting compromised verification infrastructure. LayerZero attributed the attack with preliminary confidence to North Korea’s Lazarus Group.
Arbitrum is a layer 2 blockchain, that is, a network built on Ethereum that processes transactions more cheaply and settles them on the main chain. Its Security Council is a group of elected signatories with emergency powers to take protective measures in exactly this type of scenario, although governance-level interventions into user funds remain rare and controversial because they introduce a degree of discretionary control over an otherwise permissionless network.
The freeze leaves Kelp with an option for partial recovery in addition to anything else law enforcement and chain-tracking companies can recover.
It also intensifies the ongoing dispute between Kelp and LayerZero over who is responsible for the exploit, as any broader disclosure of the remaining losses now has a $71 million compensation to work with before legal coordination, insurance or contributions to the treasury come into play.
Kelp has said it is coordinating with ecosystem partners on a recovery fund and weighing next steps to reactivate, socialize losses and legally coordinate with affected counterparties. LayerZero has not commented publicly on the Arbitrum freeze.
Whether more stolen funds will be frozen depends on where else the attacker moved rsETH or its derivatives before consolidation, and whether other chains with similar emergency powers decide to act on their portions of the flow.
