Arbitrum froze 30,766 ETH tied to the Kelp DAO exploit, securing about $71 million hours after the attack escalated. The funds moved into a governance-controlled wallet on April 21. Arbitrum’s Security Council carried out the action after law enforcement helped identify the attacker. The blockchain kept running normally, while the freeze isolated only the compromised assets.
The frozen ETH accounts for about a quarter of the estimated $292 million drained from Kelp DAO’s rsETH system. Arbitrum said the intermediary wallet now holds the funds and blocks further access without governance approval. As a result, part of the stolen ETH stopped moving during an active exploit.
Arbitrum said its Security Council executed the freeze on April 21, according to the company’s post on X. The intervention followed coordination with law enforcement after the attacker was identified. The action moved the targeted ETH into a wallet controlled by governance.
At the same time, Arbitrum said the freeze did not affect other users or applications on the network. The chain continued operating as usual. The action focused only on the compromised funds.
That response showed how Layer 2 governance can step in during an active exploit without halting broader network activity. The funds now remain locked in an intermediary wallet. Any further access requires additional governance approval.
Early assessments traced the exploit to a cross-chain verification failure tied to LayerZero infrastructure. The incident pointed to a compromised validator setup. From there, Kelp DAO and LayerZero disputed who carried the responsibility.
Later, LayerZero said North Korea’s Lazarus Group was the likely culprit. It argued that a single-point-of-failure setup in the verification path enabled the exploit. Kelp DAO, in turn, directed blame at LayerZero’s messaging architecture.
The dispute kept attention on bridge security. A single failure in verification triggered a nine-figure exploit. That risk remained in focus as the broader crypto market assessed the damage.
This episode also reopened a deeper issue across crypto systems. They aim to remain permissionless, yet governance can still act as a circuit breaker during extreme events.
Read More: Kelp DAO Hack Drains $293 Million and Triggers DeFi Contagion Fears
The financial impact spread beyond the initial theft. In the days after the attack, DeFi protocols faced growing concern around rsETH. Users questioned collateral quality, peg pressure, and the risk of bad debt across lending markets.
According to the company, Aave, SparkLend, Fluid, and Upshift moved to pause or reassess the rsETH-related exposure. Those steps came as users rushed to reduce risk. As a result, the exploit created pressure across connected DeFi markets.
Meanwhile, the latest laundering activity raised new recovery concerns. Once funds leave the original on-chain point of exploit and cross into Bitcoin rails or privacy-preserving tools, recovery usually becomes harder. Updates from ZachXBT and others indicated that the laundering process had already started.
Even so, the newly identified transfers through Umbra and other channels remained small compared with the total haul. Still, those transfers mattered because they showed the attackers were testing exit paths. The earlier Arbitrum freeze immobilized part of the stolen ETH, while THORChain and Umbra transfers showed other portions were already moving into harder-to-trace territory.
Arbitrum froze 30,766 ETH worth about $71 million after the Kelp DAO exploit, locking part of the stolen funds in a governance wallet. Meanwhile, DeFi platforms reviewed rsETH exposure as attackers tested laundering routes. The incident deepened scrutiny on bridge security, governance intervention, and recovery prospects after major cross-chain attacks.