Since the freeze, ZachXBT reported that the attackers had begun moving funds from Ethereum mainnet to Bitcoin.
Ethereum Layer 2 Arbitrum said that its Security Coucil has taken emergency action to freeze approximately 30,766 ETH, worth over $71 million, tied to this weekend’s KelpDAO exploit.
Arbitrum announced on X late Monday night that it acted with input from law enforcement, which had provided information about the exploiter’s identity. After what it described as significant technical diligence, the L2 said it executed an approach that moved funds without affecting any other chain state or Arbitrum users.
As of April 20 at 11:26pm ET, the funds were successfully transferred to an intermediary frozen wallet, where they can only be moved by further action from Arbitrum governance, per Arbitrum’s X post.
On-chain investigator ZachXBT reported this morning that since the Arbitrum freeze, the attackers had moved $1.5 million from Ethereum mainnet to Bitcoin via decentralized swap protocol Thorchain, as well as another $78,000 routed through Umbra.
The intervention follows what appears to be DeFi’s worst exploit this year so far. The original exploit, which struck KelpDAO’s LayerZero-powered bridge on April 18, saw an attacker mint approximately $293 million worth of unbacked rsETH and drain over $200 million in real WETH from Aave before markets could freeze — leaving the lending protocol with hundreds of millions in bad debt.
LayerZero said in a postmortem published yesterday, April 20, that the attack is likely attributable to North Korean state-sponsored hacker group Lazurus Group.
DeFi Community Response
The Arbitrum Security Council’s move marks a rare use of emergency governance powers to directly intervene in fund recovery from a public chain, with coordination from law enforcement signaling this incident has drawn regulatory attention.
YCC founder Duo Nine called the move “Good move for the users affected, bad new for decentralization,” adding:
“This sets a precedent where with good justification any assets on Arbitrum can be taken from your wallet.”
On-chain security expert Taylor Monahan had a different take, characterizing Arbitrum freezing funds as DeFi collectively “rugg[ing] DPRK of $70M.” Monahan continued:
“I want to say thank you to EVERYONE who played a role. Including those who pushed back […] DeFi fucking wins.”
White hat hacker and founder of blockchain security organization Security Alliance samczsun also had a positive take on the move, posting this morning “huge day for victims of the kelp dao hack,” and continuing:
“i hope that we can look back on today as the day our industry realized that we can simultaneously build useful products while also protecting users rather than be a consequence-free infinite money glitch for hackers.”
This article was written with the assistance of AI workflows. All our stories are curated, edited and fact-checked by a human.
