Arbitrum delegates signaled support, in a non-binding sentiment check, for a plan to release $71 million in ether frozen after last month’s Lazarus-linked rsETH exploit, amid an active U.S. court fight over ownership of the funds.
The so-called phase one of the temperature check, which closed Friday afternoon Hong Kong time with more than 90% support, favors the release of 30,765 ETH frozen by Arbitrum’s Security Council after the April 18 exploit, when attackers used unbacked rsETH tokens as collateral on Aave to borrow roughly $230 million in ETH from the protocol.
The vote took place on an off-chain polling platform commonly used by crypto governance communities to gauge delegate sentiment before initiating formal steps. Under Arbitrum’s governance process, the result does not itself move funds or change protocol rules. Think of it as a referendum of the population before a piece of legislation is passed.
Any actual transfer would require a separate onchain Constitutional Arbitrum Improvement Protocol (AIP), a formal governance proposal that can execute binding actions if approved by tokenholders. The strong support shown in the sentiment check suggests delegates may favor advancing a formal AIP on the proposal.
The frozen ether are earmarked for a coordinated industry recovery effort led by Aave, KelpDAO, LayerZero, EtherFi, and Compound, aimed at making affected users whole.
But the same funds are also at the center of an escalating legal dispute in Manhattan federal court.
Last week, attorney Charles Gerstein, representing families holding roughly $877 million in unpaid terrorism judgments against North Korea, served a restraining notice on Arbitrum DAO claiming the frozen ETH constitutes North Korean property because the exploit has been widely attributed to Pyongyang’s Lazarus Group.
That triggered an emergency legal fight.
Aave moved earlier this week to vacate the restraining notice, arguing the assets belong to innocent users, not North Korea, and warning that continued delays risk “cascading liquidations” and broader instability across decentralized finance markets.
Gerstein fired back Tuesday, arguing the exploit was not theft but fraud, meaning the attackers obtained legal title to the ETH by deceiving Aave’s lending markets with worthless collateral.
Friday’s governance vote does not mean the funds move immediately.
Besides, even if later approved onchain, the proposed transfer would face Arbitrum’s standard roughly eight-day L2-to-L1 withdrawal delay before any ETH could move, potentially giving the Manhattan court time to intervene.
Arbitrum delegates were also not voting blindly on the legal risk. The draft snapshot proposal included indemnification protections for the Arbitrum Foundation, Offchain Labs, Security Council members, and governance delegates against certain claims arising from either freezing or releasing the ETH, though those protections would only take effect if later adopted through a successful onchain Constitutional AIP. Still, the inclusion of language underscored how unusual the stakes around the vote had already become.
Speaking at Consensus Miami this week, Aave Labs Chief Legal and Policy Officer Linda Jeng said the exploit had already forced the protocol to rethink its risk framework, expanding collateral standards beyond financial metrics to include cybersecurity, interoperability, and technical architecture reviews.
Jeng, who worked as a regulator during the 2008 financial crisis, drew a contrast with traditional finance’s taxpayer-backed rescues.
“In the financial crisis, we had to bail out the banks,” she said. “Here, we came together as an ecosystem to bail ourselves out.”
CORRECTION (May 9. 2026, 02:00 UTC): Corrects that the measure was a snapshot, not a binding Arbitrum Improvement Proposal
