Arbitrum’s Security Council froze exploiter-held ETH after coordinating with law enforcement.
Arbitrum said its Security Council initiated an emergency intervention to secure funds linked to the recent KelpDAO exploit after identifying 30,766 ETH held on Arbitrum One in an address tied to the attacker.
User activity remained unaffected during the process.
Arbitrum Security Council Steps In
The council stated it had coordinated with law enforcement regarding the exploiter’s identity and that the action was carried out with a focus on preserving network integrity.
After conducting technical analysis and internal deliberations, Arbitrum’s council implemented a method to isolate and transfer the funds without affecting any other chain state or its users. The assets were moved to an intermediary wallet, effectively freezing them and removing access from the original address.
According to the official announcement, the transfer was completed on April 20 at 11:26 pm ET. Any further movement of the funds will require governance-level decisions in coordination with relevant stakeholders.
Just before the intervention, Onchain Labs reported that the exploiter appeared to have burned 30,766 ETH, worth $70.94 million on Arbitrum.
KelpDAO Hack
The incident traces back to the KelpDAO exploit on April 18, which led to the loss of about 116,500 rsETH tokens, worth around $292 million. It was one of the largest DeFi breaches this year. The attackers targeted KelpDAO’s cross-chain bridge built on LayerZero Labs infrastructure. According to LayerZero, the attacker gained access to components of its decentralized verified network by compromising RPC nodes and disrupting normal operations, which allowed a fraudulent cross-chain message to be approved and executed.
You may also like:
-
Whales Circle AAVE Amid Chaos: Is This Another Market Bottom Signal?
-
DeFi TVL Plummets Across Top Chains After KelpDAO Hack
-
How Musician Lost 5.92 BTC on Fake Ledger App
LayerZero blamed the scale of the breach on KelpDAO’s use of a 1-of-1 verification setup, which lacked independent validation. KelpDAO, in response, stated,
“The 1-of-1 DVN setup is the configuration documented in LayerZero’s documentation and shipped as the default for any new OFT deployment. Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time.”
The impact spread beyond the bridge as a large portion of the stolen assets moved into lending protocols. On Aave V3, for instance, the attacker deposited rsETH as collateral and borrowed large amounts of wrapped ETH. These positions were left with low health factors, which raised the possibility of bad debt within the protocol.
Binance Free $600 (CryptoPotato Exclusive): Use this link to register a new account and receive $600 exclusive welcome offer on Binance (full details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to register and open a $500 FREE position on any coin!
