In brief
- The Arbitrum Security Council has frozen 30,766 ETH worth $71.5 million linked to the weekend’s KelpDAO exploit.
- The funds can only be moved by further action by Arbitrum governance, the council said.
- The KelpDAO attackers, thought to be North Korean hackers, have begun moving and laundering funds linked to the exploit.
The Arbitrum Security Council has frozen 30,766 ETH worth $71.5 million allegedly linked to the KelpDAO exploit, moving the funds to an intermediary wallet.
In a tweet, the council explained the “emergency action” was taken following law enforcement input about the exploiter’s identity. Following the move, the funds are “no longer accessible to the address that originally held the funds,” the council said, adding that they can only be moved “by further action by Arbitrum governance, which will be coordinated with relevant parties.”
The Arbitrum Security Council consists of elected signers with emergency powers to protect the layer-2 network during security incidents. When activated, the council can immediately freeze assets and move them to wallets accessible only through subsequent governance votes.
The frozen funds from the alleged KelpDAO exploiter now sit in an intermediary address that requires community approval through Arbitrum’s governance process to access.
The freeze sparked debate regarding layer-2 governance and the resultant trade-offs between rapid security response and decentralization, with Arbitrum’s ability to unilaterally freeze funds during emergencies attracting both praise and criticism online.
The KelpDAO exploit
KelpDAO, a liquid restaking protocol, suffered a $292 million exploit on April 18 when attackers drained 116,500 rsETH tokens. In the wake of the hack, LayerZero attributed the attack to North Korea’s Lazarus Group.
The attackers allegedly compromised RPC nodes in LayerZero’s network, poisoning two nodes while launching DDoS attacks on a third. In the wake of the incident, a dispute emerged between LayerZero and KelpDAO over security configurations, with each party pointing to different documentation standards for the protocol’s setup.
The attackers have already started moving funds linked to the exploit. According to on-chain data, the wallet identified as that of the KelpDAO hacker sent transfers of $57.93 million and $117.48 million Tuesday morning, while blockchain investigator ZachXBT reported that the KelpDAO attackers have begun laundering $1.5 million from the KelpDAO exploit from Ethereum to Bitcoin via Thorchain, with a further $78,000 routed through Umbra.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
