- Arbitrum secures 30,766 ETH worth $70.97M, moving funds to frozen wallet.
- The KelpDAO hack totaled roughly $290 million to $292M after attackers drained rsETH.
- LayerZero blamed North Korea’s Lazarus Group and pointed to weak security settings.
Arbitrum has recovered $70.97 million in ETH tied to the recent KelpDAO exploit, taking emergency action to secure 30,766 ETH that had been sitting on Arbitrum One.
The funds were moved from addresses linked to the attacker into a frozen intermediary wallet controlled through governance safeguards.
According to Arbitrum, the assets are no longer accessible to the exploiter and can only be moved through future governance action coordinated with relevant parties.
Emergency Action Secures 30,766 ETH
Arbitrum said its Security Council acted with input from law enforcement regarding the exploiter’s identity.
After technical review, the council used a targeted method to move the ETH without affecting other users, apps, or the broader chain state. The transfer was completed on April 20 at 11:26 p.m. ET.
Blockchain intelligence platform Arkham said the seized amount totaled $70.9 million. Meanwhile, the recovery follows a much larger exploit that hit KelpDAO for roughly $290 million to $292 million.
Attackers drained rsETH through KelpDAO’s cross-chain bridge powered by LayerZero. The stolen rsETH was then reportedly used as collateral to borrow funds across DeFi lending markets.
This created an immediate bad debt risk. Notably, if fake collateral is accepted for loans, lenders may be left with losses when the collateral fails.
Lazarus Group Blamed
LayerZero said early analysis points to North Korea’s Lazarus Group, specifically the TraderTraitor unit. The company said the exploit targeted downstream RPC nodes used in a decentralized verifier network rather than exploiting LayerZero’s core protocol.
According to LayerZero, two RPC nodes were compromised while DDoS attacks hit uncompromised nodes, allowing false transaction verification during the theft. LayerZero also said malicious files were designed to self-delete after the attack.
LayerZero said KelpDAO used a single-verifier setup instead of a multi-verifier model that had previously been recommended. More independent verifiers create redundancy, as one weak point is harder to exploit when several checks are required.
David Schwartz added that many bridge systems look secure in theory, but teams often avoid stronger protections because they add operational cost and complexity.
Related: DeFi Exploits Top $775M in 2026 as KelpDAO, Drift Lead Losses
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
Source: https://coinedition.com/arbitrum-freezes-30766-eth-tied-to-290m-kelpdao-exploit/
