Arbitrum DAO Votes to Release $71M in Frozen ETH to DeFi United After Kelp DAO Exploit
On April 18, 2026, an attacker widely believed to be “TraderTraitor,” a subunit of North Korea’s notorious Lazarus Group targeted the cross-chain bridge used by Kelp DAO. The bridge, powered by LayerZero, had a critical vulnerability.
| Contributor | Amount (ETH) | Structure |
| Arbitrum Security Council | 30,766 | Frozen attacker funds (pending DAO vote) |
| Consensys & Joe Lubin | 30,000 | Grant/Pledge |
| Mantle | 30,000 | Low-interest loan |
| Aave DAO | 25,000 | Treasury deployment (pending vote) |
| LayerZero | 10,000 | Grant to fund + direct Aave liquidity |
| Stani Kulechov (Aave Founder) | 5,000 | Personal pledge |
| Ether.Fi | 5,000 | Contribution |
| Lido | 2,500 | Contribution |
| Kelp DAO | 2,000 | Contribution |
The attackers successfully forged a cross-chain verification message. They essentially tricked the network into believing they had deposited vast amounts of collateral on another chain. Because the system believed the fake data, it minted roughly 116,500 unbacked rsETH (re-staked Ethereum) tokens out of thin air, stealing the equivalent of $292 million.
If the attackers had simply tried to sell 116,500 fake rsETH on the open market, the price would have crashed to zero instantly, yielding very little actual cash. Instead, they executed a highly sophisticated secondary attack.
They took about 107,000 of the unbacked rsETH and deposited it as collateral into major lending protocols primarily Aave, but also Compound and Euler. Because the lending protocols viewed rsETH as a legitimate, high-value asset, they allowed the attackers to borrow roughly $190 million to $236 million in real wrapped ETH and stablecoins against it.
Once the exploit was discovered, the real value of the compromised rsETH plummeted, leaving Aave holding the bag with up to $230 million in toxic bad debt. Panic ensued, and Aave saw billions in total value locked (TVL) vanish in hours as users scrambled to withdraw their funds.
Arbitrum’s Controversial Intervention
This brings us to the specific headline you linked. As the attackers were moving the stolen assets around, they bridged 30,766 ETH (worth roughly $71 million) onto the Arbitrum Layer-2 network.
In a move that sparked massive debate, the Arbitrum Security Council intervened at the protocol level. They tracked the attacker’s wallet and unilaterally frozen the assets, bypassing the attacker’s private keys. This is highly controversial in crypto because it directly violates the purist “not your keys, not your coins” ethos, demonstrating that decentralized networks can, in extreme emergencies, act like centralized banks.
Now, the Arbitrum DAO is holding a governance vote to officially release those 30,766 frozen ETH into a massive industry bailout fund designed to clean up the mess.
The Bailout: Enter “DeFi United”
To stop the contagion from destroying Aave and wiping out retail lenders, a coalition of massive crypto entities rallied together to form DeFi United. Driven heavily by Aave founder Stani Kulechov, the fund’s goal is to absorb the bad debt, restore full 1:1 backing to rsETH, and normalize the lending markets.
In an unprecedented display of industry coordination, DeFi United secured over $300 million (more than 132,000 ETH) in pledges within days.
