Arbitrum’s Security Council has frozen 30,766 ETH on Arbitrum One tied to the recent KelpDAO exploit.
The council said that it acted after coordinating with law enforcement on the identity of the exploiter.
Arbitrum Council Moves Funds to a Wallet-Only Governance Can Unlock
BeInCrypto reported that attackers drained roughly 116,500 rsETH, worth about $292 million, from KelpDAO on April 18. The attacker then supplied the stolen rsETH as collateral on Aave V3 and borrowed a large volume of WETH against it.
“KelpDAO appears to have had $280M+ stolen one hour ago on Ethereum and Arbitrum. The attack addresses were funded via Tornado Cash,” ZachXBT wrote on Telegram.
Now, the Arbitrum Security Council transferred the 30,766 ETH to an intermediary frozen wallet shortly before midnight ET on April 20, according to the team’s statement. Thus, the original address holding the funds can no longer access them.
Follow us on X to get the latest news as it happens
Only further governance action can move the ETH from its new location. Arbitrum said that the process will be coordinated with the relevant parties.
“After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users,” the team said.
The Security Council is a 12-member body elected by the Arbitrum DAO. It is responsible for making time-sensitive decisions and emergency measures to safeguard the DAO, its members, and the wider Arbitrum community. Today’s action is a notable use of those emergency powers.
The KelpDAO hack marked the largest Decentralized Finance (DeFi) exploit of 2026. LayerZero attributed the attack based on preliminary evidence to North Korea’s Lazarus Group, most likely its TraderTraitor subunit.
