$71.5M in ETH Locked by Arbitrum Security Council Amid Ongoing KelpDAO Laundering Activity

21-Apr-2026 Crypto Economy

TL;DR:

  • The Arbitrum Security Council froze 30,766 ETH worth $71.5 million linked to the KelpDAO exploit, after receiving law enforcement information about the attacker’s identity.
  • The frozen funds can only be released through an Arbitrum governance vote.
  • The attackers, attributed to North Korea’s Lazarus Group, have already begun moving and laundering the remaining funds using Thorchain and the privacy protocol Umbra.

The Arbitrum Security Council froze 30,766 ETH worth $71.5 million linked to the KelpDAO exploit of April 18, moving the funds to an intermediary wallet inaccessible to the attacker. The measure was taken after receiving information from law enforcement about the hacker’s identity.

The Arbitrum Security Council is composed of elected signers with emergency powers to protect the network during security incidents. Once activated, the council can freeze assets and move them to wallets whose access requires a subsequent community governance vote. The frozen funds cannot be released without coordination with the relevant parties through the protocol’s governance process.

arbitrum kelpdao ethereum

Arbitrum and the Decentralization Dilemma

The measures taken by the council generated divided reactions within the crypto community. On one hand, they were praised as a swift and effective response to a large-scale attack. On the other, they drew criticism over a layer-2 network’s ability to unilaterally freeze funds, raising questions about how real decentralization truly is when a body with emergency powers of this magnitude exists.

Nevertheless, the attackers have already begun moving funds beyond the reach of any possible response from authorities and protocols. According to onchain data and investigator ZachXBT, the thief’s wallet sent transfers of $57.93 million and $117.48 million on Tuesday during European hours. Approximately $1.5 million was bridged from Ethereum to Bitcoin via Thorchain and an additional $78,000 was routed through Umbra, a privacy protocol. These methods are typical of the initial laundering stage, known as layering, and indicate that the attacker may be preparing to disperse the funds across multiple destinations.

Arbitrum defends scaling as a core value for L2s

Indirect Consequences of the Freeze

Arbitrum may have inadvertently accelerated the attacker’s plans. By narrowing the room to maneuver over the frozen $71.5 million, pressure on the remaining funds increases. LayerZero attributed the attack to the Lazarus Group from North Korea, an organization that has previously used Thorchain to launder funds in exploits of similar scale.

The KelpDAO exploit also triggered a wave of liquidations across the DeFi sector, and there are fears of contagion spreading to other protocols.

Also read: South Korea CBDC Gains Support as BOK Chief Highlights Policy Direction
Next
Author's Name
telegram Telegram Twitter Twitter Linkedin Linkedin Instagram Instagram
About Author Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc fermentum lectus eget interdum varius. Curabitur ut nibh vel velit cursus molestie. Cras sed sagittis erat. Nullam id ante hendrerit, lobortis justo ac, fermentum neque. Mauris egestas maximus tortor. Nunc non neque a quam sollicitudin facilisis. Maecenas posuere turpis arcu, vel tempor ipsum tincidunt ut.
Read More Articles by Author
WHAT'S YOUR OPINION?
Related News