Does KelpDAO’s $71M ETH Legally Belong to North Korea Now?
The law firm files a restraining notice on $71M ETH from the KelpDAO hack. Analyze the legal battle between hack victims and collectors.
Quick Take
Summary is AI generated, newsroom reviewed.
A U.S. law firm filed a restraining notice to block the release of 30,766 ETH frozen by Arbitrum.
The firm argues the ETH is North Korean property and should pay off $877 million in old terrorism judgments against the DPRK.
The notice prevents the "DeFi United" fund from using the funds to restore the rsETH peg, leaving victims in a legal deadlock.
This case marks a precedent where stolen assets are treated as garnishable sovereign property, potentially delaying recovery for years.
A routine DeFi recovery effort just ran into one of the most unusual legal obstacles in crypto history. The U.S. law firm Gerstein Harrow LLP filed a restraining notice against Arbitrum DAO, blocking the release of 30,766 ETH, roughly $71 million, frozen after the KelpDAO hack.
🚨KELP’S STOLEN ETH IS NOW PART OF A NORTH KOREA DEBT FIGHT
— Coin Bureau (@coinbureau) May 4, 2026
U.S. law firm Gerstein Harrow has filed a restraining notice to stop Arbitrum DAO from returning 30,766 $ETH ($73M) frozen from the Kelp exploit.
The Kelp DAO hack was tied to North Korean hackers, so the firm argues… pic.twitter.com/fRlxiKLW1f
The firm argues those funds are legally North Korean property. A New York federal court has signed off on that argument, at least for now. State-sponsored hacking just collided with decade-old sovereign debt enforcement. The victims are caught in the middle.
The KelpDAO Hack: What Actually Happened
Since covering this story from April 18, the scale of the KelpDAO exploit has been staggering. Attackers drained over $292 million through a LayerZero bridge vulnerability. The attack exploited a 1-of-1 DVN setup, allowing forged cross-chain messages to pass undetected. On-chain analysts and LayerZero’s own post-mortem attributed the attack to the Lazarus Group. North Korea’s state-affiliated hacking unit, also known as TraderTraitor. The immediate fallout was severe. rsETH depegged sharply. Aave faced bad debt risks. Over $13 billion in DeFi TVL left the ecosystem within days. It remains one of the largest single exploits of 2026.
Arbitrum Froze the Funds. Then Came the Legal Bombshell.
On April 21, Arbitrum’s Security Council took emergency action. It froze 30,766 ETH connected to the exploit and transferred it to a governance-controlled address. A constitutional AIP followed, proposing to release the funds to a recovery multi-sig involving Aave, KelpDAO, and Certora. Community support was near-unanimous. KelpDAO had already contributed 2,000 ETH from its own treasury to the DeFi United recovery fund. The path forward looked clear. Then April 30 arrived.
Gerstein Harrow LLP served Arbitrum DAO with a formal restraining notice, backed by three writs of execution registered in the Southern District of New York. The notice was blunt. It cited judgments from 2010, 2015, and 2016 terrorism cases. Here, U.S. courts awarded hundreds of millions against North Korea. Han Kim and Yong Kim received $330 million in 2015. Ruth Calderon-Cardona received $378 million in 2010. Chaim Kaplan received over $169 million in 2016. Combined claims exceed $877 million, all unpaid.
The firm’s legal theory is straightforward but unprecedented. If Lazarus Group stole the ETH, and Lazarus Group is a DPRK state instrument, then the frozen ETH is technically North Korean property. Importantly, North Korean property is subject to those outstanding judgments. The restraining notice explicitly names wallet address 0x000…0DA0 on Arbitrum One. Disobeying it, the document warns, is punishable as contempt of court.
What This Means for Investors and Developers
For rsETH holders, this is a painful development. Funds that were days away from recovery are now frozen indefinitely pending court proceedings. The restraining notice is valid for one year unless vacated or satisfied. That timeline could devastate users waiting on restitution.
For developers and DAO architects, the implications run deeper. This case sets a dangerous precedent. If U.S. courts can treat DAO-held assets as garnishable property in sovereign debt cases, every future hack recovery effort faces the same risk. Any frozen funds linked to a sanctioned actor could become a target for third-party creditors before victims ever see a dollar.
On-chain analyst ZachXBT and others have called the move predatory. Their argument is simple: attribution does not equal ownership. Lazarus stealing funds does not automatically transform those funds into DPRK state assets eligible for garnishment by unrelated creditors.
What Comes Next?
Arbitrum DAO must now decide how to respond. Options include challenging the restraining notice in court, seeking an emergency hearing, or waiting for legal clarity. None of those paths are fast. The broader question this case forces onto the entire DeFi industry is uncomfortable but necessary. When nation-state hackers steal from decentralized protocols, who owns the frozen proceeds? Victims? Courts? Creditors with decade-old judgments? April 2026‘s kelpdao hack did not just expose a bridge vulnerability. It exposed a legal vacuum that nobody in DeFi had prepared for. That vacuum now has a law firm standing inside it.
Follow us on Google News
Get the latest crypto insights and updates.
