Aave Wins Court Battle Over $71M ETH Linked to North Korea
Federal judge allows Aave to recover $71M in ETH stolen by Lazarus Group. Explore the ruling on the KelpDAO exploit and DeFi recovery efforts.
Quick Take
Summary is AI generated, newsroom reviewed.
Judge Margaret Garnett cleared Aave to transfer $71M in frozen ETH, ruling the funds belong to users, not North Korean hackers.
The legal order modifies a restraining notice from terrorism creditors, allowing a recovery multisig to move the assets via governance.
The recovery plan involves burning liquidated rsETH and restoring full backing to the KelpDAO bridge to reopen Ethereum withdrawals.
This case sets a major legal precedent for how decentralized protocols protect recovered assets from third-party seizure claims.
A federal judge just handed DeFi’s recovery effort a critical win. U.S. District Judge Margaret Garnett of the Southern District of New York has cleared the path for Aave LLC. She order to transfer $71 million in frozen ETH off Arbitrum and into an Aave-controlled wallet.
美国纽约南区法官 Margaret Garnett 已为 Aave 转移与朝鲜相关黑客事件有关的 7100 万美元 ETH 扫清法律障碍,允许 Arbitrum 上被冻结的攻击资金转至 Aave LLC,但相关法律限制令将随资产一并转移。此前,持有针对朝鲜判决的原告试图限制这笔资金,主张其可用于执行与朝鲜相关的赔偿判决;Aave…
— 吴说区块链 (@wublockchain12) May 9, 2026
The ruling resolves an immediate legal standoff that threatened to derail one of the most coordinated recovery efforts in DeFi history. But the legal battle is far from over. Aave news today marks a turning point in a story that began with one of 2026’s largest crypto exploits.
How We Got Here: The KelpDAO Exploit
On April 18, 2026, KelpDAO lost approximately $292 million in rsETH through a sophisticated attack on its LayerZero bridge. Attackers exploited a single-verifier configuration, compromising RPC nodes to feed false data and fraudulently unlock roughly 116,500 rsETH from Ethereum mainnet escrow. The attack was widely attributed to North Korea’s Lazarus Group. The immediate fallout triggered between $7 billion and $13 billion in temporary DeFi outflows.
Arbitrum’s Security Council responded by freezing 30,766 ETH linked to the exploit. The Arbitrum community then voted overwhelmingly, with above 90% support, to transfer those funds to a recovery multisig managed by Aave, KelpDAO, Certora, and EtherFi as part of the DeFi United coalition.
Then on May 1, attorney Charles Gerstein filed a restraining notice on Arbitrum DAO. On behalf of terrorism judgment creditors holding $877 million in unpaid claims against North Korea. Their argument was direct because Lazarus Group carried out the hack; the frozen ETH qualifies as DPRK property subject to seizure.
Judge Garnett’s Ruling
Judge Garnett’s two-page order modifies the restraining notice rather than vacating it. The frozen ETH can now move to Aave LLC through a binding onchain Arbitrum DAO governance vote. Critically, the legal restraining order travels with the assets, attaching to Aave LLC upon transfer. The judge also shielded anyone who initiates, votes on, or participates in the transfer from personal liability under the notice.
Aave’s core argument carried the day. The funds belong to innocent protocol users, not to the hackers or North Korea. As Aave stated plainly in its emergency motion, a thief does not gain lawful ownership of stolen property simply by taking it.
Recovery Progress and What Comes Next
The protocol has already made meaningful progress. On May 6, liquidators closed the thief’s eight identified positions on Aave V3. They then transferred the recovered rsETH collateral to the Recovery Guardian under the approved governance process. Mantle DAO and Arbitrum DAO have both passed supporting proposals.
The next phase focuses on neutralizing the inflated rsETH supply. On Arbitrum, liquidated rsETH will be burned. Kelp will retire the corresponding LayerZero packet to prevent new rsETH from minting on Ethereum. On Ethereum, the team will send seized rsETH to the bridge lockbox. It will combine the funds with committed ETH from DeFi United coalition partners to restore rsETH’s full backing and reopen withdrawals.
What This Means for Investors and Developers
For Aave ETH holders and DeFi investors, the ruling provides meaningful relief. Separate funds are being borrowed as a contingency to cover the difference while the immobilized ETH moves through the governance process. The path to full market normalization is now clearer.
For developers and protocol architects, the broader implications of this case cannot be ignored. Gerstein’s legal strategy extends beyond Arbitrum. The same creditors have sued Railgun DAO and named Digital Currency Group in a separate case. They argue a $10 million governance token purchase made DCG liable for DPRK fund flows through the protocol.
The industry will use this precedent to define how DeFi protocols handle recovered hack funds for years to come. DeFi platforms across the sector are already replacing single-verifier bridge configurations, including the setup exploited in the KelpDAO hack. Moreover, the legal and technical lessons from April 18 are reshaping how developers build DeFi platforms and protect recovery efforts.
References
Follow us on Google News
Get the latest crypto insights and updates.
