Arbitrum Council Recovers $70.9M From KelpDAO Exploiter

Arbitrum has taken swift action after the recent KelpDAO exploit. Its Security Council froze and moved 30,766 ETH, worth about $70.9 million, tied to the attacker’s address. The funds are now locked in a special wallet. They cannot be accessed without further approval. This move comes just days after the large-scale exploit that shook the DeFi market.

Emergency Action to Secure Funds

The Security Council acted quickly once the exploit was confirmed. They worked with law enforcement and used emergency powers to step in. Instead of letting the attacker move the funds, they transferred the ETH to a frozen wallet. 

JUST IN: Arbitrum Resurrected After The KelpDAO Exploit Event

30,766 $ETH (~$71M) was stolen and moved to a wallet on Arbitrum – suspected to be linked to North Korea's Lazarus Group.

Then something unusual happened. The Arbitrum Security Council stepped in.

They moved the… https://t.co/WdcqIhr46K pic.twitter.com/xqHcQjzigi

— Evening Trader Group (@Eveningtraders) April 21, 2026

This wallet acts as a safe holding area. Importantly, the action did not affect other users. The network continued running normally. No other applications or funds were impacted. This careful approach helped protect both users and the broader system.

Link to the KelpDAO Exploit

The frozen funds are connected to the recent attack on KelpDAO. The exploit, which happened on April 18, led to losses of nearly $290 million. The attack targeted a bridge system linked to LayerZero. It allowed attackers to create fake transactions and drain funds. Reports suggest the attack may be linked to North Korean hacking groups. But investigations are still ongoing. At the same time, KelpDAO paused its rsETH contracts to prevent further damage. The team is now working with security experts to find the root cause.

Recovery Sparks Debate on Control

While the recovery is a positive step, it has also raised questions. Some users are debating the role of centralized actions in decentralized systems. Arbitrum used its governance powers to step in and secure funds. This shows that quick intervention is possible when needed. But it also brings up concerns about control. Some believe such actions may go against decentralization principles. Others argue that protecting users should come first. In cases like this, fast action can prevent bigger losses.

What Happens Next

For now, the recovered funds remain locked. Any future movement will require a governance decision. This means the community and key stakeholders will play a role. Investigations into the exploit are still ongoing. Teams are working to track remaining funds and understand how the attack happened.

At the same time, this incident highlights risks in cross-chain systems. It shows that even advanced setups can have weak points. Moving forward, projects may focus more on security and redundancy. Stronger systems could help prevent similar attacks. For now, Arbitrum’s action has stopped part of the damage. But the broader impact of the KelpDAO exploit is still unfolding.