Arbitrum freezes exploited ETH

Arbitrum’s Security Council froze 30,765.6675 ether linked to the KelpDAO exploiter on April 21, cutting off access to funds sitting on Arbitrum One. (forum.arbitrum.foundation) The council said it acted at 11:26 p.m. ET and moved the ether into a frozen intermediary wallet at `0x0000000000000000000000000000000000000DA0`. Any release now requires a separate Arbitrum governance action coordinated with “relevant parties,” the forum post said. (forum.arbitrum.foundation) Arbitrum said the freeze was not a normal wallet blacklist. Contributors temporarily upgraded the inbox contract on Ethereum, used a function to imitate the exploiter’s cross-chain sender, transferred the funds, and then restored the original contract implementation. (forum.arbitrum.foundation) Arbitrum’s Security Council is a 12-member body elected by the decentralized autonomous organization, or DAO, and emergency actions require a 9-of-12 majority in critical situations. The same governance docs say the DAO can later remove council members or change the rules. (docs.arbitrum.foundation, forum.arbitrum.foundation) The frozen stash is only a slice of the broader KelpDAO theft. LayerZero said KelpDAO was exploited on April 18 for about $290 million after its rsETH setup relied on a single verifier, creating a single point of failure in the bridge system. (layerzero.network) LayerZero said KelpDAO’s rsETH configuration used a 1-of-1 Decentralized Verifier Network, with LayerZero Labs as the sole verifier, even though LayerZero said it had recommended a multi-verifier setup with redundancy. LayerZero also said its preliminary indicators point to a “highly-sophisticated state actor,” likely North Korea’s Lazarus Group, specifically TraderTraitor. (layerzero.network) The exploit spread beyond one app because rsETH was already woven into lending and trading markets across more than 20 chains. CoinDesk reported the attacker drained 116,500 rsETH, about 18% of circulating supply, making it the biggest crypto exploit of 2026 so far. (coindesk.com) Not everyone sees Arbitrum’s intervention the same way. Supporters point to a rare case where a layer-2 network stopped a thief mid-flight, while critics note that a council able to move user funds is a real trust assumption, even if the power sits behind elections and emergency thresholds. (forum.arbitrum.foundation, docs.arbitrum.foundation) The immediate question is no longer whether those 30,765.6675 ether can move. Under Arbitrum’s own process, the next move belongs to governance. (forum.arbitrum.foundation)