Arbitrum Council Freezes $71M After KelpDAO Bridge Hack, Kuvi CEO Weighs In

Arbitrum's Security Council voted 9-of-12 to immobilize 30,766 ETH — roughly $71 million — tied to the KelpDAO bridge exploit, intercepting the funds before a native bridge withdrawal back to Ethereum mainnet could complete. The original attack on April 18, 2026 saw 116,500 rsETH (~$292M) minted without backing after attackers compromised LayerZero RPC nodes and forced a failover through a 1-of-1 DVN configuration. Security researchers have preliminarily linked the operation to North Korea's Lazarus Group.

Kuvi AI Founder: "Legitimately Onchain Gangster Moves"

The intervention drew immediate comparisons to Ethereum's most consequential governance decisions. Dylan Dewdney, Founder of Kuvi AI, framed the freeze as a watershed moment for onchain coordination:

"It's a fascinating moment for crypto governance — reminds me actually of the same gravitas as TheDAO, in a way. On one hand, decentralization purists will hate it. On the other, a DAO effectively looked at a state-sponsored hacking group and said: not this time. Arbitrum just demonstrated that onchain systems can defend themselves in real time. In a strange way, they out-coordinated one of the most sophisticated adversaries in the world. Legitimately onchain gangster moves."

How the Freeze Was Executed

According to council member Griff Green, the decision followed "countless hours of debates, technical, practical, ethical and political." The council used the 0x0000000000000000000000000000000000000DA0 precompile — a standard native ETH transfer mechanism — to move the funds to a protocol-controlled intermediary address. Lookonchain confirmed the freeze roughly 20 minutes after execution. Any further movement of the recovered ETH requires an additional Arbitrum governance vote.

The recovered amount represents about 24% of the original $292M drained. The remaining ~$220M moved through other chains and is suspected to be in the laundering phase. Downstream contagion was severe: attackers used stolen rsETH as Aave v3 collateral to borrow $196M in WETH, pushing Aave's WETH markets to 100% utilization and prompting Aave, SparkLend, and Fluid to freeze rsETH markets. Roughly $6.6B in TVL unwound across affected protocols within 48 hours.

The Configuration Dispute

LayerZero's post-mortem attributed responsibility to KelpDAO's choice of a 1-of-1 DVN configuration, with LayerZero Labs itself as the sole verifier. The firm said it would stop signing messages for any application using a single-validator setup, forcing a broader migration across its ecosystem. KelpDAO disputed the framing with its own documentation. The exchange underscores the unresolved question of where responsibility sits in modular DeFi stacks when a single verification layer fails.

Read the original report at Crypto Coin Show.