30,766 ETH frozen: How Arbitrum moved before KelpDAO funds vanished

In DeFi, stolen funds rarely return. This time, $71 million did not disappear.

Arbitrum confirmed that its Security Council froze 30,766 ETH tied to the KelpDAO exploit. The funds were moved to a governance-controlled intermediary wallet, cutting off the exploiter’s access.

Arbitrum intervenes mid-flow

The freeze targeted funds linked to the $292 million rsETH exploit on KelpDAO’s LayerZero-powered bridge.

Early assessments tied the attack to North Korea’s Lazarus Group, though attribution remained preliminary.

However, Arbitrum [ARB] did not wait for full attribution. The Security Council used emergency powers to move assets before they dispersed across chains. That move secured roughly a quarter of the stolen funds, limiting immediate losses.

Recoveries remain the exception

DeFi history shows that most stolen funds are rarely recovered.

In the Euler Finance exploit, attackers drained nearly $197 million before gradually returning funds after negotiations. Even then, the recovery relied on cooperation from the attacker, not protocol-level intervention.

Then, during the Curve Finance Exploit, coordinated efforts led to only a partial recovery.

Looking across major DeFi hacks in 2023, the pattern becomes clear: A large share of stolen crypto—often more than half remains unrecovered.

Why Arbitrum’s model mattered

Arbitrum’s Security Council operates through a multisig emergency framework. This structure allows a small group of elected signers to act during critical events without waiting for full governance voting.

In this case, it enabled action before the funds became fragmented or laundered.

On top of that, the frozen Ethereum [ETH] now sits in an intermediary wallet and can only move through further governance coordination.

That level of control is uncommon in DeFi responses, where immutability often limits intervention.

Decentralization vs security—a familiar trade-off

Even so, the move raises familiar concerns.

Freezing funds shows that governance layers can intervene under certain conditions. That introduces a degree of discretionary control within systems designed to be permissionless.

By contrast, many protocols lack such mechanisms, leaving exploits unresolved.

This case highlights a clear trade-off. Faster recovery came at the cost of stronger governance control.

Whether that balance holds will likely shape future Layer 2 design choices.

Final Summary

• Arbitrum froze 30,766 ETH worth about $71M, preventing the exploiter from accessing those funds
• The intervention secured roughly one-fourth of the total assets lost in the KelpDAO exploit