Arbitrum DAO unlocks $70 million for Kelp DAO rsETH exploit relief, as the DAO approved a vote to transfer frozen ETH to a coordinated recovery effort. The vote passed with 182.2 million votes in favor, about 90.96% support, and the ETH — 30,765.67 ETH — had been frozen last month by the Arbitrum Security Council. The decision follows the freeze enacted last month by the Arbitrum Security Council.
The Kelp DAO rsETH exploit involved an attacker who exploited a flaw in Kelp’s LayerZero-powered cross-chain bridge, as reported. The flaw allowed the attacker to release 116,500 rsETH on Ethereum without a corresponding source-side burn, creating unbacked tokens on the destination chain. The attacker used those unbacked rsETH tokens as collateral on Aave, supplying the tokens to the lending protocol. By leveraging the unbacked collateral on Aave, the attacker drained approximately $230 million in ETH belonging to protocol users through protocol-level borrow and liquidation mechanics.
This sequence — the bridge flaw, the release of unbacked rsETH, and the collateralization on Aave — constitutes the factual account of the rsETH exploit. The above sentences summarize the reported mechanics and the financial impact attributed to the attacker.
The recovery plan for the Kelp DAO exploit involves transferring around 30,765.67 ETH, frozen by the Arbitrum Security Council, to a 3-of-4 Gnosis Safe. This system is jointly controlled by representatives from Aave, KelpDAO, EtherFi, and Certora, aiming to facilitate rsETH recovery. However, the process has faced significant legal challenges, particularly due to a restraining notice issued on May 1 in the Southern District of New York. This notice complicates the fund’s transfer, as plaintiffs claiming the frozen ETH as property of the Democratic People’s Republic of Korea (DPRK) seek its seizure.
In response, Aave LLC has requested the court to either vacate the restraining notice or, alternatively, impose a $300 million bond if the notice is upheld. The case bears serious implications, as non-compliance with the restraining order could result in contempt of court charges under CPLR §5251. Despite the blockchain not being subject to New York court authority, the involvement of identifiable persons in the execution chain poses legal risks. These include possible contempt liability, underscoring the complex legal environment surrounding the recovery effort.
The Arbitrum DAO approved the release of frozen ETH to a coordinated recovery effort for Kelp DAO rsETH exploit victims, settling where the funds will be used. The vote underscores governance risk and legal constraints, as a restraining notice and competing claims have clouded the transfer’s enforceability in the United States and raised potential contempt and U.S. legal exposure for identifiable parties involved in execution.
