Arbitrum’s Security Council has stepped in to freeze roughly $71 million in stolen Ethereum tied to the massive Kelp DAO hack, marking one of the fastest high-stakes interventions in recent DeFi history.
“After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users,” Arbitrum team said in a latest X post.
On April 18, attackers drained about 116,500 rsETH—valued at around $292 million—from Kelp DAO’s LayerZero-powered cross-chain bridge.
The exploit tricked the bridge with a spoofed message, releasing unbacked liquid restaking tokens that quickly spread contagion through lending platforms like Aave V3, forcing multiple protocols to freeze markets and contain bad debt.
The hacker converted much of the haul into ETH, splitting funds across Ethereum mainnet and Arbitrum. On Arbitrum One, approximately 30,766 ETH ended up in a linked address.
The KelpDAO exploit
On April 18, 2026, at around 17:35 UTC, attackers exploited a vulnerability in Kelp DAO’s LayerZero-powered cross-chain bridge, draining 116,500 rsETH valued at approximately $292 million—roughly 18% of the token’s circulating supply of about 630,000 tokens.
The hack involved spoofing a cross-chain message through LayerZero’s EndpointV2 contract, tricking the bridge into releasing unbacked rsETH without a corresponding burn on the source chain. This was reportedly enabled by a weak 1-of-1 DVN (Data Verification Network) configuration on the route, creating a single point of failure.
Kelp DAO responded quickly by using its emergency pauser multisig to freeze core rsETH contracts roughly 46 minutes later, blocking additional potential drains estimated at over $100 million. The stolen rsETH was deposited as collateral on lending platforms including Aave V3, SparkLend, and Fluid, triggering contagion with bad debt risks and forcing multiple protocols to freeze markets.
The incident stands as the largest DeFi exploit of 2026 so far, exposing ongoing risks in cross-chain bridges and liquid restaking protocols, with wrapped rsETH now stranded across more than 20 chains.
Freezing funds: against decentralization?
Early Tuesday, Arbitrum’s Security Council announced it had used emergency powers to move those funds to an intermediary “frozen” wallet. The council said it acted after consulting law enforcement on the exploiter’s identity and following “significant technical diligence.”
The transfer, completed late Monday, left the original address empty while leaving the rest of Arbitrum’s chain state, users, and applications untouched. “Funds… can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties,” the official statement read.
The move has recovered what amounts to about a quarter of the hack’s total haul on Arbitrum, though the broader stolen ETH remains scattered. It highlights the practical limits of pure decentralization when millions are at stake.
Given the long-standing debate over freezing funds on blockchain—the move theoretically going against the ethos of decentralization—some praised the swift action as responsible stewardship that protects users from North Korean-style hackers or sophisticated exploits. Others called it a dangerous precedent, arguing that any council with the ability to seize and relocate funds undermines the “don’t trust, verify” ethos of crypto.
“This exposes Arbitrum as a multisig wallet that can unilaterally freeze and steal funds though,” a user wrote. “Which tbh may be a good option, lets accept bitcoin is the only real decentralized chain, the rest are centralized but without KYC.”
This KelpDAO incident is now the largest DeFi exploit of 2026, exposing how interconnected bridges and oracles can amplify a single vulnerability into ecosystem-wide shock.
The exploit has also left mounting debt on other DeFi protocols like Aave as the attacker moved funds in an attempt to chase a clean exit.
Also read: Ice Open Network Breach Exposes User Data in Third-Party Hack
