$71.5M in ETH Locked by Arbitrum Security Council Amid Ongoing KelpDAO Laundering Activity

Guido Battigelli
Published: April 21, 2026
2:22 pm
Updated: April 21, 2026
3:27 pm

TL;DR:

The Arbitrum Security Council froze 30,766 ETH worth $71.5 million linked to the KelpDAO exploit, after receiving law enforcement information about the attacker’s identity.
The frozen funds can only be released through an Arbitrum governance vote.
The attackers, attributed to North Korea’s Lazarus Group, have already begun moving and laundering the remaining funds using Thorchain and the privacy protocol Umbra.

The Arbitrum Security Council froze 30,766 ETH worth $71.5 million linked to the KelpDAO exploit of April 18, moving the funds to an intermediary wallet inaccessible to the attacker. The measure was taken after receiving information from law enforcement about the hacker’s identity.

The Arbitrum Security Council is composed of elected signers with emergency powers to protect the network during security incidents. Once activated, the council can freeze assets and move them to wallets whose access requires a subsequent community governance vote. The frozen funds cannot be released without coordination with the relevant parties through the protocol’s governance process.

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times,…

— Arbitrum (@arbitrum) April 21, 2026

Arbitrum and the Decentralization Dilemma

The measures taken by the council generated divided reactions within the crypto community. On one hand, they were praised as a swift and effective response to a large-scale attack. On the other, they drew criticism over a layer-2 network’s ability to unilaterally freeze funds, raising questions about how real decentralization truly is when a body with emergency powers of this magnitude exists.

Nevertheless, the attackers have already begun moving funds beyond the reach of any possible response from authorities and protocols. According to onchain data and investigator ZachXBT, the thief’s wallet sent transfers of $57.93 million and $117.48 million on Tuesday during European hours. Approximately $1.5 million was bridged from Ethereum to Bitcoin via Thorchain and an additional $78,000 was routed through Umbra, a privacy protocol. These methods are typical of the initial laundering stage, known as layering, and indicate that the attacker may be preparing to disperse the funds across multiple destinations.

Indirect Consequences of the Freeze

Arbitrum may have inadvertently accelerated the attacker’s plans. By narrowing the room to maneuver over the frozen $71.5 million, pressure on the remaining funds increases. LayerZero attributed the attack to the Lazarus Group from North Korea, an organization that has previously used Thorchain to launder funds in exploits of similar scale.

The KelpDAO exploit also triggered a wave of liquidations across the DeFi sector, and there are fears of contagion spreading to other protocols.

The Solana ecosystem suffers a liquidity crisis after the security breach at KelpDAO on April 20, draining USDC reserves.

Solana News

Solana DeFi Tests Liquidity Depth as USDC Borrow Rates Surge

TL;DR: The Solana ecosystem suffers a liquidity crisis after the security breach at KelpDAO on April 20, draining USDC reserves. Leading protocols such as Jupiter

Ethereum News

Ethereum at Risk of $1,000? Top Trader Warns DeFi Exploits Are Cracking the Bull Case

TL;DR: Analyst Ansem projects an ETH price collapse below $1,000 by the end of the year, citing a structural deterioration in its fundamental value proposition.

Vitalik Buterin defended Ethereum’s security-first roadmap in Hong Kong days after a $292 million DeFi exploit shook the market.

Ethereum News

Two Days After a $292M DeFi Hack, Vitalik Buterin Defends Ethereum’s Design in Hong Kong

TL;DR Vitalik Buterin defended Ethereum in Hong Kong two days after a $292 million bridge exploit shook DeFi and triggered $6.6 billion in Aave outflows.

The KelpDAO rsETH bridge suffered an exploit on April 18, resulting in the loss of approximately 116,500 rsETH, valued at around $293 million.

CryptoNews

KelpDAO Fallout Deepens: Ripple CTO Flags Security Gaps, Justin Sun Calls for Hacker Negotiation

TL;DR: The KelpDAO rsETH bridge suffered an exploit on April 18, resulting in the loss of approximately 116,500 rsETH, valued at around $293 million. David

CryptoNews

KelpDAO’s $280M Exploit Becomes a Cross‑Chain Stress Test as LayerZero Steps In

TL;DR: KelpDAO suffered an exploit for approximately $290 million on April 18, 2026, with funds drained primarily through Ethereum and Arbitrum. LayerZero attributed the attack

CryptoNews

Aave Borrowing Jumps $300M, Exposing Liquidity Stress After KelpDAO Exploit

TL;DR: A KelpDAO exploit triggered a liquidity crisis on Aave, where roughly $300 million in loans were taken out within 24 hours. The attacker deposited

Ads

Crypto Tutorials

Crypto Reviews

$71.5M in ETH Locked by Arbitrum Security Council Amid Ongoing KelpDAO Laundering Activity

Arbitrum and the Decentralization Dilemma

Indirect Consequences of the Freeze

MOST VIEWED

PRICE PREDICTIONS

CRYPTO 101