- Arbitrum freezes 30,000 ETH linked to the KelpDAO exploit.
- The funds were moved to secure the frozen wallet to block the attackers’ access.
- LayerZero blames the platform’s single-verifier setup.
The Arbitrum Security Council has stepped in with emergency measures after the recent KelpDAO exploit. The platform has reportedly frozen more than 30,000 Ether tokens linked to the attacker on Arbitrum One. The council is now moving in coordination with law enforcement to secure the funds. The platform also ensured that no users or applications on the network were impacted.
Arbitrum Council Takes Emergency Action in KelpDAO Exploit
According to an X post earlier today, the Arbitrum Security Council has taken action after identifying the funds linked to the KelpDAO exploit. The council announced the freezing of 30,766 ETH linked to the hacker, focusing on protecting users and maintaining trust in the network. The X post stated,
Instead of taking any action that could disrupt the normal activity of the network, the team carefully chose a path that would isolate the issue. The council needs to keep the rest of the ecosystem running smoothly.
Notably, the Arbitrum team’s aim was to ensure that the funds could no longer be accessed by the KelpDAO attacker. They also wanted to ensure that no users are affected. The team also made sure that the applications and the overall blockchain remain intact.
Following extensive technical review and careful planning, the Arbitrum team executed a strategy to safely transfer the funds without affecting the broader chain. As of April 20, the ETH has been moved to a frozen intermediary wallet. This cut off the exploiter’s access. Any further movement of these funds will now require approval through Arbitrum’s governance process in coordination with relevant authorities.
KelpDAO Exploit Explained
The KelpDAO exploit is one of the biggest crypto hacks in 2026. The attackers managed to drain about $300 million worth of rsETH from the protocol. The issue came from a vulnerability in KelpDAO’s cross-chain bridge. This allowed unbaked tokens to be minted and moved across networks.
Once the attacker gained control of the system flaw, the stolen rsETH was quickly used across major DeFi platforms like lending protocols to borrow assets such as ETH. This created a ripple effect across the ecosystem, forcing multiple protocols to pause markets and review exposure to the affected token.
In response, KelpDAO immediately paused its rsETH contracts and worked with security teams and partners to contain the damage. The rapid action helped limit further losses.
LayerZero Blames KelpDAO’s Security Setup
Following the KelpDAO exploit, LayerZero pointed to the platform’s security setup as a key reason behind the hack. According to LayerZero, KelpDAO was using a single-verifier system, despite earlier warnings against this approach.
The platform added that the attackers targeted the underlying infrastructure of KelpDAO, instead of attacking the protocol’s code directly. The attackers managed to take control of two RPC nodes, which were being used by LayerZero’s system to verify transactions.
Then they replaced the software on those nodes with malicious versions. These altered nodes fed false information to LayeZero’s verifier. This makes it believable the fake transaction was real, still showing normal data to everyone else.
Source: https://www.cryptonewsz.com/arbitrum-freezes-eth-linked-to-kelpdao-exploit/
