Three days after one of the most damaging hacks in DeFi history, Arbitrum’s Security Council moved to contain the fallout. On Tuesday, the layer-2 network announced it had frozen 30,766 ETH, worth roughly $71.1 million, held at an address on Arbitrum One linked to last weekend’s $292 million Kelp DAO exploit.
The funds were transferred to an intermediary wallet where they’ll stay locked unless Arbitrum’s broader governance process approves further action. According to Arbitrum, the freeze was carried out in coordination with law enforcement and did not disrupt normal chain operations, other users and applications on the network were unaffected.
“The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications,” the team said.
It’s a rare but significant intervention. Arbitrum’s Security Council holds emergency powers that allow it to act quickly without waiting for standard governance votes, powers that exist precisely for situations like this.
What happened over the weekend
To understand why this matters, you need to know how the Kelp DAO exploit actually worked.
Kelp DAO is a liquid restaking protocol, a platform that takes user-deposited ETH, routes it through EigenLayer (a system that lets Ethereum’s security be reused to protect other networks), and issues a receipt token called rsETH in exchange.
That rsETH token can then be traded, used as collateral in lending markets, or moved across different blockchain networks. The bridge handling those cross-chain movements was powered by LayerZero, a cross-chain messaging layer that lets different blockchains send verified instructions to each other.
On Saturday at 17:35 UTC, an attacker drained 116,500 rsETH from Kelp’s LayerZero-powered bridge, worth about $292 million and representing roughly 18 percent of rsETH’s entire circulating supply.
The attacker tricked LayerZero’s messaging system into believing a legitimate instruction had arrived from another network, which triggered the bridge to release the funds to an attacker-controlled address. Kelp’s emergency team paused its core contracts 46 minutes later. Two follow-up attempts at 18:26 and 18:28 UTC, each targeting another 40,000 rsETH worth roughly $100 million, were blocked.
The technical explanation for how that trick worked has since become a source of serious dispute. LayerZero said attackers, whom it has linked with preliminary confidence to North Korea’s Lazarus Group, compromised two RPC nodes, the servers that LayerZero’s verifier used to confirm cross-chain transactions, and replaced their software with malicious versions that reported false data.
They then ran a distributed denial-of-service attack, flooding the remaining clean nodes with junk traffic to force failover to the compromised ones. Once that happened, the verifier saw what looked like a valid cross-chain instruction, and Kelp’s bridge acted on it.
LayerZero placed the blame squarely on Kelp’s decision to use a single-verifier configuration, saying its integration documentation and direct communications had recommended a multi-verifier setup where consensus across several independent validators would be needed before any cross-chain message could go through. Under that setup, poisoning a single node wouldn’t have been enough.
Kelp pushed back. The protocol disputed LayerZero’s framing, arguing that the compromised verifier infrastructure was LayerZero’s own, not a third-party setup Kelp had independently chosen, and that LayerZero’s own documentation and deployment code promote single-source verification across major chains.In other words: Kelp says it was using LayerZero’s defaults, not deviating from them. The finger-pointing between the two projects is ongoing.
The contagion spread fast
The hack didn’t stay contained to Kelp. Because rsETH had been accepted as collateral across multiple major lending protocols, the fallout spread almost immediately. The attacker deposited stolen rsETH onto Aave as collateral and borrowed real assets against it, leaving a concentrated pocket of bad debt in the rsETH-WETH pair.
Aave froze its rsETH markets on both V3 and V4 within hours, a containment move, not a sign that Aave’s own code had been compromised. SparkLend and Fluid followed suit. Aave’s total value locked fell from roughly $15 billion to $8.4 billion in 48 hours, a $6.6 billion drop.Current estimates put Aave’s bad debt exposure in the range of $177 million to $200 million.
rsETH is deployed across more than 20 networks including Base, Arbitrum, Linea, Blast, Mantle and Scroll. The bridge that was drained held the reserve backing all of those wrapped versions. With that reserve gone, users holding rsETH on layer-2 networks suddenly faced the question of whether their tokens had anything real underneath them, a dynamic that pushed panic selling and stressed DeFi liquidity across the board.
A broader pattern taking shape
Lazarus Group has now been linked to both the Drift Protocol exploit on April 1 and the Kelp attack on April 18, meaning the same North Korean unit has drained more than $575 million from DeFi in 18 days through two structurally different attack vectors. Drift was hit through social engineering, manipulating governance signers. Kelp was hit through infrastructure poisoning. Same group, completely different methods.
That pattern should be alarming. It suggests a level of operational sophistication and adaptability that most DeFi security models aren’t built to handle. Lazarus appears to be mapping out the structural weaknesses in cross-chain infrastructure and exploiting them methodically.
LayerZero said it will no longer sign messages for any project running a 1-of-1 verifier configuration, effectively forcing a protocol-wide migration for any integrators still using that setup. Whether that closes the door or just pushes attackers to the next available gap is the harder question.