On May 9, a federal court in New York authorized the transfer of 30,765 ETH (USD 71 million) linked to the hack of the Kelp DAO protocol, unblocking the last legal obstacle that prevented victims from advancing in the recovery of funds through Aave Labs.
The court decision allows frozen assets are transferred to a wallet controlled by Aave Labs. This closes a critical phase of the recovery process initiated after the exploit that occurred on April 18, which affected the liquidity markets of the DeFi ecosystem and exposed a potential debt of up to USD 230 million in ETH.
The attack originated from a vulnerability in the bridge cross-chain from Kelp DAO, where Using unbacked rsETH tokens as collateral allowed attackers to mine large amounts of ETH from the Aave V3 protocol. After the incident, the Arbitrum DAO Security Council froze 30,765 ETH with the aim of preventing its dispersion and facilitating its redistribution to affected users, as reported by CriptoNoticias.
Subsequently, the Arbitrum community approved with more than 90% of the votes a proposal to return the funds through a coordinated scheme between affected protocols, including Aave, EtherFi, LayerZero and Compound. Now, federal Judge Margaret Garnett has authorized the execution of that governance decision, allowing the movement of assets without exposing participants to legal liability.
The recovery plan also contemplates the recapitalization of the rsETH bridge to restore its 1:1 parity with ETH. A key measure to stabilize the system after the imbalance generated by the exploit. In parallel, Aave’s risk parameters, especially loan-to-value (LTV) ratios, have already begun to normalize.
It is worth noting that The case was marked by a parallel legal dispute. A group of lawyers representing victims of rulings against North Korea requested that the funds be blocked, alleging a possible link to the hacker group Lazarus Group. As Criptonoticias reported, their argument maintained that the frozen ETH should be used to cover previous court rulings related to attacks attributed to the North Korean State.
Aave defended that the attacker had no legal rights to the funds and that its retention directly harms the victims of the original hack. The court ended up supporting this position and allowing the transfer, although without completely closing the discussion on the final ownership of the assets.
With this authorization, the process enters its final phase and is aimed at redistributing the recovered funds. Beyond the specific case, the resolution sets a relevant precedent on the interaction between the governance of decentralized protocols and the jurisdiction of traditional courts in asset management on-chain after security incidents.