The funds had been recovered by freezing Arbitrum to be returned to the victims.
Aave argues that immobilizing them harms the very victims that the process seeks to protect.
The company Aave Labs today, May 4, filed an emergency motion before a federal court in New York to lift the hold on approximately $71 million in ether (ETH) recovered from the hack of the Kelp DAO protocol that occurred on April 18.
The funds had been intercepted by the Arbitrum Security Council, which on April 21 frozen 30,766 ETH linked to the exploit and transferred them to a wallet under governance control with the aim of making refunds, as reported by CriptoNoticias.
The goal was to return them to the victims, as Aave Labs proposed along with other projects (Kelp DAO, LayerZero, EtherFi and Compound) through a vote on Arbitrum governance.
However, on May 1, a group of lawyers representing victims of North Korean terrorist attacks obtained a court order that immobilized those same funds.
The lawyers argue that the money belongs to the hacker (which according to several security firms is the Lazarus group), so they consider that it should be used to collect old debts against that country. Aave Labs responded with a central argument: “A thief does not acquire legal ownership of what is stolen simply by taking it.”
Freezing these assets, the company maintains, directly harms the actual victims of the hack. Aave presents itself as an interested party (non-plaintiff) in the case and requested an expedited hearing to temporarily lift the order.
A tension is thus generated between two legal frameworks: on-chain technical recovery for victims versus judicial seizure to collect debts from a foreign State. Such a fact creates a precedent for the jurisdiction of traditional courts over funds recovered in DeFi networks.
A precedent for DeFi in US courts
Vadim, on-chain developer and researcher, highlights the importance of the case. He points out that Aave’s motion represents the “first time” than a decentralized finance (DeFi) protocol of relevance formally defends its users in a US federal court against the seizure of assets by creditors unrelated to the original event.
In his analysis, Vadim summarizes the disputed legal theory with an analogy: a thief breaks a stained glass window and steals a diamond; a passerby recovers him before he escapes; The plaintiffs argue that the thief remains the owner and that his creditors can seize the diamond from the passer-by.
Vadim identified four central arguments of Aave’s motion:
First, no court has judicially determined that the attacker is North Korea: the attribution is based on internet analysis, not proven evidence.
Secondly, New York law requires that the debtor have a direct and present interest in the seized property, condition that an attacker who has already lost the assets does not meet.
Third, that the plaintiffs cited case law on decentralized organizations (DAOs) such as general partnerships that, according to Aave, never established that principle, accusing them of having misled the judge.
And fourth, if the court refuses to lift the freeze, the plaintiffs would have to deposit a USD 300 million guarantee to cover damagesan amount they probably cannot afford.
For Vadim, finally, the arguments and structure of this motion arewill serve as a template for other DeFi protocols facing similar situations in traditional jurisdictions.