Aave LLC has filed an emergency motion in federal court seeking to lift an order that froze approximately $73 million in ether tied to last month's Kelp DAO exploit. The filing challenges a May 1 order that restricts Arbitrum DAO from moving the recovered funds, while plaintiffs from separate years-old terrorism judgments against North Korea seek to claim them as restitution.
The court order reportedly aimed to seize roughly $71-73 million worth of ETH belonging to victims of the April 18 hack. Aave LLC argued that this attempt was legally invalid and requested the court to overturn the order, stating that temporary possession of stolen assets does not equate to ownership. “A thief does not own what he steals,” Aave founder Stani Kulechov said in a statement, comparing the situation to a robber stealing diamonds from a jewelry store only to have them recovered by a bystander. “These funds belong to the affected users they were stolen from — full stop,” he added.
The attack in question saw a bad actor exploit a flaw in a cross-chain bridge tied to Kelp DAO's rsETH token, using unbacked collateral to borrow around $230 million in ETH from Aave users. Shortly after, the Arbitrum protocol intercepted 30,766 ETH, now worth nearly $73 million, and set it aside for recovery. The recovered ETH was initially expected to be returned to victims as the first major pool of funds recovered after the exploit.
That effort later expanded into "DeFi United," an industry-wide push that has since raised more than 137,700 ether worth nearly $327 million, pending the release of the frozen ETH and other protocol votes. Aave is asking the court to vacate the restraining notice or require the plaintiffs to post a bond of at least $300 million to cover potential damages if the freeze remains in place.
The filing states: “The Immobilized Assets are funds that were taken from Aave Protocol users, not assets owned by any alleged wrongdoer.” The plaintiffs' claims are based on unproven speculation that the Kelp DAO exploit was carried out by the North Korean hacking outfit Lazarus Group. Aave argues that even if that were the case, the funds still belong to the affected users.
