A federal judge in Manhattan has authorized the transfer of approximately $71 million in frozen Ether (ETH) linked to a North Korean state-sponsored hack. The ruling, issued by U.S. District Judge Margaret Garnett of the Southern District of New York, partially modifies a prior asset freeze and allows the DeFi lending protocol Aave to move the funds to a protocol-managed wallet. The decision marks a pivotal moment for decentralized finance interacting with traditional legal systems.
The case traces back to April 18, 2026, when KelpDAO lost roughly $292 million in rsETH through a sophisticated exploit on its LayerZero bridge. Attackers, widely attributed to the Lazarus Group, compromised RPC nodes to fraudulently unlock rsETH from Ethereum mainnet escrow, triggering temporary DeFi outflows of up to $13 billion. In response, Arbitrum’s Security Council froze 30,766 ETH tied to the hack, and the Arbitrum community voted overwhelmingly to transfer those assets to a recovery multisig managed by Aave, KelpDAO, Certora, and EtherFi.
On May 1, attorney Charles Gerstein filed a restraining notice on behalf of terrorism judgment creditors holding $877 million in unpaid claims against North Korea, arguing the frozen ETH was DPRK property subject to seizure. Aave countered that the funds belonged to innocent protocol users, not the hackers. Judge Garnett’s order enables the transfer of the ETH via an onchain Arbitrum DAO governance vote while allowing the legal restraining notice to travel with the assets, attaching to Aave LLC upon transfer. The ruling also shields participants in the governance process from personal liability.
The recovery effort has already seen liquidators close the thief’s positions on Aave V3 and transfer retrieved rsETH collateral to the Recovery Guardian. The next phase involves burning liquidated rsETH on Arbitrum, retiring the corresponding LayerZero packet to prevent further minting on Ethereum, and combining seized rsETH with committed ETH from DeFi United coalition partners to restore rsETH’s full backing and reopen withdrawals. The court’s decision is expected to influence how future crypto-related hacks are handled, particularly when state actors are involved, and may push DAO governance toward hybrid models with greater legal clarity.
