Arbitrum DAO has passed a governance vote with 90.96% approval to release 30,765.67 ETH (worth approximately $70 million) to a recovery address controlled by Aave, KelpDAO, EtherFi, and Certora. The funds were frozen by the Arbitrum Security Council after a cross-chain bridge exploit last month, where attackers used unbacked rsETH as collateral on Aave to drain roughly $230 million in ETH. The approved transfer aims to compensate victims of the Kelp DAO rsETH exploit. However, a U.S. federal court dispute complicates execution. Plaintiffs with unpaid judgments against North Korea obtained a restraining notice, citing attribution of the hack to the Lazarus Group, and claiming the frozen ETH is DPRK property subject to seizure. Aave LLC has asked the court to vacate the notice or require a $300 million bond, arguing ongoing harm to users. Legal experts warn that executing the transfer now risks contempt of court for any identifiable person in the execution chain who has received the notice. For wallet and key holders, this case highlights the legal risks in DeFi governance: even DAO-approved actions can be blocked by court orders if assets are linked to sanctioned entities. Anyone involved in signing or executing the transfer may face personal contempt liability. The outcome could set a precedent for how U.S. courts assert jurisdiction over blockchain-based decisions, especially where private keys are held by identifiable individuals.

Key facts

• Arbitrum DAO voted 90.96% in favor to release 30,765.67 ETH frozen after a Kelp exploit.
• A U.S. restraining notice claims the ETH belongs to North Korea's Lazarus Group.
• Aave LLC seeks to vacate the notice or require a $300 million bond from plaintiffs.
• Legal experts say executing the transfer risks contempt of court for signers.
• Lifting the freeze won't guarantee a clean execution due to ongoing legal risks.

KeyAudit data perspective