Judge Margaret Garnett has modified a restraining notice to allow $71 million in frozen ether (ETH) from the North Korea-linked rsETH exploit to be transferred from Arbitrum to a wallet controlled by Aave LLC. The court order permits an onchain governance vote to execute the transfer while preserving the legal claim of terrorism judgment creditors against North Korea. Over 30 families hold approximately $877 million in unpaid judgments related to North Korean state-sponsored attacks, and they argue that the frozen ETH should be available for seizure since the exploit is attributed to the Lazarus Group, which is supported by Pyongyang. The ruling resolves a standoff that threatened to derail a coordinated DeFi recovery effort. Arbitrum delegates had previously signaled support for returning the frozen ETH as part of Aave’s broader recovery plan. The judge also shielded participants from liability, stating that those who initiate, vote on, or participate in the transfer would not violate the freeze. However, the actual transfer still requires a separate binding onchain governance vote. For wallet and key holders, this case highlights the legal risks associated with frozen or sanctioned assets in DeFi protocols. It sets a precedent that court-ordered freezes can follow assets across blockchains and that governance participants could potentially face liability. Users should be aware that funds linked to illicit activities may be subject to seizure, even if they are moved via decentralized systems. The ongoing legal strategy against Railgun DAO and other protocols underscores the increasing scrutiny of DeFi infrastructure by creditors seeking to enforce judgments against state-sponsored hackers.

Key facts

• Judge allowed $71M frozen ETH from Lazarus Group exploit to move from Arbitrum to Aave.
• Terrorism victims with $877M in judgments against North Korea retain legal claim on the funds.
• Court protects governance participants from liability for executing the transfer.
• Transfer still requires a binding onchain vote by Arbitrum DAO.
• Creditors also sued Railgun DAO for allowing North Korean funds to move.

KeyAudit data perspective