A federal court in Manhattan has approved Aave’s bid to take control of approximately $71 million in frozen ether held on Arbitrum, following last month’s North Korea-linked rsETH hack. The decision authorizes the transfer of these assets into a wallet managed by Aave LLC and preserves the legal claims of hack victims with ties to North Korean terrorist activity.
Legal clearance and transfer details
According to the ruling issued by U.S. Judge Margaret Garnett, a previous restraining order applied to Arbitrum DAO was revised, enabling an on-chain governance vote to transfer the ETH to Aave. Critically, the court’s instructions ensure that no participant in the transaction—whether proposing, voting, or facilitating—will face legal liability for breaching asset freeze rules.
Before reaching this stage, the Arbitrum community had already signaled broad support for returning the funds to Aave through an off-chain Snapshot vote. However, the release required a binding governance decision on the blockchain itself to proceed with the actual transfer.
Broader legal battle and pressure on Arbitrum
Aave’s recovery plan reflects ongoing efforts to compensate plaintiffs impacted by hacks with North Korean links. Attorney Charles Gerstein represents terror victims who collectively hold $877 million in unenforced court judgments against North Korea. He has argued in court that the frozen ETH, allegedly connected to the Lazarus Group and sanctioned by Pyongyang, rightfully belongs to those harmed by state-sponsored cyberattacks.
Gerstein’s tactics on Arbitrum illustrate a broader legal effort to track down North Korea-linked digital assets across decentralized finance protocols. Investigators allege that North Korean hackers have exploited protocols like Railgun to launder funds originating from previous large-scale cyberattacks.
The lawsuit and Railgun allegations
Plaintiffs claim North Korean groups laundered crypto through Railgun after siphoning $1.5 billion in assets from sources such as the Bybit exchange. They argue that Railgun should have detected and frozen these assets in advance, but the absence of such intervention allowed the funds to be moved.
In March, after Railgun DAO failed to mount a defense in a related case, plaintiffs sought a default judgment from the federal court in Washington. Meanwhile, blockchain investment firm Digital Currency Group’s 2022 acquisition of $10 million in Railgun governance tokens has prompted further scrutiny, with plaintiffs suggesting the firm played a material role in both management and financial outcomes.
Earlier, in February, the plaintiffs separately petitioned authorities to safeguard USDT holdings that the U.S. government aimed to seize.
The court’s milestone decision is being viewed as a crucial move in the ongoing debate over asset freezing and fund recovery within the decentralized finance (DeFi) space, particularly in the context of high-profile North Korea-linked cyberattacks.
The approval of the transfer now paves the way for Aave to process the $71 million in ETH originally compromised during an attack and immobilized on Arbitrum. This outcome is expected to restore some confidence in decentralized protocols’ ability to cooperate with law enforcement.
As the legal tug-of-war continues between DeFi platforms, governments, and victims of cybercrime, the latest ruling represents a clear shift toward formal procedures and regulatory compliance across blockchain networks.
The spotlight will now turn to the on-chain governance mechanisms needed to finalize what could become a landmark transfer, shaping future approaches when criminal proceeds are intercepted on decentralized platforms.
More broadly, this case underscores mounting regulatory and legal scrutiny on decentralized platforms, especially those that inadvertently become conduits for illicit activity by state-sponsored groups.
