Over the weekend, a cyberattack that sent shockwaves through the crypto ecosystem prompted the Arbitrum Security Council to freeze 30,766 ETH, valued at approximately $71.1 million. The frozen funds were traced to an address on Arbitrum One and linked to the high-profile $292 million Kelp DAO attack.
Funds secured; users remain unaffected
On Tuesday, the Arbitrum team announced via social media that the Security Council had transferred the flagged assets to a frozen intermediary wallet. They emphasized that the measure strictly targeted the relevant funds and had no negative impact on the platform’s overall functionality or individual users.
The fate of the seized ETH will ultimately be determined by Arbitrum’s community governance process. Unless the community votes or makes another governance decision, these ETH tokens will remain locked indefinitely.
The announcement from Arbitrum stated, “The Security Council took action based on information about the attacker’s identity from law enforcement agencies, and special care was taken not to compromise the integrity of the Arbitrum community.”
Kelp DAO attack marks major loss
This protective action followed the dramatic Kelp DAO breach, which rattled the industry over the weekend. Kelp DAO, known for its cross-chain bridges and use of LayerZero infrastructure, fell victim to a vulnerability that resulted in the theft of 116,500 rsETH tokens—worth an estimated $292 million. This stands among the biggest losses to date for such exploits.
Preliminary investigations suggested the hack may be connected to Lazarus, the infamous North Korea-based hacker collective. According to analysis by the LayerZero team, traces of the operation resembled patterns documented in previous high-profile attacks.
System flaw sparks debate between involved parties
LayerZero representatives criticized Kelp DAO’s decentralized validation setup, which relies on a single one-to-one prover. They argued that lacking independent verification mechanisms opened up a dangerous vulnerability, making the system susceptible to exploitation by bad actors.
Kelp DAO’s management responded by noting that the criticized verification infrastructure is the default setup provided by LayerZero itself. They stressed that full responsibility for the breach cannot be placed solely on them.
The debate has reignited scrutiny of bridge protocol security architecture and the standards safeguarding crypto assets across blockchains.
These developments have put security for cross-chain fund transfers under the spotlight once again within the decentralized finance ecosystem. As the aftermath unfolds, both the hunt for those behind the hack and efforts to recover stolen assets are being closely watched by the community and authorities.
