Connect with us

CRYPTO

Aave Battles Terror Victims For $73M Frozen Kelp DAO ETH

Published

1 month ago

on

A federal judge in Manhattan walks into the strangest legal fight DeFi has produced. On the docket today: 30,766 ETH frozen on Arbitrum, a $292 million April hack tied to the Lazarus Group, and a New York law firm trying to redirect the recovered funds toward $877 million in unpaid terrorism judgments against North Korea.

The legal twist drives the case. Lawyers from Gerstein Harrow LLP have abandoned the word “theft” entirely. Their filing recasts the Kelp DAO incident as a credit fraud, an unsecured loan that the borrower walked away from. Under U.S. property doctrine, fraudulently obtained assets briefly belong to the fraudster, which would make the disputed ETH attachable as North Korean property under Section 201 of the Terrorism Risk Insurance Act.

Aave LLC, the protocol whose users actually lost the money, calls that interpretation legally and morally backward. The Southern District of New York hears both sides today.

Inside Aave’s Emergency Bid To Vacate The Freeze

Aave moved fast on Monday. The protocol filed an emergency motion in the Southern District of New York asking the court to lift the May 1 restraining order and release the 30,766 ETH back to the recovery fund. If the court keeps the freeze in place, Aave wants the plaintiffs to post a $300 million bond, roughly four times the disputed value.

The legal pitch is plain: stolen property is not the thief’s to keep, even briefly, and so cannot be attached against the thief’s debts. Anything else, Aave argues, hands hackers a fleeting form of legal title that no other asset class recognizes.

“A thief does not own what they have stolen. These funds belong to the users from whom they were taken, and no one else,” said Stani Kulechov, founder of Aave.

Gerstein Harrow’s plaintiffs anticipated that response. Their filing reframes April 18 as a defaulted loan rather than a robbery. The attacker minted unbacked rsETH, posted it as collateral, and borrowed real ETH from Aave’s lending pool. When liquidation kicked in, the rsETH was worthless, so the funds had transferred ownership before the contracts could claw them back.

Aave’s filing also pushes back on a second plaintiff argument that the protocol’s terms of use give it custody-like control over user assets. Calling that reading “catastrophic,” Aave warns that any DeFi platform forced to absorb hack losses on its balance sheet would freeze new lending for months.

The plaintiffs’ counter is sharper. Because Aave’s terms describe the protocol as one that “owns, holds, and controls” client assets, the lawyers argue Aave is in no position to deny that the borrowed ETH ever became North Korean property in the first place.

Cracked Ethereum coin frozen in ice with courthouse gavel in $73M Kelp DAO terror claim freeze.
Cracked Ethereum coin frozen in ice with courthouse gavel in $73M Kelp DAO terror claim freeze.

Three Court Judgments Worth $877 Million Behind The Claim

The plaintiffs Gerstein Harrow represents are not crypto investors. They are families of terror victims with default judgments against Pyongyang that, on paper, total more than $877 million before interest. The largest piece traces back to the 1972 Lod Airport massacre. The smallest involves a Hezbollah rocket attack. The highest-profile names belong to the D.C. Circuit accountability ruling for Reverend Kim Dong-shik, abducted by North Korean agents in 2000 and presumed killed in a kwan-li-so labor camp.

Each case relies on the Foreign Sovereign Immunities Act’s terrorism exception, the same statutory hook that produced the D.C. Circuit ruling in Han Kim v. Democratic People’s Republic of Korea. TRIA Section 201 then lets those plaintiffs reach the blocked assets of state sponsors of terrorism. The novelty is that no creditor has tried to use the doctrine on freshly stolen, on-chain ETH before.

Case Plaintiffs Damages Forum
Calderon-Cardona v. DPRK Families of 1972 Lod Airport massacre ~$378 million D.P.R., 2010
Kim v. DPRK Family of Rev. Kim Dong-shik ~$330 million D.D.C., 2015
Kaplan v. DPRK Hezbollah rocket-attack victims ~$169 million D.D.C.

DeFi United Is Already Sitting On Four Times The Frozen Amount

The frozen ETH is, financially, almost beside the point. The DeFi United relief coalition has gathered more than $327 million in pledges since April 18. That total is roughly four times the dollar value of the disputed 30,766 ETH. The freeze is symbolic. The blast radius is not.

The pledge ledger so far:

  • 30,000 ETH from Mantle Network, originally structured as a low-interest loan into Aave’s liquidity pool
  • 30,000 ETH from Consensys and Joseph Lubin, the single largest equity-style commitment
  • 25,000 ETH proposed from Aave’s own DAO Treasury, worth about $58 million at current prices
  • 10,000 ETH from LayerZero, the company at the center of the technical blame fight
  • 5,000 ETH from Stani Kulechov personally, written from his own wallet rather than a corporate Treasury

A separate Snapshot governance vote runs to a May 7 deadline, with 99% of voting Arbitrum DAO holders already approving release of the frozen ETH into the relief fund. The court order, if it survives the Wednesday hearing, sterilizes that vote no matter how Arbitrum’s holders feel about it.

Gerstein Harrow’s counter is brutal. The plaintiffs’ filing argues that rsETH holders are not in financial distress because the rescue fund already covers losses several times over. From the law firm’s vantage, the 30,766 ETH is found money for victims that the U.S. government has been trying, and failing, to make whole for decades.

The 1-of-1 DVN Fight That Started It All

The April 18 hack was an off-chain compromise that exposed a configuration choice the rest of the industry has been quietly making for years. According to LayerZero’s official KelpDAO incident statement, attackers tied to North Korea’s TraderTraitor unit accessed the RPC node list, compromised two independent op-geth nodes, and swapped the binaries to forge cross-chain attestations. The attack passed every observability check.

The blame fight is over who chose the single-verifier setup that made the forgery possible. LayerZero’s April 19 postmortem framed the rsETH bridge as running a “1-of-1 DVN” configuration that contradicted the company’s own multi-DVN recommendation. Kelp says LayerZero personnel reviewed the setup across roughly two and a half years and eight integration discussions without flagging it. A Chainalysis incident analysis showed 47% of about 2,665 active LayerZero OApp contracts ran the same single-verifier setup over a 90-day window ending April 22, with more than $4.5 billion in market value exposed to identical risk.

LayerZero co-founder and chief executive Bryan Pellegrino disputes Kelp’s read of the integration logs. Posting on X after the postmortem dropped, Pellegrino said “many of Kelp’s claims are simply false,” arguing that the rsETH bridge was originally configured with a LayerZero Labs and Google multi-DVN default and that Kelp later switched to single-validator mode on its own initiative.

Kelp announced the obvious next step on May 5. The protocol is migrating rsETH’s cross-chain plumbing off LayerZero entirely and onto Chainlink’s Cross-Chain Interoperability Protocol, which requires multiple independent validator approvals per message. ZRO, LayerZero’s token, sold off on the news.

Why The Hearing Reaches Beyond One DAO

If the credit-fraud reframe wins on Wednesday, every recovery process in DeFi gets harder. State-sponsored attackers would gain a perverse legal status, briefly owning what they take, and any creditor with a U.S. judgment against the same state could race to attach those funds before users get them back. The blueprint would fit ransomware groups linked to Iran or Russia just as cleanly.

If Aave wins, U.S. courts effectively endorse the position that on-chain protocols can claw back attacker collateral on behalf of users without a parallel criminal forfeiture process. That outcome strengthens DeFi self-defense, but it also tells terror-judgment plaintiffs that future state-sponsored crypto thefts are off-limits as a satisfaction source. Today’s hearing answers the first half of that question. The Snapshot vote, scheduled to close May 7, may answer the second.

Frequently Asked Questions

When Does The Court Rule On The Kelp DAO ETH Freeze?

Arguments are scheduled for today, May 6, in the Southern District of New York. The hearing covers Aave’s emergency motion to vacate the May 1 restraining notice and the plaintiffs’ Terrorism Risk Insurance Act claim against the 30,766 ETH. A ruling could come from the bench or take a few days. Either way, the May 7 Snapshot vote on releasing the funds runs into the result.

Is rsETH Still Safe To Hold?

The underlying restaking position is intact. The April 18 hack damaged the cross-chain mint mechanism, not the EigenLayer staking layer, and DeFi United pledges already exceed the gap by roughly four times. Kelp is moving rsETH’s bridge to Chainlink’s CCIP, which closes the single-verifier path the attacker used. Holders should track the Kelp DAO governance forum for the formal redemption schedule.

Can U.S. Courts Force A DAO To Hand Over Crypto?

Sometimes, yes. The Arbitrum Security Council, a small multisig of named individuals, holds the keys to the frozen funds. That makes Arbitrum subject to court process the same way any custodian would be, regardless of how decentralized the underlying voting layer feels. The May 6 ruling will set early precedent for how federal courts treat governance-controlled assets in future enforcement actions.

What Is The Terrorism Risk Insurance Act And Why Does It Matter Here?

TRIA Section 201, passed after September 11, lets terrorism victims with U.S. court judgments attach blocked assets of state sponsors of terrorism to satisfy those judgments. North Korea is on the State Department’s sponsor list, so any funds legally classified as DPRK property are reachable. The crypto twist is whether ETH briefly held by a North Korean attacker counts as DPRK property under the statute.

The hearing decides who controls the largest single recovery pot in DeFi history. The rulings that follow it decide something bigger.

Federal judges are about to write the rulebook for how stolen on-chain assets get classified, who has standing to claim them, and whether decentralized governance can keep its promises when a U.S. district court says otherwise.

Disclaimer: This article reports on an active federal court proceeding and a related crypto recovery effort and does not constitute legal or investment advice. Cryptocurrency assets, including liquid restaking tokens such as rsETH, carry significant smart-contract, counterparty, and regulatory risk. Readers considering any related action should consult a licensed attorney and a qualified financial advisor. Figures, judgments, and procedural details are accurate as of May 6, 2026, and are subject to change.

Related Topics:

Logan Pierce is a writer and web publisher with over seven years of experience covering consumer technology. He has published work on independent tech blogs and freelance bylines covering Android devices, privacy focused software, and budget gadgets. Logan founded Oton Technology to publish clear, no nonsense tech news and reviews based on real hands on testing. He has personally tested and reviewed dozens of mid range and budget Android phones, written extensively about app privacy, and built and managed multiple WordPress publications over the past decade. Logan holds a bachelor's degree in English and studied digital marketing at a certificate level.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending