Aave Fights to Unfreeze $71 Million as Kelp DAO Hack Spills Into Court

A case making its way through a U.S. federal court could decide whether funds recovered after a hack can be diverted away from users.

Aave is asking a federal court in New York to unblock about $71 million in crypto frozen on the Arbitrum network, arguing the money belongs to its users, not to a hacker that plaintiffs claim is tied to North Korea, setting up a clash between DeFi recovery efforts and creditors seeking to enforce long-standing judgments against the country.

In a memorandum filed Monday, Aave said a court-ordered freeze on Arbitrum, a layer-2 Ethereum network, is blocking the return of funds recovered after an exploit tied to Kelp DAO’s rsETH token. The company asked the court to lift the freeze immediately or require plaintiffs to post a bond of at least $300 million if it remains in place.

“Since the exploit, teams from the Aave Protocol community, the Arbitrum community, and others in the DeFi community worldwide have worked frantically around the clock, in an effort that became known as “DeFi United,” to return the immobilized assets and other value to the Aave Protocol victims, to restore stability and security to the Aave Protocol and other protocols in the decentralized finance ecosystem, and to ensure that similar exploits do not occur in the future,” the filing said.

The dispute stems from an April hack involving Kelp DAO, a platform that lets users stake Ethereum and receive a token called rsETH. Attackers tricked a system that moves tokens between blockchains, created fake rsETH, and used it to borrow about $290 million.

Plaintiffs in the case, who hold unpaid judgments against North Korea, argue that the attacker was likely linked to the country’s Lazarus Group. On that basis, they claim the frozen assets can be treated as North Korean property and seized.

“Plaintiffs’ grievances against North Korea may well be righteous,” the filing said. “But AaveLLC emphatically rejects the notion that those grievances can be lawfully addressed by restraining and seizing assets that belong to completely blameless third parties—namely, users of the Aave software protocol (the “Aave Protocol”), who are wholly unconnected to any alleged wrongdoing,and who have no known relationship to North Korea.”

While it’s still unclear who carried out the hack, the impact spread fast. Users rushed to pull out their money, funds ran low, and key lending pools were quickly maxed out. Billions of dollars left the platform in a short time, and some users couldn’t access their deposits.

At the same time, Arbitrum’s Security Council froze about 30,766 ETH, worth roughly $71 million, that had been linked to the exploit and placed the funds under governance control. Those funds are now at the center of the legal fight.

Later that month, Aave and others, including Consensys, Lido, Compound, and the Avalanche Foundation, launched a recovery effort called “DeFi United.” They raised more than $300 million to help restore the value of rsETH and cover losses from the hack.

The filing also questions whether Arbitrum DAO can even be treated like a legal entity. Aave argues it isn’t a formal organization that can be served in the way the plaintiffs tried, which could complicate the case.

Beyond the legal dispute, Aave says the freeze is worsening the fallout from the Kelp DAO exploit.

“To be clear, the objective of the Restraining Notice against Arbitrum DAO is not to aid in the global recovery efforts to help the Aave Protocol victims,” attorneys for the plaintiffs wrote. “Instead, it does the opposite.”