Aave is asking a U.S. court to release $71 million in frozen crypto funds so victims of the Kelp DAO hack can be compensated.
Key Takeaways
- Aave filed an emergency motion to lift a freeze on 30,766 ETH worth about $71 million tied to the Kelp DAO exploit.
- Plaintiffs claim the funds are linked to North Korea and the Lazarus Group, seeking to seize them.
- Aave argues stolen funds belong to users, not attackers, and links to North Korea remain unproven.
- The outcome could shape how DeFi handles hack recoveries and legal claims in the future.
What Happened?
Aave has taken legal action in a New York federal court to overturn a restraining notice that froze funds recovered after the April Kelp DAO exploit. The dispute centers on whether the recovered crypto should go back to affected users or be seized to satisfy long standing claims tied to North Korea.
Aave LLC has filed an emergency motion to vacate a restraining notice served on Arbitrum DAO on May 1, 2026 that attempts to seize approximately $71 million in ETH belonging to victims of the April 18 exploit.
— Aave (@aave) May 4, 2026
A thief does not gain lawful ownership of stolen property simply by… pic.twitter.com/NwgKIdU1L7
Aave Challenges Court Ordered Freeze
Aave LLC, a key contributor to the Aave Protocol, filed an emergency motion in the Southern District of New York seeking to vacate a restraining notice placed on funds held by Arbitrum DAO. The notice has locked up 30,766 ETH, valued at roughly $71 million, which had been recovered after the Kelp DAO exploit on April 18.
The legal filing asks the court to immediately lift the restriction. As an alternative, Aave requested an expedited hearing or demanded that plaintiffs post a cash bond of at least $300 million if the freeze remains. According to Aave, the continued restriction is causing serious harm to users and the broader decentralized finance ecosystem.
Dispute Over Ownership and North Korea Claims
The restraining notice was filed by a law firm representing plaintiffs who hold more than $877 million in unpaid judgments against North Korea. The plaintiffs argue that the attacker behind the exploit is likely linked to the Lazarus Group, a hacking group often associated with North Korea. Based on this claim, they believe the recovered assets can be treated as North Korean property.
Aave strongly disputes this position. In its filing, the company stated that ownership cannot be established through theft, and that recovered assets should legally remain with the victims. It also criticized the evidence linking the attack to North Korea, calling it unproven and based on weak claims.
The filing stated:
Impact of the Kelp DAO Hack
The April exploit targeted Kelp DAO’s rsETH token, which allows users to stake Ethereum and receive a liquid staking token. Attackers manipulated a cross-chain system to mint fake tokens and borrow approximately $290 million, leaving a major hole in the system.
The effects were immediate and severe:
- Users rushed to withdraw funds from Aave.
- Lending pools became strained and quickly maxed out.
- Billions of dollars exited the platform in a short period.
- Some users temporarily lost access to their deposits.
Aave estimates that around $230 million in ETH was borrowed using unbacked collateral, creating significant bad debt within the protocol.
DeFi United Effort and Governance Vote
Following the attack, a coalition known as DeFi United formed to recover funds and stabilize the ecosystem. The group created a technical plan to restore backing for rsETH and repay affected users across platforms like Aave and Compound.
The recovery plan depends heavily on releasing the frozen ETH. Meanwhile, Arbitrum DAO is conducting an onchain vote to decide whether to approve the fund release. The proposal has already gained support from more than 1,400 wallet addresses, representing about 139 million ARB tokens, with voting set to conclude on May 7.
Risks to Users and the DeFi Ecosystem
Aave warned that keeping the funds frozen could trigger broader risks across decentralized finance. Immobilized assets may disrupt collateral positions, potentially leading to cascading liquidations across multiple platforms.
The protocol also cautioned that legal barriers like this could discourage future recovery efforts, especially in cases involving suspected state sponsored attacks. Increased uncertainty could make it harder for industry participants to coordinate rapid responses to hacks.
CoinLaw’s Takeaway
In my experience, this case feels like a defining moment for DeFi. The core question is simple but powerful: who truly owns recovered crypto after a hack. I found Aave’s argument compelling because if stolen funds can be redirected based on unproven claims, it could shake user trust across the entire ecosystem.
At the same time, the legal angle involving North Korea adds real complexity. If courts start stepping deeper into DeFi recovery flows, we could see slower responses to hacks and more hesitation from communities trying to fix problems quickly. This is bigger than just $71 million. It is about the future rules of decentralized finance.
