The Arbitrum Security Council has taken emergency action to freeze 30,766 ETH linked to the KelpDAO exploit, transferring the funds to an intermediary frozen wallet as of April 20. The ETH stash is worth roughly $71 million at current prices.
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times,…
— Arbitrum (@arbitrum) April 21, 2026
The council acted with input from law enforcement regarding the exploiter’s identity and conducted significant technical diligence to ensure no other chain states or Arbitrum users were affected.
The funds can no longer be accessed at the original address and will only be moved through further action by Arbitrum governance, coordinated with relevant parties.
The freeze came two days after KelpDAO, a liquid restaking protocol built on Ethereum’s staking infrastructure, was drained of approximately $292 million on April 18, making it the largest DeFi security breach of 2026.
The attacker targeted a vulnerability in LayerZero’s cross-chain messaging system, which handles token transfers between blockchains. The breach allowed the attacker to siphon 116,500 rsETH tokens, roughly 18.5% of the circulating supply, which sat at around 630,000 tokens before the attack.
Contagion through lending markets
rsETH was accepted as collateral on Aave, Compound, and Euler. When the token’s price collapsed after the exploit, lending markets seized up. Aave’s total value locked fell from roughly $15 billion to $8.4 billion in 48 hours, a $6.6 billion drop.
The damage at Aave went beyond that headline number. Withdrawal requests topped $5.4 billion within four hours of the exploit becoming public. The WETH market on Aave hit 100% utilization by April 19, meaning every available unit of wrapped ETH had been borrowed and the remaining depositors could not withdraw. Between $177 million and $196 million in bad debt accumulated as positions backed by rsETH collateral went underwater.
One protocol’s vulnerability became another’s insolvency risk, which became a third protocol’s liquidity crisis. The interconnectedness that makes DeFi capital-efficient is the same feature that makes it fragile.
The breach also came just weeks after Drift Protocol, a Solana-based perpetuals exchange, lost roughly $285 million in a separate incident. Two exploits above a quarter-billion dollars in the span of a month.
Be the first to comment