KelpDAO Security Incident Review: How Arbitrum Frozen 30,766 Stolen ETH

On April 18, 2026, KelpDAO experienced the largest security breach in the DeFi sector for the year, with the attacker stealing approximately 116,500 rsETH through its LayerZero-powered cross-chain bridge, worth about $292 million. The core issue of this attack was not a traditional smart contract vulnerability but a systemic security event caused by the failure of the cross-chain trust model combined with DeFi composability amplification.

The technical core of the attack points to a configuration flaw in the LayerZero cross-chain verification architecture. KelpDAO’s rsETH bridge adopted the LayerZero OFT (Omnichain Fungible Token) solution, which relies on DVN (Decentralized Validation Network) for security. However, KelpDAO operated with a 1-of-1 single validator node setup, meaning only one validator signature was needed to confirm cross-chain messages as authentic. The attacker exploited this by forging a cross-chain message, causing the system to automatically release assets worth about $292 million. The attack was executed with extreme efficiency: from calling the core function to transferring all funds, the entire process took only 46 minutes.

After the theft, the attacker collateralized the obtained rsETH into Aave V3 and other lending protocols, borrowing large amounts of ETH, which created approximately $196 million in bad debt on Aave’s books. Aave’s total locked value (TVL) plummeted from about $26.4 billion to $18.6 billion, and the AAVE token dropped roughly 20% in a single day. The attacker then transferred about 30,766 ETH to the Arbitrum One chain, a move that directly triggered the subsequent intervention by the security council.

What is the basis for the security council’s action?

The Arbitrum Security Council is a 12-member body elected by the Arbitrum DAO, with members rotating through regular elections every 12 months, six members per group. Its core function is to act swiftly in emergencies via a 9-of-12 multi-signature wallet to ensure the safety and integrity of the Arbitrum ecosystem.

In this incident, the prerequisite for the council’s action—identity verification of the attacker—was assisted by law enforcement agencies. Arbitrum explicitly stated in its announcement that the security council “acted based on information from law enforcement regarding the attacker’s identity.” From a governance perspective, this action aligns with the definition of “catastrophic emergency” in Arbitrum’s progressive decentralization documentation, providing a legal basis for intervention.

It’s important to note that the council’s authority is not unlimited. According to the Arbitrum DAO charter, the council can only bypass standard governance procedures in emergencies, with a minimum of 9 out of 12 signatures required. In this case, nine members voted to freeze the funds, meeting the minimum multi-signature threshold. Griff Green, a security council member, stated on X that this decision “was not made lightly but after hours of technical, practical, ethical, and political debate.”

How is the on-chain freezing technically implemented?

Dragonfly managing partner Haseeb Qureshi provided a detailed technical analysis of this operation. The freezing transaction used the ArbitrumUnsignedTxType (EIP-2718 type 0x65/101), a system-level transaction that cannot be signed by ordinary externally owned accounts (EOAs) with private keys, but can only be injected and executed by the security council via ArbOS.

This means the core mechanism differs fundamentally from typical blockchain transactions. Ordinary transactions are signed by user private keys, with their validity based on user authorization; in contrast, this system-level transaction’s validity is derived from the blockchain’s consensus rules, not any single user’s signature. The security council’s 9-of-12 multi-signature authorization triggered ArbOS’s underlying state modification capability, directly changing the balance of a specific address—transferring 30,766 ETH from the attacker’s address to a frozen intermediary wallet—assets that are forcibly transferred by the chain’s execution logic.

It’s noteworthy that this operation is not a traditional “chain rollback.” It does not undo any confirmed blocks nor rewrite transaction history. All on-chain records during the attack remain intact, and the blockchain’s immutability is preserved. From a state machine perspective, this is essentially a “state-level” asset recovery: the attacker’s private key can still sign transactions, but the core assets under their address have been forcibly transferred to a governance-controlled wallet according to chain rules. This design allows targeted intervention on specific assets while maintaining the integrity of the blockchain ledger.

The freezing operation is highly precise. Arbitrum emphasizes that the entire transfer process does not affect “any other on-chain state or Arbitrum users,” nor does it disrupt normal operation of any Arbitrum applications. As of 11:26 PM ET on April 20, the funds had been successfully transferred to the frozen wallet, and the attacker’s original address no longer has access to these funds. Any subsequent transfers can only be executed by Arbitrum governance after coordination with relevant parties.

How does governance intervention balance with decentralization principles?

This freezing action, which efficiently intercepted part of the stolen funds, also sparked widespread debate about the boundaries of decentralized network governance. The fact that a Layer-2 security council, with law enforcement assistance, proactively intervened to freeze assets on a specific chain address sets an important precedent in DeFi history.

The core controversy revolves around whether blockchain’s immutability and censorship resistance are absolute principles or can be compromised under certain conditions. Supporters argue that in cases of large-scale user asset losses, emergency response mechanisms and governance intervention are necessary tools to safeguard the ecosystem. The security council, elected by the community, effectively represents the collective will in extreme situations. Opponents counter that any form of on-chain asset freezing conflicts with the fundamental philosophy of blockchain. On X, multiple users criticized Arbitrum’s action, questioning how much decentralization remains if a single council decision can freeze funds.

From a systemic design perspective, the authority of the Arbitrum Security Council is explicitly defined. According to the progressive decentralization documentation, the council can only exercise such powers during “catastrophic emergencies,” with a 9-of-12 multi-signature threshold. Members are elected by DAO and can be removed via DAO voting or internal mechanisms, establishing checks and balances. However, the incident also exposes an unresolved issue: in the absence of automated on-chain triggers, the criteria for “catastrophic emergency” still rely on subjective judgment by the council, and this ambiguity in authority boundaries poses potential governance risks.

What systemic risks are exposed by cross-chain infrastructure?

The KelpDAO security incident reveals fundamental vulnerabilities in cross-chain infrastructure. Over the past few years, stolen funds from cross-chain bridges have accumulated to over $2.8 billion, nearly half of all DeFi thefts. This event confirms that the core vulnerability is not necessarily in smart contract code itself but in the trust model of cross-chain verification mechanisms.

LayerZero’s investigation pointed out that KelpDAO’s use of a 1-of-1 DVN single validator node configuration violated industry best practices. LayerZero had repeatedly recommended multi-validator setups for redundancy, but these suggestions were not adopted. This configuration flaw allowed an attacker to compromise just one validator node to trigger the entire system’s asset release. Ripple CTO David Schwartz summarized on X: “The attack is more complex than expected; it exploited KelpDAO’s configuration oversight, targeting LayerZero’s infrastructure.”

The trust model of cross-chain infrastructure is essentially a “compromise” of the blockchain’s decentralization trust assumption. In multi-chain ecosystems, assets moving between chains depend on an intermediary layer to verify and relay messages. Whether using multi-signature, DVN, or other mechanisms, it’s impossible to eliminate reliance on certain validators entirely. The KelpDAO incident demonstrates that when this reliance is reduced to a single point, the entire cross-chain bridge becomes a highly vulnerable weak link.

How will the industry reshape security and governance frameworks?

This incident offers multiple profound lessons for the DeFi industry.

In cross-chain security, single-validator configurations should be regarded as unacceptable. LayerZero has taken affected infrastructure nodes offline and restored DVN operations, but the broader question remains: how many protocols are still using similar single-point configurations? The industry needs to establish stricter cross-chain security audit standards and configuration norms to eliminate single-trust points.

In governance, the balance between emergency intervention authority and community democracy needs further refinement. Currently, the scope of the security council’s emergency actions relies on subjective judgment, lacking clear on-chain trigger conditions and post-action review mechanisms. A potential evolution is to develop a multi-tiered emergency response system, matching different authorization levels to the severity of incidents, and introducing independent review committees to evaluate the reasonableness of emergency measures afterward.

Regarding loss allocation, the total loss from the KelpDAO event is about $292 million, with the security council successfully freezing approximately $71 million, nearly a quarter of the total. How remaining losses—such as Aave’s bad debt, loss-sharing mechanisms across protocols, and potential insurance payouts—are handled remains an ongoing debate. This case may push DeFi protocols to incorporate emergency response and loss-sharing mechanisms into their initial design, rather than seeking ad hoc solutions after incidents.

Summary

The KelpDAO security event, from the cross-chain bridge vulnerability to the security council’s freezing of 30,766 ETH, vividly illustrates the DeFi ecosystem’s emergency response chain in the face of large-scale attacks. The core contradiction—the trust model flaws in cross-chain infrastructure and the boundaries of decentralized governance intervention—will serve as a key reference for future institutional development and security upgrades. Freezing 30,766 ETH is a partial victory in fund recovery, but it raises many more questions: Who defines “catastrophic emergency”? How to formalize emergency authorization on-chain? How to optimize trust assumptions in cross-chain infrastructure balancing security and decentralization? The answers to these questions will influence the evolution of DeFi for a long time to come.

FAQ

How does the Arbitrum Security Council precisely freeze funds without affecting other users?

The council used a system-level technical approach targeting a specific address, injecting an ArbitrumUnsignedTxType transaction via ArbOS, which directly transferred 30,766 ETH from the attacker’s address to a frozen intermediary wallet. This operation does not modify any historical blocks or affect other user balances or contract operations. Its precision lies in only modifying the state of the targeted address.

What will happen to the frozen 30,766 ETH?

Currently, these funds are stored in a relay wallet controlled solely by Arbitrum governance. Any subsequent transfers require governance approval and coordination with relevant parties. The specific plan for fund restitution has not yet been announced and will depend on law enforcement investigations and legal proceedings.

What impact does this freezing have on the overall handling of the KelpDAO security incident?

The action successfully recovered about $71 million, nearly a quarter of the total stolen amount, effectively limiting the attacker’s control over this portion of funds. However, the full resolution—including handling approximately $196 million in Aave bad debt, responsibility allocation between KelpDAO and LayerZero, and cross-protocol loss compensation—is still ongoing.