Arbitrum has frozen 30,766 Ether worth about $71.2 million in an address tied to the recent Kelp protocol breach, using emergency powers that are now drawing scrutiny across the crypto sector.
Funds moved to restricted wallet
According to a statement on Monday, Arbitrum’s 12-member security council invoked an emergency procedure after consulting law enforcement. The Ether was moved into a designated intermediary wallet that the original controller can no longer access.
Any further movement of the frozen funds will now require approval through the network’s governance process, rather than unilateral control by any single entity.
Council member Green said nine of the twelve council members backed the decision after extended internal debate over technical and procedural issues. Green added that the measure was designed to contain fallout from the exploit without disrupting normal activity for users or applications running on Arbitrum.
Kelp exploit triggers market-wide fallout
The action follows a major exploit on Saturday targeting Kelp, a liquid restaking platform, through its LayerZero bridge. The attack led to at least $293 million in losses and is being described as the largest decentralized finance exploit of 2026 so far.
The stolen tokens were reportedly used to secure loans on decentralized lending protocols such as Aave, creating a chain reaction of unbacked debt and rapid deleveraging across markets.
Aave, one of the largest lending platforms, saw withdrawals approach $8 billion over the weekend. Its total value locked (TVL) dropped from around $26.4 billion to $18.6 billion as users rushed to remove funds. The attacker’s use of unbacked collateral is estimated to have left Aave with between $177 million and $196 million in bad debt.
The broader decentralized finance ecosystem also came under pressure. Ethereum’s overall DeFi TVL fell by nearly 11% in the 24 hours after the exploit. Arbitrum’s TVL declined by about 9.97%, while Mantle’s dropped by nearly 42%, underscoring a sharp repricing of risk as traders reacted to the exposure of interconnected protocol weaknesses.
Suspected Lazarus link and structural flaw
LayerZero, the team behind the compromised cross-chain bridge, has said with “preliminary confidence” that the attack is linked to the Lazarus Group, a hacking syndicate associated with North Korea.
The breach exploited a core design weakness in the bridge, which relied on a single verifier to approve transactions. That configuration created a structural point of failure. Once the verifier was compromised, the attackers were able to push through a forged message that the system accepted as valid.
This allowed the unauthorized release of 116,500 rsETH tokens and highlighted how infrastructure design choices can introduce systemic risk far beyond a single protocol.
Rare on-chain freeze revives decentralization debate
On-chain asset freezes are still rare and controversial within blockchain governance. Arbitrum’s use of a 12-member multisignature security council to halt funds has intensified debate over the actual degree of decentralization in major networks.
By ring-fencing a portion of the stolen Ether with input from law enforcement, Arbitrum’s council demonstrated that it can directly intervene in on-chain activity, at least in emergencies. Supporters argue this type of mechanism is a necessary safeguard to contain catastrophic exploits and protect users.
Critics counter that the ability of a small group to freeze assets, even for security reasons, resembles centralized control and weakens the guarantees often associated with permissionless networks.
Toward hybrid security models
The incident is prompting a wider reassessment of security models across high-value DeFi platforms. Many protocols have promoted themselves as fully decentralized, but Arbitrum’s move highlights a growing trend toward hybrid arrangements that preserve some capacity for rapid intervention.
As the Kelp exploit and its aftermath continue to play out, the sector faces a trade-off: stronger emergency powers that can limit damage from large-scale breaches, versus stricter adherence to immutable, protocol-only control where no small group can override on-chain outcomes.
For now, the $71.2 million in frozen Ether remains locked under Arbitrum’s governance framework, serving both as a partial recovery of stolen capital and as a focal point in the ongoing debate over how decentralized leading blockchain networks truly are.
Worried about protocol hacks and frozen funds? Strengthen your defenses by mastering crypto safety with Toobit’s security guide today.
Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.
