The Security Council of the L2 network Arbitrum has taken “emergency measures” and frozen 30,766 ETH (~$71.2m) stolen from the Kelp protocol.
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times,…
— Arbitrum (@arbitrum) April 21, 2026
“The team acted with input from law enforcement regarding the exploiter’s identity and, at all times, took into account its obligations to ensure the community’s security and integrity without affecting users or applications,” the statement said.
The funds were moved to an “interim frozen wallet”. The original address no longer has access—project governance alone can now move the assets.
Legitimate owners will receive the coins after approval.
Debating decentralisation
Freezing crypto is contentious. Critics say it violates the technology’s ethos. Supporters argue that blocking crime-linked funds bolsters a chain’s security and integrity.
Many users criticised Arbitrum’s actions and questioned the network’s decentralisation.
so a council can just freeze 30k eth and we’re still calling this decentralized?
— Sandy.ETH (@david_lee2085) April 21, 2026
“So some council can just freeze 30,000 ETH, and we’re still calling this decentralised?” wrote a user going by Sandy.ETH.
The episode also prompted jokes.
is it truly decentralised??? pic.twitter.com/wxHCRP3QWa
— Nozomi (@NozomiNetwork) April 21, 2026
Arbitrum Security Council member Griff Green responded to community criticism. He said the decision was not taken lightly: members spent “countless hours” debating the freeze from technical, practical, ethical and political angles.
I’m a member of the Security Council & I can tell you we did not make this decision lightly, there were countless hours of debates, technical, practical, ethical and political.
But all it takes for evil to triumph is for good men to do nothing, so today, we decided to do… https://t.co/tArbmXwZKN
— Griff Green — griff.eth (@griffgreen) April 21, 2026
Green stressed that not all council members voted to freeze the assets; nine of 12 backed the measure.
Aave’s bad debt
Among those hit by the Kelp exploit was Aave. Earlier, Lookonchain said the incident left the protocol with a balance “hole” of roughly $195m.
A risk manager at the lending platform LlamaRisk outlined two scenarios for how the bad debt could affect the ecosystem.
Update on rsETH incident:@LlamaRisk has published a report outlining the rsETH incident, the immediate actions taken, its impact on Aave, and potential paths forward.
All service providers have been working to assess the two potential bad debt scenarios on the Aave protocol.…
— Aave (@aave) April 20, 2026
First scenario: losses are shared across all rsETH holders on Ethereum mainnet and L2s. Then Aave’s shortfall would be about $123.7m, and rsETH could fall 15% against the leading altcoin.
LlamaRisk stressed that, in that case, losses would be distributed more evenly across chains. wETH would “absorb most in absolute terms but hardly notice it relative to the depth of its reserves”.
Aave has a tool—the Umbrella safety module—to cover losses in wETH. Some 18,922 aWETH (~$43.7m) have completed a cooldown and are ready to be unstaked.
Second scenario: the entire deficit falls on L2s (Arbitrum, Mantle). Then bad debt would reach $230.1m.
LlamaRisk noted that Aave has about $181m in its treasury—reserves that could be used to cover a potential shortfall.
The day before, Kelp said it was continuing to assess the damage from the hack and options to safely restart the protocol.
— Kelp (@KelpDAO) April 20, 2026
Haseeb Qureshi, a partner at Dragonfly, argued that current risks do not imperil DeFi. In his view, Aave and similar protocols have sufficient capital to cover bad debts.
DeFi learns through failures. Whether it’s from the collapse of Terra, broken auctions during Black Friday in 2020, or the stETH depeg in 2022, it has failed over and over again—but with every failure, it improves.
People talk all sorts of shit about this, but it’s no different…
— Haseeb >|< (@hosseeb) April 20, 2026
“DeFi learns through failures. Whether it’s from Terra’s collapse, broken auctions during ‘Black Friday’ in 2020, or the stETH depeg in 2022—with every failure, the ecosystem gets better. […] DeFi is not going anywhere,” he wrote.
LayerZero blamed
Kelp’s team also shared initial findings of the hack investigation. The developers laid blame on LayerZero, which earlier claimed the breach was caused by the project using a 1/1 DVN configuration.
“The 1/1 setup is described in LayerZero’s documentation and is the default for any new OFT deployment. We have been running on their infrastructure since January 2024 and have stayed in contact throughout,” Kelp noted.
Representatives of the protocol added that DVN configuration was discussed during the L2 expansion and that the default setup was “approved as meeting requirements”.
At the time of writing, LayerZero had not responded to Kelp’s statements.
Justin Sun’s proposal
TRON founder Justin Sun addressed the Kelp hackers and called for talks.
OK — Kelpdao hacker, how much you want? Let’s just talk. With KelpDAO’s help, of course. It’s simply not worth it to sacrifice both Aave and KelpDAO and let them go down over this hack. You can’t spend $300 million anyway.
— H.E. Justin Sun 👨🚀 🌞 (@justinsuntron) April 19, 2026
“Hacker, how much do you want? Let’s talk. With KelpDAO’s help, of course. It’s simply not worth sacrificing both Aave and KelpDAO and letting them go down over this hack. You can’t spend $300m anyway,” he wrote.
Sun’s motives remain unclear. Addresses linked to his HTX exchange, however, have moved hundreds of millions to Aave. According to Protos, as of December 2025 more than $1.4bn of the platform’s USDT reserves sat in loans on Aave.
An on-chain analyst known as EmberCN also noted that wallets affiliated with TRON’s founder actively withdrew USDT from the lending protocol after operations were paused.
另外,他凌晨为了把存在 Aave 上的 1.74 万枚 ETH 取回,通过 Swap 把存款凭证 (aEthWETH) 直接卖成 ETH,损失了 310 枚 ETH ($72 万)。也就是折价了 1.8%。
然后把换回的这些 ETH 转存到了 Spark 上。https://t.co/NCZnNhezwY
PS:因为 Aave 目前还是暂停 WETH 的提款的,ETH 想从 Aave… https://t.co/HT9JouZ5cS pic.twitter.com/4Q0FO2eAhB
— 余烬 (@EmberCN) April 21, 2026
“[…] the wallet executed five transactions, withdrawing a total of $274m in USDT and fully closing its position in stablecoins on the platform,” the analyst noted.
Other large withdrawers from Aave included the MEXC exchange and investment firm Abraxas Capital.
Due to the KelpDAO exploiter borrowing over 82,600 $ETH ($195M) from #Aave using $RSETH as collateral, bad debt has appeared on #Aave.
Many whales have withdrawn funds from #Aave, causing its TVL to drop from $26.396B to $20.114B — a decline of $6.28B.
Major withdrawals… pic.twitter.com/rhN28AMul9
— Lookonchain (@lookonchain) April 19, 2026
In April, hackers also breached the ENS gateway eth.limo and cloud provider Vercel.