- Emergency freeze: Arbitrum Security Council transferred 30,766 ETH (~$70 million) from the exploiter’s wallet on Arbitrum One to a protocol-controlled address (0x…0DA0) before the native bridge withdrawal finalized.
- Timing: The action followed PeckShield’s alert on the withdrawal initiation and was confirmed by Lookonchain roughly 20 minutes after execution on April 21, 2026.
- Context: The move addresses funds traced to the April 18 Kelp DAO bridge exploit that drained 116,500 rsETH valued at approximately $292 million.
- Aave exposure: Llamarisk’s incident report estimates potential bad debt between $123.7 million and $230.1 million across rsETH collateral positions on Ethereum and Arbitrum.
- Broader impact: The incident has contributed to over $600 million in DeFi losses in the past three weeks, triggering liquidity withdrawals and risk parameter adjustments across Aave markets.
Arbitrum’s Security Council has taken decisive emergency action to freeze roughly $70 million in ether linked to the Kelp DAO bridge exploit, preventing the funds from leaving the network via a native bridge withdrawal.
The intervention occurred on April 21, 2026, after onchain monitoring service PeckShield flagged the exploiter’s attempt to initiate a transfer from Arbitrum One to Ethereum mainnet using the 0xDA0 precompile. The Security Council moved 30,766 ETH to the protocol-controlled address 0x0000000000000000000000000000000000000DA0 before the withdrawal could complete, according to News.bitcoin.com.
The freeze builds on the April 18 exploit, in which an attacker forged a cross-chain message through LayerZero’s EndpointV2 to drain 116,500 rsETH from Kelp DAO’s OFT adapter without a corresponding burn on the source chain. A portion of the stolen assets was subsequently moved to Arbitrum, where the exploiter used rsETH as collateral on Aave to borrow ether and other assets.
Aave’s risk service provider Llamarisk published a detailed incident report on April 20 outlining two potential bad-debt scenarios. In the more severe case, isolated losses on Layer-2 markets could reach $230.1 million, with significant shortfalls projected for Mantle and Arbitrum. The report notes that Aave’s smart contracts were not compromised and that the protocol has already implemented freezes on rsETH/wrsETH reserves and WETH borrowing across multiple deployments.
Separate onchain analysis also highlighted a Justin Sun-linked HTX Recovery wallet withdrawing $274 million in USDT from Aave just 21 minutes after the rsETH market freeze on April 18, contributing to over $5.4 billion in total withdrawals from the protocol in the following 24 hours.
The Arbitrum Security Council’s use of elevated administrative powers marks one of the fastest onchain responses to a major exploit this year. While the frozen ETH remains under protocol control, the broader DeFi ecosystem continues to grapple with the incident’s ripple effects, including heightened fear in the Crypto Fear & Greed Index and renewed scrutiny of cross-chain bridge security configurations.
Disclaimer: This article is for informational purposes only and does not constitute advice of any kind. Readers should conduct their own research before making any decisions.
© Cryptopress. For informational purposes only, not offered as advice of any kind.
