Following a recent rsETH exploit linked to Lazarus, Arbitrum delegates have authorized the release of $71 million in frozen ether. This decision comes despite an ongoing legal confrontation between decentralized governance and a U.S. court regarding fund ownership.
The on-chain vote concluded last Friday with over 90% support from Hong Kong time onwards, permitting the release of 30,765 ETH that was initially secured by Arbitrum’s Security Council post-April 18 incident. The exploit involved attackers leveraging unbacked rsETH tokens to borrow approximately $230 million in ETH from Aave.
The released funds are intended for an industry recovery initiative led by Aave, KelpDAO, LayerZero, EtherFi, and Compound, aiming to compensate affected users.
However, the ether remains embroiled in a legal dispute at a Manhattan federal court. Charles Gerstein, representing families with $877 million in terrorism-linked judgments against North Korea, claims the frozen ETH is North Korean property due to its alleged link to Pyongyang’s Lazarus Group.
In response, Aave sought to overturn the restraining notice last week, asserting that the assets rightfully belong to innocent users and not North Korea, while cautioning that delays could lead to “cascading liquidations” and instability across decentralized finance.
Gerstein countered on Tuesday by arguing the exploit constituted fraud rather than theft, suggesting that attackers gained legal ownership of the ETH through deception in Aave’s lending markets with worthless collateral.
The governance vote does not imply immediate fund release. As a Constitutional AIP under Arbitrum’s governance framework, execution is delayed for at least eight days, allowing Manhattan court intervention if necessary.
Arbitrum delegates were aware of potential legal risks, as the proposal included indemnification protections for the Arbitrum Foundation, Offchain Labs, Security Council members, and governance delegates against certain claims related to freezing or releasing the ETH.
During Consensus Miami, Aave Labs’ Chief Legal and Policy Officer Linda Jeng discussed changes in risk management post-exploit. She highlighted the shift from solely financial metrics to incorporating cybersecurity, interoperability, and technical architecture reviews into collateral standards. Drawing parallels with the 2008 financial crisis, Jeng noted how the industry self-rescued as opposed to relying on taxpayer-funded bank bailouts.