The Arbitrum DAO had a clear plan. Release 30,766 ETH, frozen since April 21, back to the depositors who lost it. The Snapshot temperature check opened in late April, 16.9 million ARB tokens backed it within the first hour, and zero opposing votes were on the board. Then a US federal court document landed directly in the governance forum.

Attorney Charles Gerstein of Gerstein Harrow LLP posted a restraining notice and three writs of execution in the Arbitrum governance forum on May 2, citing authorization from the United States District Court for the Southern District of New York. The notice bars the DAO from making any sale, assignment, or transfer of the frozen ETH at address 0x0000000000000000000000000000000000000DA0. Disobeying it is punishable as contempt of court.

The plaintiffs hold three separate federal judgments against North Korea. The Kim judgment from April 2015 awarded Han Kim and Yong Seok Kim $15 million each in compensatory damages and $300 million collectively in punitive damages. The Kaplan judgment from September 2016 added $38 million in compensatory and $131 million in punitive damages. The Calderon-Cardona judgment from August 2010 carried $78 million in compensatory and $300 million in punitive damages. All three judgments have been registered in the Southern District of New York. All three remain unpaid.

How the ETH Got Frozen in the First Place

The funds trace directly to the April 18 KelpDAO bridge exploit. Attackers exploited a single-verifier weakness in KelpDAO’s LayerZero-powered cross-chain bridge, minting 116,500 unbacked rsETH tokens on Ethereum without a corresponding burn on Unichain. Of those, 89,567 rsETH were deposited as collateral on Aave across Ethereum Core and Arbitrum, with the attacker borrowing 82,650 WETH and 821 wstETH against those positions. Total damage ran to roughly $292 million. Lazarus Group, North Korea’s state-linked hacking unit, is the suspected operator.

Three days after the hack, the Arbitrum Security Council executed an emergency action at 11:26 pm ET on April 21. Nine of twelve elected council members voted to temporarily upgrade the Inbox contract on Ethereum, impersonate the exploiter’s wallet through a cross-chain transaction, and redirect 30,765.67 ETH to address 0x0000000000000000000000000000000000000DA0. The council stated it acted with input from law enforcement regarding the exploiter’s identity, and at no point affected any other Arbitrum user or application.

The council confirmed the action publicly, stating it “weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications.”

The Proposal Behind the Vote

On April 25, Aave Labs filed a Constitutional AIP co-authored with KelpDAO, LayerZero, EtherFi, and Compound. The proposal asks Arbitrum governance to release the full 30,765.67 ETH to a 3-of-4 Gnosis Safe at 0xf228130ce4fAB082C7D5522c90833cec83A9C15e, with signers from Aave Labs, KelpDAO, EtherFi, and Certora. The safe structure was upgraded from a 2-of-3 after delegates pushed back on accountability during forum discussion. Aave Labs updated the forum directly:

“Per community feedback, the recovery address multi-sig has been upgraded from a 2/3 multi-sig to a 3/4 multi-sig. EtherFi has been added as the fourth signatory.”

The funds are designated solely for closing the rsETH backing shortfall, currently at roughly 76,127 rsETH. No new Arbitrum treasury funds are involved. The proposal also carries a broad indemnification clause covering the Arbitrum Foundation, Offchain Labs, and each Security Council member. No monetary cap. No deductible. Governed by New York law.

Entropy Advisors, voting FOR in the governance forum, laid out the core tension delegates face:

“There is a real cost to delay. Users on Aave with stuck borrow positions are accruing interest they cannot escape. Reserves remain frozen across multiple markets. Each day this drags, more of the cost of the exploit gets transferred onto users who had nothing to do with it.”

The 49-Day Problem Delegates Were Already Fighting

Even before the restraining notice arrived, the timeline was the main complaint inside the forum. Constitutional AIPs carry a roughly 49-day execution window. That covers forum discussion, a Snapshot temperature check, an on-chain Tally vote, an eight-day L2 waiting period, L2-to-L1 message finalization, and a three-day L1 waiting period.

Delegate Nicksta raised it on April 25 in the Constitutional AIP thread:

“Many parties have open positions on Aave that might run into problems if they have to wait 49 days. Is it possible to speed up this process?”

Griff Green, writing as a delegate rather than as a Security Council member, backed moving faster in the same thread:

“I agree with Nicksta and strongly support expediting this process. We should move to a Snapshot vote as soon as possible to validate the community’s intent and avoid unnecessary delays in unlocking these funds.”

Delegate dzack23 mapped out the realistic options for acceleration in the forum. The most workable was finding a large ETH holder willing to loan DeFi United the 30,765 ETH now, with the frozen funds used to repay once governance clears. CornellBlockchain backed that approach in the forum:

“We thought Daniel’s idea of getting someone to loan the 30,765 ETH was great. If it’s impossible to find someone to loan that much individually, perhaps DeFi United can add an option to loan ETH and then the frozen ETH can be used to pay them back once the proposal passes.”

Griff Green, returning to the thread after the Snapshot opened, was still not satisfied with the pace:

“Not super happy with the 49-day timeline. I would like to see it sped up somehow, but for a temp check, I am overall very supportive.”

Two Sets of Victims, One Frozen Address

The restraining notice does not just slow the vote. It introduces a direct legal conflict between two groups of victims who had nothing to do with each other before this case.

The rsETH depositors lost funds in the April 18 exploit through no action of their own. The Kim, Kaplan, and Calderon-Cardona plaintiffs hold decade-old federal judgments against North Korea that have never been paid. Both groups now have a claim on the same 30,765.67 ETH sitting at the same address.

Delegate Zeptimus addressed attorney Gerstein directly in the governance forum, making the property law case against the restraining notice:

“The frozen ETH at 0x…0DA0 is not property in which the DPRK has an interest under CPLR §5222(b). It’s stolen property. Lazarus exploited the rsETH protocol, drained funds belonging to depositors, and held them transiently at an address now under the control of Arbitrum’s Security Council. Theft doesn’t pass the title. That’s elementary property law in New York and most other jurisdictions.”

Zeptimus added:

“Your clients’ losses are real and the DPRK should answer for them. But the remedy the restraining notice asks for, blocking the return of stolen funds to their actual owners, shifts the cost of the DPRK’s debt onto a different set of victims who were themselves robbed. That compounds the original harm. It doesn’t redress it.”

Max Lomu, an Arbitrum delegate, wrote in the governance forum that despite the legal uncertainty, the DAO’s priority should remain the affected users:

“The regulatory uncertainty here is the main risk, and as Entropy has noted it will not be clarified in the short term. However, affected users and the DeFi ecosystem will greatly benefit the sooner funds are returned, and I believe that’s what we as a DAO should prioritize.”

TodayInDeFi announced in the forum they would abstain on the temperature check. The legal risk from the current information prevented them from directly supporting the proposal, though they left their on-chain vote open pending how the legal questions develop.

Where the Funds Stand Now

The Snapshot temperature check vote runs until May 7. If it passes, the proposal moves to an on-chain vote on Tally. Standard execution under the Constitutional AIP timeline lands in early-to-mid June 2026.

The federal divestiture hearing has no confirmed date. Until it resolves, the DAO cannot legally move the funds regardless of what the governance vote produces. If approved, the 30,765.67 ETH would be the single largest contribution to DeFi United to date, ahead of Consensys and Joseph Lubin’s combined 30,000 ETH, Mantle’s 30,000 ETH credit facility, and Aave DAO’s pending 25,000 ETH proposal.

MconnectDAO, writing in the governance forum, pointed at the structural gap this situation exposed:

“Arbitrum DAO currently has no formal framework for how Security Council-frozen assets should be handled when the exploit is external to the Arbitrum Protocol itself. Solving this ad hoc every time sets unclear precedents and adds unnecessary urgency pressure on delegates.”

Two governance systems are now running on the same address. One on-chain. One in a New York courtroom. The rsETH depositors, the DPRK judgment creditors, and the Arbitrum DAO itself are all waiting on a federal divestiture hearing that will decide which claim takes priority.