Arbitrum’s swift action in freezing 30,766 ETH, valued at around 70 million, from the KelpDAO exploiter on April 21 highlights the platform’s commitment to security. Peckshield detected the exploiter’s attempt to withdraw funds through a native bridge before the Security Council intervened. The frozen ether now resides in a protocol-controlled address, with its future handling yet to be determined.
Arbitrum Takes Emergency Action Against KelpDAO Exploiter
The Arbitrum Security Council promptly identified the exploiter’s holdings on Arbitrum One and transferred the 30,766 ether to the protocol-controlled address 0x0000000000000000000000000000000000000DA0 following a CertiK Alert.
The KelpDAO exploit resulted in the loss of approximately 292 million via a Layerzero bridge attack targeting rsETH, with some of the stolen funds transferred to Arbitrum One post-breach.
Recent reports have highlighted the extensive impact of the exploit on the DeFi lending sector, pushing total industry losses over 600 million within a three-week period. Suspicions point towards North Korea’s Lazarus Group as the likely orchestrator of the attack.
The Intervention by Arbitrum Security Council
Time was of the essence as Peckshield alerted that the exploiter had initiated a bridge withdrawal from Arbitrum to the Ethereum mainnet using the 0xDA0 precompile. The Security Council acted swiftly, preventing the transfer from completing and securing the 30,766 ether on Arbitrum.
Lookonchain confirmed the freeze around 20 minutes post-execution, noting the funds’ relocation to an Arbitrum-controlled address. The Security Council’s authority to execute technical interventions in security emergencies has been crucial in safeguarding the platform.
However, concerns have been raised within the Ethereum community regarding the centralization implications of the Security Council’s ability to unilaterally move funds on a network designed as a decentralized layer-2.
The 30,766 ether currently remains in the protocol-controlled address, with no official announcement from Arbitrum governance regarding the next steps. Users affected by the KelpDAO exploit await clarity on the fate of the frozen funds. Lido has disclosed a 21.6 million rsETH exposure through its EarnETH product and may implement a 3 million loss buffer, as detailed in Bitcoin.com’s incident report.
Be the first to comment