Arbitrum Security Council freezes 30,766 ETH after exploit

The Arbitrum Security Council has frozen 30,766 ETH connected to the KelpDAO exploit, deploying its emergency powers to contain funds before they could be moved further across the network.

Why Arbitrum stepped in so fast

The Security Council executed an emergency action on April 21, 2026, freezing 30,766 ETH tied to the KelpDAO breach. The freeze targeted assets that had been bridged to Arbitrum following the exploit.

Arbitrum’s Security Council is a 12-member multisig body with the authority to take immediate action during active security incidents without waiting for a full governance vote. Its powers are defined in the Arbitrum DAO Constitution, which grants emergency intervention rights when user funds are at imminent risk.

The action was a containment measure, not a recovery. Freezing the ETH prevents the exploiter from withdrawing or swapping the assets on Arbitrum, but the funds have not been returned to KelpDAO or affected users.

What the KelpDAO exploit put at stake

The exploit stemmed from a compromise of a single LayerZero DVN (Decentralized Verifier Network), which allowed the attacker to drain funds from KelpDAO. Blockaid’s technical analysis described how the DVN compromise enabled the $292 million drain.

LayerZero published a separate incident statement addressing its role in the cross-chain infrastructure that was exploited. The incident has raised questions about single points of failure in cross-chain verification systems, a concern that extends well beyond the broader wave of DeFi losses linked to KelpDAO.

The frozen ETH on Arbitrum represents a portion of the total exploited funds. On-chain records show the assets moving through both Ethereum mainnet and the Arbitrum bridge before the freeze took effect.

What happens after the freeze

The immediate next step falls to the Arbitrum DAO governance process. Under the Security Council’s operating framework, emergency actions must be ratified or reversed by the broader DAO within a defined window.

No public statement from the Security Council has outlined a specific path for returning the frozen ETH to KelpDAO or its users. Custody of the assets remains in the frozen state on Arbitrum, and any distribution would require a governance proposal.

The freeze sets a notable precedent for how Layer 2 networks respond to DeFi exploits in real time. While Arbitrum’s emergency powers exist precisely for incidents like this, each use sharpens the tension between rapid user protection and the decentralization that governance-minimized systems promise.

Several unresolved questions remain: whether the exploiter moved additional funds to other chains before the freeze, whether KelpDAO will pursue legal recovery alongside on-chain measures, and how the DAO will vote on the disposition of the frozen ETH. The incident underscores a growing push across the industry to rethink protocol-level security architecture before the next exploit forces another emergency intervention.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.

The article Arbitrum Security Council freezes 30,766 ETH after exploit first featured on theccpress.com.