Arbitrum just did something most people thought L2S couldn't do.

After the KelpDAO exploit, where ~$290M was drained from a LayerZero bridge, the Arbitrum Security Council identified 30,766 $ETH sitting in the exploiter's wallet on Arbitrum One.

They froze it. All of it.

No user funds touched. No chain state disrupted. Done in coordination with law enforcement.

Here's the background:

KelpDAO's LayerZero bridge ran on a 1-of-1 validator setup, meaning a single compromised verifier was all it took to approve forged cross-chain messages. Attackers used a "phantom" transaction to trick the bridge into releasing rsETH without burning the corresponding tokens.

116,500 rsETH drained in one hit.

Aave froze the rsETH markets → utilisation hit 100%

Users pulled $6.2B from Aave alone

DeFi TVL dropped $13B+ in two days

Attribution points to North Korea's Lazarus Group.

Now the frozen 30,766 ETH can only be moved by Arbitrum governance, coordinated with law enforcement and relevant parties.

This is what responsible L2 governance looks like under pressure.

And a reminder: DeFi's interconnectedness is both its strength and its biggest systemic risk.#kelpdaofacesattack