Aave challenges $71M freeze as DeFi recovery collides with North Korea claims

---

---

Aave, a major decentralized finance (DeFi) liquidity protocol, is asking a U.S. federal court to lift a freeze on roughly $71 million in ETH. The firm argues that the assets belong to its users, not to a suspected North Korean hacker. The funds are currently locked on the Arbitrum network.

The dispute highlights growing tension between DeFi recovery efforts and creditors seeking to enforce longstanding judgments against North Korea. In a court filing dated May 4, 2026, Aave said the court-ordered freeze is blocking the return of assets recovered following the Kelp DAO rsETH token exploit.

In the meantime, the company is demanding an immediate lifting of the freeze. If the freeze stays, it requires a minimum $300 million bond from the plaintiffs.

“Since the exploit occurred, teams from the Aave Protocol community, the Arbitrum community, and others in the global DeFi community have been working tirelessly as part of an effort called ‘DeFi United’ to return the frozen assets and other value to those affected by the Aave Protocol incident. They aim to restore stability and security within both the Aave Protocol and other protocols in the decentralized finance ecosystem while also ensuring that similar exploits do not happen again,” said the memo. 

Recent developments suggest that lawmakers are closer than ever to resolving those disputes. A bipartisan breakthrough on stablecoin yield restrictions has removed one of the biggest obstacles to progress, with negotiators now working on final language that would allow crypto rewards tied to user activity while limiting interest-like payments on idle balances.

The Kelp DAO rsETH token exploit raises doubt over the Blockchain technology

This dispute originated from a cyber breach in April involving Kelp DAO, a prominent liquid restaking protocol on Ethereum. In this scenario, a hacker exploited a vulnerability in a cross-chain bridge connected to the rsETH token. Afterward, the hacker exploited Aave by using illicitly obtained assets as collateral to borrow roughly $230 million in ETH.

Shortly after the incident, as previously reported by Cryptopolitan, the Arbitrum protocol seized 30,766 ETH, worth about $73 million. It then reserved the assets for recovery. Analysts say the initial expectation was for the recovered ETH—the first major batch post-hack—to be returned to the victims.

Later, this endeavor evolved into  “DeFi United” pending ETH unfreezing decisions and other protocol votes. Notably, DeFi United is an emergency coalition of major crypto protocols—including Aave, Lido, and EtherFi—formed in April 2026 to restore rsETH backing after a $292 million Kelp DAO exploit.

In this case, the plaintiffs, who hold unpaid judgments against North Korea, indicated a high likelihood that the attacker is linked to the regime’s Lazarus Group. Based on their argument, the frozen assets should be considered North Korean property and seized.

In their filing, the plaintiffs began by admitting that the accusations regarding North Korea could be valid.  “However, AaveLLC strongly disagrees with the idea that these issues can be legally resolved by restraining and seizing assets belonging to innocent third parties—specifically, users of the Aave software protocol (the ‘Aave Protocol’), who are completely unrelated to any alleged wrongdoing and have no known ties to North Korea,” they said.

Despite uncertainty regarding the culprit, the hack had immediate consequences. Panic withdrawals quickly drained key lending pools, leaving them with critically low balances. These sudden mass withdrawals left some users unable to withdraw their deposits.

The filing noted that the funds were seized directly from Aave users. This statement challenges the claim that they are associated with any alleged wrongdoer.

It also casts doubt on whether Arbitrum DAO qualifies as a legal entity. Meanwhile, Aave refused to be an official entity subject to the plaintiffs’ method of service.

This claim could create legal hurdles.

Can stolen crypto be recovered without harming innocent users?

Aave argues that freezing the assets is not only a legal issue but is actively hindering recovery from the Kelp DAO exploit.

At this point, the attorneys for the plaintiffs stated that the Restraining Notice against Arbitrum DAO was not intended to assist in recovering funds for Aave Protocol victims; rather, they noted, it served the opposite purpose.

In a statement, the founder and CEO of Aave, Stani Kulechov, stated that, “A thief does not own what he steals.” He compared the situation to a thief stealing diamonds, to have them snatched back. “These funds belong to the affected users they were stolen from — end of story,” he said.

There’s a middle ground between leaving money in the bank and rolling the dice in crypto. Start with this free video on decentralized finance.