Catenaa, Thursday, May 07, 2026- Crypto lending platform Aave has filed an emergency motion in a US federal court to lift a freeze on roughly $73 million in ether linked to the April Kelp DAO exploit, arguing the funds belong to victims and not to claimants seeking restitution tied to alleged North Korean hacking activity.
The dispute centers on a May 1 court order restricting the movement of 30,766 ETH recovered after the exploit. Plaintiffs in older terrorism-related cases have sought to claim the assets, citing suspected links to North Korea’s Lazarus Group.
Aave argues the claims rely on unverified allegations and do not establish ownership rights over the recovered funds.
The firm maintains that even if the attack were linked to sanctioned actors, stolen assets cannot legally transfer ownership to perpetrators.
Exploit Recovery Efforts Expand
The original exploit involved a vulnerability in a cross-chain bridge connected to Kelp DAO’s rsETH token. Attackers used unbacked collateral to borrow about $230 million in ether from Aave users.
Arbitrum later intercepted part of the stolen funds and isolated them for recovery. The recovered portion was expected to be returned to affected users as part of a broader restitution effort.
The initiative has since grown into an industry-wide recovery campaign known as DeFi United, which has raised more than 137,700 ETH to support affected participants.
Ownership Claims Under Scrutiny
Aave’s filing emphasizes that possession of stolen funds does not equal legal ownership. The company argues that redirecting the assets to unrelated claims would harm victims seeking recovery.
Legal experts note that the case could set a precedent for how digital assets are treated in cross-border disputes involving cybercrime and sanctions.
The plaintiffs have not yet proven a direct link between the exploit and the alleged actors, according to the filing.
Expert Views Highlight Risks
Analysts say the case highlights growing legal complexity in decentralized finance. Recovery of stolen funds often intersects with traditional legal systems that are still adapting to digital assets.
Questions over jurisdiction, ownership and enforcement remain unresolved in many cases involving blockchain-based transactions.
The dispute also reflects rising scrutiny of hacking incidents linked to state-backed groups.
Outcome Could Shape Policy
Aave has asked the court to lift the freeze or require plaintiffs to post a bond of at least $300 million to cover potential damages. The decision could influence how courts handle asset recovery in future crypto disputes.
The case may also affect how decentralized protocols coordinate responses to large-scale exploits and manage recovered funds.
Decentralized finance platforms allow users to lend, borrow and trade digital assets without intermediaries. While offering efficiency and transparency, these systems have faced repeated security challenges.
Cross-chain bridges, which enable assets to move between blockchains, have been frequent targets due to their complexity. Over the past several years, billions of dollars have been lost to exploits across the sector. Recovery efforts often rely on coordination between protocols, blockchain networks and sometimes law enforcement.
At the same time, regulators and courts are grappling with how to classify and handle digital assets in legal disputes. Cases involving alleged state-backed hackers have added further complexity, particularly when sanctions laws intersect with asset recovery. The outcome of disputes like this could influence future approaches to both enforcement and victim restitution.
