A Manhattan federal judge has cleared the way for Aave’s recovery effort to move forward after last month’s North Korea-linked rsETH exploit, allowing $71 million in frozen ether to be transferred out of Arbitrum while preserving North Korean terrorism victims’ legal claim on the funds.
In a two-page order published late Friday U.S. time, Judge Margaret Garnett modified a restraining notice previously served on Arbitrum DAO to allow an onchain governance vote transferring the immobilized ETH to a wallet controlled by Aave LLC.
The order also shields participants from liability under the notice, stating that anyone who initiates, votes on or participates in the transfer would not violate the freeze.
Judge Garnett’s ruling follows an earlier off-chain Snapshot temperature check in which Arbitrum delegates overwhelmingly signaled support for returning the frozen ETH as part of Aave’s broader recovery plan. Any actual transfer, however, still requires a separate binding onchain governance vote.
The ruling resolves an immediate standoff that had threatened to derail a coordinated DeFi recovery effort after attorney Charles Gerstein, representing families holding roughly $877 million in unpaid terrorism judgments against North Korea, argued the frozen ETH could be seized because the exploit has been widely attributed to Lazarus Group, which is supported by Pyongyang.
Beyond the Arbitrum dispute
Gerstein’s move against Arbitrum fits into a broader legal strategy to pursue North Korean-linked assets as they surface on decentralized finance (DeFi) infrastructure.
In a separate January lawsuit, many of the same terrorism judgment creditors that went after Arbitrum sued Railgun DAO, alleging the privacy protocol allowed North Korean actors to move funds that should have been frozen and made available to creditors.
At the time, the plaintiffs claimed North Korean hackers used Railgun to launder funds from prior cyberattacks, including the $1.5 billion Bybit exploit, and argued the protocol should have frozen those assets rather than allowing them to move onward.
Once DPRK-controlled wallets were moving funds through the protocol, those assets became potential targets for collection, they argued.
In March, they asked a Washington federal court clerk to enter default against Railgun DAO after alleging the protocol failed to respond to the complaint despite being served. Their complaint also names Digital Currency Group, alleging the crypto investment firm’s $10 million purchase of Railgun governance tokens in 2022 made it a participant in the DAO’s governance and economics.
And in February, the plaintiffs moved to secure USDT that the U.S. government had sought to seize through a forfeiture motion.
Leave feedback about this