News linked to both this project and an event.
According to The Block, the DeFi lending protocol Radiant Capital has announced it will officially cease operations. The protocol suffered a hack in October 2024, losing approximately $51 million; the attacker gained unauthorized access by deploying backdoor contracts on Arbitrum and BNB Chain. Earlier in 2024, the protocol had also been hit by a flash loan attack, resulting in a loss of roughly 1,900 ETH (approximately $4.5 million). After 18 months of recovery efforts, Radiant Capital stated that it has neither recovered a significant portion of the stolen funds nor secured new financing, declaring that “the DAO has no viable path forward.” The protocol will now enter a “maintenance mode”: its frontend and smart contracts remain accessible, allowing users to withdraw funds, repay loans, and manage positions. Any funds recovered in the future will be returned to affected users.
Aave has published a post-mortem of the April 18 rsETH incident, stating that the rsETH LayerZero V2 cross-chain bridge of liquid staking protocol Kelp accepted a forged message during a cross-chain transfer from Unichain to Ethereum. This caused the adapter on the Ethereum side to release 116,500 rsETH without a corresponding burn on the Unichain side. Aave stated that the attack occurred on a third-party cross-chain bridge infrastructure. However, the attacker deposited the stolen rsETH into 8 Aave V3 positions, borrowing 82,650 WETH and 821 wstETH, which impacted the Aave market.Aave stated that the attacker's rsETH on Arbitrum has now been burned. The LayerZero OFT adapter has replenished 116,131.72 rsETH in 5 batches, and the asset backing for rsETH has been fully restored. The affected WETH and rsETH markets have returned to normal.
Stake DAO posted a response on platform X regarding the security incident, stating that its team has taken note of the incident and that users should not interact with vsdCRV for the time being.In addition, contracts related to Stake DAO on Arbitrum exhibited abnormal behavior, resulting in the minting of 5.4 trillion vsdCRV tokens. Security teams have classified this as a suspected infinite minting exploit.
According to on-chain analyst PeckShield (@PeckShieldAlert), StakeDAO (@StakeDAOHQ) on the Arbitrum network was exploited via an infinite minting vulnerability. The attacker minted a total of 5.4 trillion vsdCRV tokens, then swapped a portion of them for 43.781 ETH (approximately $91,200) and bridged the funds cross-chain to the Ethereum address 0xeF3C...aa25.
StakeDAO deployer's private key leaked on Arbitrum, attacker mints approximately 5.45 trillion vsdCRV and exchanges for ETH.
Odaily Chainalysis posted on X platform, stating that prior to the THORChain theft, wallets suspected to be linked to the attacker had been transferring funds through Monero, Hyperliquid, and THORChain for several consecutive weeks. As early as late April, the attacker-associated wallets deposited funds into Hyperliquid positions via Hyperliquid and the Monero privacy bridge. These funds were subsequently converted to USDC and transferred to Arbitrum, then bridged to Ethereum. Some of the ETH was then moved to THORChain to stake as RUNE for a newly joined node, which is believed to be the source of the attack.Subsequently, the attacker bridged a portion of the RUNE back to Ethereum and split it into four chains. One chain went directly to the attacker, passing through intermediate wallets before transferring 8 ETH to the wallet that would ultimately receive the stolen funds, just 43 minutes before the attack. The funds from the other three chains flowed in reverse. Between May 14 and 15, these wallets bridged the ETH back to Arbitrum again, deposited it into Hyperliquid, and transferred it into Monero via the same privacy bridge, with the final transaction occurring less than 5 hours before the attack commenced. As of Friday afternoon, the stolen funds remain untouched, but the attacker has demonstrated sophisticated cross-chain money laundering capabilities. The Hyperliquid to Monero path may be the next move.
According to Cointelegraph, a New York judge has postponed the hearing on Aave’s emergency motion to unfreeze approximately $71 million worth of ETH and ordered Aave and Gerstein Harrow LLP to submit additional case briefs. A new hearing is scheduled for June 5. The court noted that Aave previously failed to adequately explain why users’ funds would suffer “derivative losses” if the restraining order remained in effect. The assets in question are linked to the Kelp DAO hack, which involved approximately $293 million and was previously frozen by Arbitrum. The judge also directed both parties to further clarify several legal issues, including the applicable law governing the hacker’s transactions, the legal distinction between fraud and theft, the priority ranking of creditors’ claims, the applicability of constructive trust, and whether assets can be proportionally returned to victims.
Aave posted on X, stating that the first phase of the rsETH technical recovery plan has been completed, including the burning of the attacker's rsETH on Arbitrum.In the coming days, funds will be gradually replenished for the LayerZero OFT adapter, and rsETH-related operations will be restored.
Odaily News: Margaret Garnett, a U.S. District Judge in Manhattan, has approved Aave's asset recovery proposal, allowing the transfer of approximately $71 million in ETH previously frozen on Arbitrum and linked to North Korean-linked attacks, to a wallet controlled by Aave LLC, while preserving the legal claims of terrorism victim plaintiffs over the funds. The ruling also amended the earlier freeze notice against the Arbitrum DAO, permitting the transfer to be executed through an on-chain governance vote and exempting those who propose, vote on, or participate in the transfer from liability under the freeze order. The transfer is still subject to an official vote by Arbitrum's on-chain governance. (CoinDesk)
Odaily Odaily: Aave posted on the X platform stating that the second phase of the technical solution for the rsETH incident recovery has progressed. On May 6, eight positions of the hacker on Aave V3 were liquidated, and the recovered rsETH collateral has been transferred to the recovery guardian. The Arbitrum DAO has passed a proposal to return the previously recovered $71 million in ETH.Regarding the application for asset freezing filed by the plaintiff, the judge has approved Aave LLC's proposal, allowing the transfer of the $71 million in ETH to Aave LLC through an on-chain vote by the Arbitrum DAO. Subsequent plans include burning rsETH on Arbitrum and restoring the rsETH reserve. After the reserve is restored, withdrawals will be reopened, and the WETH Loan-to-Value (LTV) ratio on the Aave V3 Ethereum mainnet will be restored.
According to The Block, the Arbitrum DAO voted to release 30,765.6 ETH (approximately $70 million), previously frozen, to support the DeFi United initiative—aimed at offsetting Kelp DAO’s $292 million exploit loss last month. The vote passed with 90.96% support (182.2 million votes). The attack was allegedly carried out by the North Korean Lazarus hacking group, which exploited a vulnerability in LayerZero’s OFT cross-chain bridge—a single-validator configuration—which allowed attackers to steal 116,500 rsETH and pledge most of the stolen assets as collateral on Aave, resulting in roughly $190 million in bad debt. DeFi United has secured contributions from multiple parties, including 30,000 ETH from Consensys and Joseph Lubin, a 30,000-ETH loan from Mantle, and 5,000 ETH from LayerZero.
Aave stated that, per the previously disclosed technical recovery plan, the attacker’s rsETH positions on Ethereum and Arbitrum have been liquidated on Aave, and the associated collateral assets have now been transferred to the Recovery Guardian address designated by the AIP. Aave noted that this action did not impact other users, nor did it affect the Umbrella mechanism, and emphasized that this step is a critical milestone in the overall recovery roadmap, with further recovery efforts continuing as planned.
慢雾创始人余弦于 X 平台发文表示,“Ekubo 有关合约被恶意利用。原因是如果用户之前将相关代币授权给:0x8CCB1ffD5C2aa6Bd926473425Dea4c8c15DE60fd;如这位用户 0x765DEC 的这笔 WBTC 无限授权(158 天前):攻击者可指定已授权用户作为 payer,在 payCallback 中让该合约调用 WBTC transferFrom(victim, Ekubo Core, amount),再通过 Ekubo Core(0xe0e0e08A6A4b9Dc7bD67BCB7aadE5cF48157d444) 的 withdraw/pay 平账流程把资产转给攻击者。这个操作执行了 85 次,每次 0.2 WBTC,最终用户 0x765DEC 损失 17 WBTC。建议用户尽快安装官方提醒检查以下合约授权:0x8ccb1ffd5c2aa6bd926473425dea4c8c15de60fd (V2)0x4f168f17923435c999f5c8565acab52c2218edf2 (V3)Arbitrum: 0xc93c4ad185ca48d66fefe80f906a67ef859fc47d (V3)。”
According to Cointelegraph, DeFi protocol Aave filed an emergency motion in New York on Monday seeking to vacate a restraining notice issued by U.S. law firm Gerstein Harrow LLP, which prevents the Arbitrum DAO from transferring 30,766 ETH to victims of the Kelp exploit. Gerstein Harrow LLP served the restraining notice on the Arbitrum DAO last Friday, asserting that its client is entitled to over $877 million in damages under a default judgment against North Korea. The firm claims that the North Korean hacking group behind the April 18 Kelp exploit previously held these tokens and that its client therefore holds a legal claim to the relevant ETH.
Aave LLC has submitted an emergency motion requesting the dismissal of the asset freeze notice issued against ArbitrumDAO on May 1, 2026. The notice involves approximately $71 million worth of ETH, assets belonging to users affected by the attack on April 18. Aave stated that stolen assets do not grant legal ownership through theft, and the relevant funds were originally intended for restitution to affected users; the freeze instead hinders the compensation process.Aave has requested an emergency hearing from the court to temporarily lift the freeze measure, while stating that it will continue to collaborate with the Arbitrum community and DeFiUnited to advance user compensation efforts.
According to Cointelegraph, U.S. law firm Gerstein Harrow LLP has filed an application with the U.S. District Court for the Southern District of New York seeking a temporary restraining order and three writs of execution to prevent the Arbitrum DAO from transferring 30,766 ETH (valued at approximately $73 million) frozen following the Kelp vulnerability. The firm argues that its clients obtained default judgments against North Korea in U.S. courts in 2010, 2015, and 2016, entitling them to roughly $877 million in compensation—and contends that the stolen ETH constitutes North Korean-linked assets that should be used to satisfy those judgments. Kelp DAO suffered a $292 million hack on April 18; the attacker was identified as TraderTraitor, a subgroup of the North Korean state-sponsored hacking group Lazarus Group. Aave Labs previously proposed unfreezing the seized funds and transferring them into the “DeFi United” fund to compensate rsETH holders—but this legal action by Gerstein Harrow may significantly delay compensation for victims. Members of the Arbitrum DAO community have criticized the move, arguing it shifts the burden of North Korea’s debts onto another set of victims, thereby exacerbating the original harm. Gerstein Harrow had previously pursued litigation related to the 2023 Heco Bridge hack involving Teth
Odaily Odaily PaperImperium, the head of MegaETH, disclosed on X platform that documents from the U.S. District Court for the Southern District of New York show that a U.S. court has issued an injunction against the Arbitrum DAO, prohibiting it from transferring approximately $71 million in ETH assets that were previously frozen during the KelpDAO hacking incident. In response, on-chain detective ZachXBT posted on X platform, stating that certain U.S. law firms are using his investigative work and on-chain forensics to help victims of some hacking incidents file legal claims. However, this practice may actually slow down or hinder victims from receiving compensation or recovering funds.ZachXBT added that in previous hacking incidents involving the Lazarus Group, such law firms often stepped in after on-chain fund tracking or freezing was completed, proposing subsequent legal actions that were weakly related to the crypto incidents themselves. Similar "free-riding claims" strategies were used in events like Harmony and Bybit. He called on the crypto community to establish a DAO to resist such practices.
: MegaETH lead PaperImperium disclosed on X platform a court document from the U.S. District Court for the Southern District of New York, showing that a U.S. court has issued an injunction against the Arbitrum DAO, prohibiting it from transferring approximately $71 million worth of ETH assets that were previously frozen in the KelpDAO hacking incident. The plaintiffs are attempting to use these funds to enforce outstanding judgment compensation in cases related to North Korea's involvement in terrorism, kidnapping, and other matters spanning several years. They have also filed a motion to serve legal notice to the Arbitrum DAO via alternative means, treating it as an accountable "partnership." The court document further notes that the Arbitrum DAO has a Security Council governed by ARB holders, which has the authority to take action in emergencies. As a result, relevant members who refuse to comply may face legal consequences such as contempt of court. Market observers believe that this case could set an important precedent for the U.S. judicial system to directly constrain DAO governance structures, further highlighting the compliance pressure faced by DeFi protocols under real-world legal frameworks.
According to Cointelegraph, the Arbitrum Committee voted to unfreeze $71 million worth of Ethereum to mitigate the $290 million loss caused by the Kelp DAO vulnerability.
: Arbitrum DAO has initiated a governance vote to release the previously frozen 30,766 ETH to support DeFi United, a recovery plan following the Kelp DAO attack.These assets, worth approximately $71.1 million, were frozen by the Arbitrum Security Council on April 20. They were originally funds transferred to the Arbitrum network by the attacker. If the proposal passes, it will become the largest single source of funding for the DeFi United plan.In the early stage of voting, 16.9 million ARB have already been cast in support. Currently, there are no opposing votes. The voting is set to continue until May 7.