Arbitrum delegates signaled support, in a non-binding sentiment check, for a plan to release $71 million in ether frozen after last month’s Lazarus-linked rsETH exploit, amid an active US court battle over ownership of the funds.
The so-called phase one of the temperature check, which closed Friday afternoon Hong Kong time with more than 90% support, favors the release of 30,765 ETH frozen by Arbitrum’s Security Council following the April 18 exploit, in which attackers used unsupported rsETH tokens as collateral for Aave to borrow around $230 million in ETH from the protocol.
The vote took place on an off-chain voting platform commonly used by crypto governance communities to gauge the sentiment of delegates before initiating formal action. During Arbitrum’s governance process, the result does not in itself move funds or change protocol rules. Think of it as a referendum before a piece of legislation is passed.
Any actual transfer would require a separate onchain Constitutional Arbitrum Improvement Protocol (AIP), a formal governance proposal that can perform binding actions if approved by token holders. The strong support shown in the mood check suggests that delegates may prefer to advance a formal AIP on the proposal.
The frozen ether is earmarked for a coordinated industry recovery effort led by Aave, KelpDAO, LayerZero, EtherFi and Compound, with the goal of making affected users whole.
But those same funds are also at the center of an escalating legal dispute in Manhattan federal court.
Last week, attorney Charles Gerstein, who represents families with about $877 million in unpaid terrorism judgments against North Korea, served a restraining order on the Arbitrum DAO, arguing that the frozen ETH constitutes North Korean property because the exploitation has been widely attributed to Pyongyang’s Lazarus Group.
It triggered an acute legal battle.
Aave moved earlier this week to vacate the hold notice, arguing that the assets belong to innocent users, not North Korea, and warned that continued delays risk “cascading liquidations” and broader instability across decentralized financial markets.
Gerstein fired back on Tuesday, claiming the exploit was not theft but fraud, meaning the attackers gained legal ownership of ETH by defrauding Aave’s lending markets with worthless collateral.
Friday’s government vote does not mean that the funds will move immediately.
Furthermore, even if approved later on the chain, the proposed transfer would face Arbitrum’s standard roughly eight-day L2-to-L1 withdrawal delay before any ETH could move, potentially giving the Manhattan court time to intervene.
Nor did arbitrators vote blindly on the legal risk. The draft snapshot proposal contained indemnification protections for the Arbitrum Foundation, Offchain Labs, members of the Security Council and government delegates against certain claims arising from either freezing or releasing ETH, although these protections would only take effect if later enacted through a successful onchain Constitutional AIP. Still, the inclusion of language underscored how unusual the effort around the vote had already become.
Speaking at Consensus Miami this week, Aave Labs Chief Legal and Policy Officer Linda Jeng said the exploit had already forced the protocol to rethink its risk framework and expand security standards beyond financial metrics to include cybersecurity, interoperability and technical architecture reviews.
Jeng, who worked as a regulator during the 2008 financial crisis, drew a contrast to the taxpayer-backed bailouts of traditional finance.
“In the financial crisis we had to bail out the banks,” she said. “Here we came together as an ecosystem to save ourselves.”
CORRECTION (9 May 2026, 02:00 UTC): Corrects that the measure was a snapshot, not a binding arbitrum improvement proposal
