Five major DeFi protocols, including Aave Labs, Kelp DAO, LayerZero, EtherFi, and Compound, filed a Constitutional Arbitrum Improvement Proposal (AIP) this week, asking Arbitrum's decentralized governance body to release approximately 30,765.67 ETH, worth around $71 million at current prices. The funds were frozen by the Arbitrum Security Council on April 20 following a $292 million exploit that targeted Kelp DAO's cross-chain bridge on April 18. The proposal requests the transfer of those assets to a recovery multisig wallet as part of a broader industry-wide effort to make affected users whole.

What Happened to the Funds

On April 18, attackers drained 116,500 rsETH (roughly $292 million) from Kelp DAO's LayerZero-powered bridge. rsETH is a liquid restaking token that lets users earn both Ethereum staking rewards and EigenLayer restaking rewards without locking up capital permanently. The breach was not a smart contract bug. Instead, attackers poisoned the RPC nodes that Kelp's single-verifier bridge network depended on, then launched a distributed denial-of-service attack to force the system into a failover. They used that access to approve a fraudulent cross-chain minting event. LayerZero has preliminarily attributed the attack to North Korea's Lazarus Group, though that attribution has not been independently confirmed.

The stolen funds spread across more than 20 blockchains, including Arbitrum, Base, Linea, Blast, Mantle, and Scroll, leaving wrapped rsETH tokens on each of those networks temporarily under-collateralized. In response, protocols including Aave V3, Aave V4, SparkLend, Fluid, Lido earnETH, and Ethena froze their rsETH markets, disrupting active positions across the wider ecosystem. Kelp's emergency pause system blocked two follow-up attempts 46 minutes after the initial drain. The Arbitrum Security Council, acting with what it described as input from law enforcement, moved the 30,766 ETH that had passed through Arbitrum One into a frozen intermediary wallet at 11:26 p.m. ET on April 20, representing roughly one-quarter of the total stolen amount.

The Governance Problem

The catch is time. A standard Constitutional AIP on Arbitrum runs approximately 49 days from forum publication through a Snapshot vote, an on-chain vote, and Layer 2 and Layer 1 waiting periods before final execution. For a live recovery effort, that timeline is a serious constraint. Arbitrum delegate Nicksta made the concern explicit in the governance forum: "It can take up to 49 days to release the frozen ETH. Is it possible to speed up this process?"

The proposal's authors note that releasing the funds costs Arbitrum DAO nothing. No new treasury funds are being spent. The request is purely to unlock assets that already exist in a frozen wallet. If approved, the ETH would move to a 2-of-3 Gnosis Safe (address: 0xf228130ce4fAB082C7D5522c90833cec83A9C15e) controlled by signatories from Aave, Kelp DAO, and smart contract auditor Certora. The Security Council member known as Griff has publicly backed an expedited release but is asking for clearer documentation on how losses will be distributed and how Arbitrum users specifically will be affected before final execution.

The Recovery Coalition

Aave co-founder Stani Kulechov organized a cross-protocol recovery initiative called DeFi United, drawing in Aave, EtherFi, Lido, Ethena, Mantle, Ink Foundation, and BGD Labs, among others. Kulechov personally pledged 5,000 ETH to the effort, a commitment that reflects in part the scale of Aave's own exposure: the protocol faced potential pre-recovery losses of up to $230 million from the exploit, giving Aave Labs a direct stake in the coalition's success. The DeFi United tracker currently shows approximately 69,534 ETH (around $161 million) in pledged and proposed contributions, broken down as roughly 14,570 ETH from public donations, 30,000 ETH from a Mantle credit facility, and a proposed 25,000 ETH contribution from the Aave DAO treasury. The Arbitrum frozen funds, if released, would add the remaining 30,766 ETH.

The recovery effort is not attempting to recoup the full $292 million stolen in the exploit. Most of that sum remains unrecovered across dozens of chains. The coalition is focused specifically on re-collateralizing the shortfall of approximately 76,127 rsETH that the exploit left unbacked, restoring the token's backing for holders rather than recovering the stolen assets themselves. According to The Defiant, that shortfall appears fully coverable if all pending governance proposals pass.

rsETH was trading at approximately $2,108 on April 25, down 17.4 percent over the prior seven days, with a circulating supply of roughly 630,000 tokens and a market cap near $1.31 billion, according to CoinGecko.

A Dispute Between Protocols

LayerZero and Kelp DAO are publicly at odds over who bears responsibility. LayerZero claims it warned Kelp to use multiple verifiers rather than a single-verifier configuration and that Kelp ignored those warnings. Kelp counters that the compromised verifier was LayerZero's own infrastructure, and that the single-verifier setup Kelp used appears in LayerZero's own quickstart documentation and default GitHub repository. Kelp has also noted that it has maintained a direct communications channel with LayerZero since July 2024, and that no specific recommendation to change its rsETH DVN configuration was ever made through that channel. Security researcher Banteg from Yearn Finance noted independently that LayerZero's reference deployment ships with single-source verification as a default across major chains. Chainlink community manager Zach Rynes accused LayerZero of deflecting responsibility. In response, LayerZero announced it will stop signing messages for any application using single-verifier configurations, effectively forcing a migration across its entire ecosystem. About 40 percent of all LayerZero protocols currently use that setup, according to figures Kelp cited in its statement, as reported by CoinDesk.

What This Means for Users Outside the US

The under-collateralization of wrapped rsETH directly affects retail users in South Asia and Africa who hold the token on Layer 2 networks including Arbitrum and Base. In India, Pakistan, and Sri Lanka, rsETH's model of earning restaking rewards without running validator infrastructure has drawn users who access DeFi through mobile wallets. Kelp DAO is part of the Kernel DAO ecosystem, which has roots in South Asian developer communities and has previously highlighted retail participation from India in liquid staking, grounding the region's exposure in reported institutional context rather than general market observation. The DVN configuration dispute also carries direct implications for developers in India and Pakistan who are actively building on LayerZero infrastructure. Teams currently using single-verifier setups face mandatory migration requirements that extend well beyond the immediate recovery effort, adding operational risk at a moment when the protocol's security model is under active scrutiny. Those retail users, meanwhile, now hold a temporarily unbacked asset with limited visibility into DAO proceedings. Similarly, in Nigeria, Kenya, South Africa, and Ethiopia, where DeFi yields serve as practical alternatives to local savings instruments, Aave's market freeze for rsETH disrupted active income strategies.

The broader governance delay is a structural issue with real consequences. Democratic DAO processes are designed for deliberation, not crisis response. For users without off-chain financial alternatives, a 49-day waiting period on a recovery action is not an abstract procedural concern.

If the proposal clears the forum discussion phase, a Snapshot vote would follow under the standard AIP process, though no confirmed accelerated timeline has been established. Whether any expedited mechanism can be applied remains an open question in the forum.