Arbitrum has moved quickly to contain fallout from the KelpDAO exploit. The network activated emergency measures to secure compromised funds.
The response focused on protecting users and preserving network stability. Authorities and security teams now coordinate to manage the aftermath.
Arbitrum Security Council secures funds without disruption
The Arbitrum Security Council confirmed it froze 30,766 ETH linked to the attacker. The council said it identified the funds after a detailed technical analysis.
It then executed a plan to move the assets to safety. Officials explained that the approach avoided disrupting the network’s normal operations.
According to the post on X, the council stressed that no users or applications faced any impact.Â
The statement noted that the intervention isolated the issue without altering the broader chain state. The team said it prioritized maintaining trust across the ecosystem.
The council also confirmed that the funds now sit in a frozen intermediary wallet. It added that the attacker can no longer access the Ethereum (ETH).Â
Any future movement will require approval through Arbitrum’s governance process. Authorities will also take part in that process.
Officials indicated that coordination with law enforcement continues. The goal remains to secure the assets and assess further steps.
The council maintained that the wider blockchain remains intact and fully operational.
KelpDAO exploit traced to cross-chain vulnerability
The KelpDAO exploit ranks among the largest crypto hacks of 2026. Attackers drained about $300 million worth of rsETH from the protocol.
Reports showed the breach stemmed from a flaw in KelpDAO’s cross-chain bridge.
The vulnerability allowed unbacked tokens to be minted and transferred across networks. Once attackers gained access, they moved quickly across DeFi platforms.
They used the stolen rsETH to borrow assets such as ETH. This activity triggered disruptions across multiple protocols.
Several platforms paused markets to review exposure to the compromised token. In response, KelpDAO halted its rsETH contracts.
The platform said it worked with partners and security teams to limit further damage.
LayerZero later pointed to KelpDAO’s security setup as a key weakness. It stated that the platform relied on a single-verifier system despite earlier warnings.
According to LayerZero, attackers targeted the infrastructure rather than the protocol code.
The attackers reportedly gained control of two RPC nodes used for transaction verification. They replaced the software with malicious versions.
These nodes then fed false data to the verifier while appearing normal to observers.
