DailyCoinPost
DailyCoinPost

North Korea Stole $71 Million From KelpDAO. Now a Law Firm Is Trying to Steal It From the Victims

0
By on Prefer us on Google News

Key Takeaways

  • Arbitrum froze $71 million stolen by North Korea’s Lazarus Group in the KelpDAO hack, but a US law firm has now blocked the recovery with a restraining order.
  • Gerstein Harrow LLP is claiming the funds using a 2015 court judgment against North Korea for an unrelated crime, meaning actual hack victims may lose their money to pay someone else’s damages.
  • ZachXBT has named the firm publicly and proposed a community DAO to fight the claim, while 30,000 ETH sits frozen with no court timeline set for resolution.

The KelpDAO hack was supposed to have a rare ending.

North Korea’s Lazarus Group drained $292 million on April 18. They left $71 million sitting on Arbitrum, a Layer 2 network whose Security Council has emergency powers to freeze funds. Arbitrum used those powers, moved the ETH to a frozen wallet, and for a brief moment it looked like DeFi had gotten one back.

That was two weeks ago. Now a US law firm has filed a restraining order blocking Arbitrum from touching the money. The firm is not representing KelpDAO victims. It is representing the family of a South Korean pastor abducted from China and killed by North Korea in 2000.

Their argument: the frozen ETH is North Korean property, and they hold a 2015 court judgment entitling them to North Korean assets. ZachXBT named the firm: Gerstein Harrow LLP.

The 2015 Judgment

Han Kim and Yong Seok Kim are US nationals whose family member was abducted by North Korean agents in 2000 and killed. They sued North Korea and won. The DC Circuit awarded them $15 million each in compensatory damages and $300 million in punitive damages.

That judgment is real. North Korea has never paid. So Gerstein Harrow has been scanning for North Korean assets it can seize. Last month, they found a pile: 30,000 ETH frozen on Arbitrum, attributed to Lazarus Group, sitting in a wallet controlled by DAO governance.

They filed for a restraining order. A federal court granted it. As blockchain lawyer Gabriel Shapiro noted on X, Arbitrum DAO cannot unilaterally decide what to do with the funds. That gets litigated in court, with no timeline set.

The money meant for KelpDAO victims is now frozen indefinitely.

The Problem With the Argument

ZachXBT called the claims fake and named Gerstein Harrow directly, arguing their approach has no connection to the current hack. The 2015 judgment stems from crimes in 2000. KelpDAO was hacked in 2026. The ETH in Arbitrum’s frozen wallet was stolen from specific users who deposited into rsETH six weeks ago.

The legal theory is that North Korean state assets can be seized to satisfy judgments against North Korea regardless of origin. Sovereign asset seizure is a legitimate legal mechanism. The problem is that this is not sovereign wealth. It is money stolen from retail DeFi users two weeks ago.

If the claim succeeds, victims of a North Korean hack lose their recovered funds to pay damages awarded to victims of a completely different North Korean crime.

What This Exposes

North Korea’s Lazarus Group has stolen over $6 billion in crypto since 2017, accounting for 76% of all crypto hack losses so far in 2026. The KelpDAO exploit followed $285 million taken from Drift Protocol weeks earlier.

Arbitrum’s intervention was seen as a landmark moment for DeFi governance. Griff Green of the Security Council called it “an extraordinary but necessary intervention.” The Aave coalition that pooled ETH from Lido, Mantle, and EtherFi to backstop rsETH holders had plans that relied on seized funds flowing back through governance. All of that is now stalled.

ZachXBT has proposed a community DAO to counter the firm legally. The victims are still waiting.

The Uncomfortable Math

There is a version of this where the law firm’s argument is technically legitimate. American citizens who won court awards against North Korea have every right to pursue available assets. The frozen ETH is, by Arbitrum’s own statement, North Korean property.

But legally legitimate is not the same as morally defensible. KelpDAO users had no relationship to North Korean state crimes in 2000. They used a DeFi protocol. It got hacked. The funds were partially recovered. Now a law firm wants to redirect that recovery to satisfy an unrelated judgment.

The exploitation of frozen asset pools with unrelated legal claims is a new dimension to the hack recovery problem. One that will play out in courtrooms, not on the blockchain.

DeFi rugged DPRK. Then a law firm tried to rug DeFi.

Post Views: 119

About Author

Etan Hunt is a Bitcoin researcher, writer, and monetary reform advocate with over 5 years covering cryptocurrency markets, blockchain technology, and the economics of decentralised money. A committed Bitcoin maximalist, Etan believes the separation of money and state is as fundamental to human freedom as the separation of church and state, and writes from that conviction. His work on DailyCoinPost covers Bitcoin fundamentals, on-chain analysis, crypto security, and the evolving regulatory landscape. He has tracked multiple market cycles and written extensively on the macro case for sound money. Connect with Etan on LinkedIn or follow his coverage across DailyCoinPost. Verified on Muck Rack

Related Posts

Disclaimer: DailyCoinPost publishes news, analysis, and commentary on Bitcoin and cryptocurrency markets. Nothing on this site is financial advice. Bitcoin is volatile. Markets move fast. What you read here reflects our research and perspective at the time of writing — not a recommendation to buy, sell, or hold anything. Do your own research. Consult a professional if you need one. Full details in our Terms of Use and Privacy Policy.