Aave filed a federal court motion in New York to block the seizure of $71 million in frozen Ethereum linked to the April rsETH exploit on Arbitrum, arguing that judgment creditors holding decades-old damages awards against North Korea have no legal claim to assets belonging to innocent protocol users.
How the Frozen ETH Became a Legal Battleground
The dispute stems from the April rsETH exploit, which allowed attackers to use improperly valued collateral on Aave to withdraw approximately $230 million in ETH. When the Arbitrum Security Council froze 30,765 ETH in response, judgment creditors—holding $877 million in combined damages awards against North Korea—moved to claim the assets based on alleged links to the Lazarus Group, a hacking outfit tied to North Korean state interests. Aave’s legal team calls this attribution theory “conjecture” built on unverified reports, not evidence sufficient to justify seizing funds from protocol users who had no involvement in the exploit.
The Legal Clash Over Asset Ownership
The core dispute hinges on property law. Judgment creditors argue that briefly stolen assets held by hackers can be claimed against existing judgments. Aave disputes this directly, contending the frozen funds belong to innocent users whose collateral was exploited, not to the attackers or any foreign state. The motion warns that prolonged freezing could trigger cascading liquidations across Aave and deter future recovery efforts by protocols during security incidents. No court ruling date has been set, leaving the $71 million in limbo as the legal arguments proceed in the Southern District of New York.
Precedent and DeFi Recovery at Stake
The case carries implications beyond Aave. DeFi protocols routinely coordinate with blockchain validators and security councils to freeze stolen funds pending recovery. If judgment creditors can claim recovered assets based on alleged attacker affiliations—without confirmed attribution from U.S. authorities—it creates legal uncertainty around hack mitigation efforts. Aave’s challenge signals that major protocols will defend user asset claims against speculative seizure attempts, even when framed as terrorism-related enforcement.
