Decentralized finance protocol Aave has filed an emergency motion in New York seeking to lift a restraining notice issued by a U.S. law firm that aims to block the Arbitrum DAO from transferring 30,766 ETH to victims of the Kelp exploit.
The restraining notice, served by Gerstein Harrow LLP on Friday, argues that its clients are entitled to more than $877 million in default judgments against North Korea. The firm claims that the hacker group allegedly behind the Kelp exploit had control of the tokens, giving its clients a legal right to the Ether.
In its filing, Aave contends that stolen assets do not become the lawful property of a thief. It also notes that North Korea’s involvement in the hack has not been definitively proven, calling the law firm’s argument illogical and unsupported by law.
Meanwhile, the Arbitrum DAO is voting on whether to release the funds as part of an industry effort led by DeFi United to compensate rsETH holders and restore the token’s backing after the $292 million Kelp DAO hack on April 18. The vote is set to conclude on May 7.
Delay could cause “irreparable harm” to Aave and the broader crypto ecosystem
Aave argued that if the court upholds Gerstein Harrow’s restraining notice, it could discourage future recovery efforts tied to North Korea-linked hacks, as similar legal challenges may arise when attempting to reclaim stolen funds. The protocol also warned that such a precedent could embolden malicious actors to target more crypto platforms.
Its legal team further stated that the ongoing delay is inflicting “irreparable harm” on Aave, its users, and the wider DeFi community—damage that cannot be remedied through financial compensation alone.
“Keeping these assets frozen and unavailable to restore value to Aave users could destabilize the entire DeFi ecosystem,” the lawyers said.
“While Aave protocol users cannot retrieve their assets from the Aave protocol, if those assets were being used for collateral for other positions elsewhere then continued restraint on the immobilized assets may render those users unable to meet their related collateral obligations.”
Aave also pushed back against Gerstein Harrow’s assertion that its clients are entitled to the frozen Ether, arguing the claim rests on unproven assumptions that North Korea was behind the theft.
According to Aave’s lawyers, the case relies on speculation drawn from online posts, suggesting that North Korea carried out the hack and, by briefly controlling the assets, somehow became their rightful owner—an argument they strongly dispute.
“Plaintiffs in this case appeared and, based on conjecture from internet posts, claimed the thief was North Korea and that its temporary possession of the assets made it the lawful owner, allowing them to restrain the funds for their own benefit,” Aave’s legal team said.
“The immobilized assets do not belong to North Korea or any affiliated entities. Instead, the immobilized assets belong to the users of the Aave protocol who were victimized when a third-party thief effectively stole their assets during a cyber exploit April 18, 2026.”
If the court does not immediately lift the restraining notice, Aave’s lawyers have requested that Gerstein Harrow post a $300 million bond to keep the freeze in place until a ruling is made.
The judge has not yet ruled on the emergency motion, and no hearing date has been set.
Gerstein Harrow has pursued similar claims in the past, asserting that its clients are entitled to funds allegedly stolen by North Korea and later frozen by crypto platforms, including assets linked to the 2023 Heco Bridge hack and the 2025 Bybit exploit.
