Arbitration delegates are determining whether to release 30,765 ETH frozen after last month’s rsETH exploit as part of a coordinated recovery effort. But a lawyer for victims of North Korean terrorism showed up at the forum and told them that wasn’t possible.
Ether was drained from holders of reinvested ETH (a representative token of ETH that is locked to another platform for fixed returns) during the April 19 Kelp DAO bridge exploit, which CoinDesk previously reported as the largest DeFi hack of 2026.
The governance post, written by attorney Charles Gerstein, serves as a cease-and-desist notice under New York law on behalf of three groups of judgment creditors holding approximately $877 million in claims against the Democratic People’s Republic of Korea.
The allegations behind the filing date back decades. One stems from the 1972 Lod airport massacre in Israel, where gunmen killed 26 people, including 17 Puerto Rican pilgrims, in an attack that was later ruled by a U.S. court to have been supported by North Korea.
Another case involves the Rev. Kim Dong Shik, a permanent resident of the United States who was kidnapped near the Chinese border in 2000 and then killed while in DPRK custody. A third connection is to Israel’s 2006 war with Hezbollah, in which a federal judge found that Pyongyang provided weapons and training used in rocket attacks.
The plaintiffs won their case but North Korea never paid. With sovereign assets effectively impossible to seize, the families spent years searching for every North Korean asset they could legally collect on to satisfy their judgments.
Gerstein’s filing argues that because U.S. authorities linked the Lazarus Group, the hacking unit responsible for the exploit, to the North Korean state, the 30,765 ETH frozen by the Arbitrum Security Council is considered North Korean property under U.S. law.
If the court accepts this framework, families whose judgments are unpaid will have a first legal claim to these funds, ahead of the rsETH depositors who originally held them.
The reason Arbitrum is involved is simple: after the rsETH exploit, its Security Council froze 30,765 ETH at a specific address on its network, effectively placing the funds under its control. Gerstein’s filing references three underlying cases, Calderon-Cardona, Kim and Kaplan, with writs of execution totaling approximately $877 million.
The legal tool used is CPLR §5222(b), a New York enforcement mechanism that allows creditors to freeze their assets simply by serving a cease-and-desist notice, without first obtaining a new court order, although the target can later contest it.
Once served, the recipient does not have the right to move the assets for up to one year or until the judgment is resolved. Ignoring it can lead to contempt of court, the same category of offense used when someone defies a judge’s order.
The complication here is that Arbitrum DAO is not a company with a clear legal status. This means that the risk is not directly related to the “DAO”, but that a court ultimately decides to have control over the frozen ETH.
The filing and the legal theory presented sparked reactions in the same thread. Delegate Zeptimus argued that the legal principle was backwards, writing that ETH “is not property in which the DPRK has an ‘interest’… It is stolen property,” and adding that under fundamental property law “a thief acquires no title.”
From this perspective, the funds belong to the original depositors of rsETH and the proposed recovery effort is not a redistribution but a return of the assets to their rightful owners. Blocking this process, Zeptimus writes, “shifts the cost of the DPRK’s debt onto another group of victims who have themselves been robbed.”
Delegates had been working on a different set of compromises. Entropy Advisors requested a FOR vote, citing the cost of daily interest for Aave users whose positions are locked in. Axia raised questions about whether the Arbitrum captive insurance product would cover delegates if something went wrong.
Gerstein’s case sharpens this question considerably, where coverage for the delegate’s ordinary civil liability is one thing but exposure related to a live enforcement action is another.
What remains is a choice between victims. On one side, Aave depositors with positions they cannot close. On the other, the families behind decades-old judgments against North Korea, who are still seeking recovery.
