Aave Labs has filed a proposal asking the Arbitrum Security Council to release roughly $73.5M in ether it froze from the KelpDAO exploit and redirect the funds toward Aave's rsETH recovery effort, according to a Cointelegraph post on April 27, 2026. The request escalates a saga that began when Arbitrum's Security Council intervened to freeze 30,766 ETH of attacker funds earlier this month.
ETH was trading around $2,367 (+1.7% on the day) at the time of writing, putting the frozen position close to the $73.5M figure cited in the proposal.
What Aave is actually asking for
The proposal does two things at once. First, it formally requests that Arbitrum lift the freeze on the ETH balance the Security Council currently controls. Second, it asks that the released funds be routed into Aave's recovery program rather than back to the attacker's wallet. That program already exists: Aave's rsETH recovery fund hit its backing threshold earlier this month and is awaiting governance votes to deploy.
The $73.5M figure is meaningful because it lines up with the slice of stolen ETH that never made it to the attacker's exit liquidity. The hacker has been busy rotating the rest of the proceeds, including a 75,700 ETH swap into bitcoin worth roughly $175M. The Arbitrum-frozen tranche is what is still recoverable on-chain.
Why this is more than a routine governance vote
Security councils on rollups exist mainly to handle bridge bugs, contract upgrades, and emergency pauses. Reassigning attacker funds to a third-party creditor is a different kind of action. It moves the council from defensive housekeeping into something closer to a court of equity, deciding who has the better claim on assets that are technically still attached to a hostile address.
That distinction matters for two reasons:
- Legal exposure: An L2 council deliberately moving frozen ether to a specific protocol's recovery wallet looks a lot like asset distribution. Council members may want indemnification or external legal cover before signing.
- Precedent: If Arbitrum approves it, every future council will be asked to do the same in the next exploit. That can cut both ways: faster victim recovery, but more pressure on a small group of signers in every incident.
The Aave side has its own complications. The protocol is also weighing other forms of relief, including a 30,000 ETH loan from Mantle to cover KelpDAO bad debt. A successful Arbitrum redirect would change the math on how much of that loan Aave actually needs to draw.
What happens if Arbitrum says yes
The most direct effect is balance-sheet relief on Aave. The protocol's KelpDAO-related bad debt has been the central reason for the rsETH freeze and for the deposit pressure visible across Aave markets in recent weeks. A clean $73.5M return reduces both the recovery fund's burden and the size of any external loan facility.
The second-order effect lands on Arbitrum's role in the stack. Application teams will start treating the council as a partial backstop in the way users once treated centralized exchanges after hacks. That changes the threat model. A council that can redirect attacker funds is also one that, in extreme scenarios, could be pressured to redirect non-attacker funds. Critics of supermajority security councils will point at that, fairly or not.
What still has to happen
Three things have to land before any ETH actually moves. The Aave Labs proposal must clear Aave's own governance loop. The Arbitrum DAO has to weigh in on whether the council should act on a third party's request. And the Security Council itself, the small group of signers who hold the multisig, has to execute. Any of those steps can stall, and any new development from law enforcement or on-chain forensics could change the picture.
For now the headline is narrow but specific: a $73.5M attacker balance, a specific redirect target, and a governance request that puts a rollup council in a role it has not played before.
Overview
Aave Labs has asked the Arbitrum Security Council to unfreeze roughly $73.5M in ETH tied to the KelpDAO exploit and route the funds into Aave's rsETH recovery program. The request escalates Arbitrum's earlier 30,766 ETH freeze and tests whether L2 security councils can be used to redistribute attacker assets to creditors. If it passes Aave governance, the Arbitrum DAO, and the council itself, the move would meaningfully cut Aave's outstanding KelpDAO bad debt and reshape expectations for how rollups handle future exploits.
