US Court Authorizes Transfer of $71 Million in ETH Linked to North Korean Hack to Aave: A Milestone Amid Legal Battle with Terrorism Victims

On May 9, 2026, Judge Margaret Garnett of the U.S. District Court for the Southern District of New York authorized the transfer of approximately $71 million worth of Ethereum (ETH) that had been frozen on the Arbitrum network to the Aave protocol. This ruling was made amidst a fierce legal battle between the DeFi protocol, which seeks to recover user funds lost in a North Korea-linked hack, and terrorism victims attempting to enforce damage judgments against North Korea.

The transfer of assets is permitted, but the legal freeze continues to follow the assets.

While allowing the movement of the assets, Judge Garnett made it clear that the legal rights regarding the Ethereum have not been fully resolved. She explained that because the plaintiffs—terrorism victims—continue to assert their rights to the assets, the legal effect of the freeze remains attached to the funds even after they are moved to Aave. This means that although the physical location of the assets changes, their status as the subject of legal litigation remains unchanged.

Origin of the Dispute: Kelp DAO Exploit and Asset Freeze

The dispute traces back to an exploit that occurred at Kelp DAO. At the time, the attacker reportedly used a method of 'borrowing' Ethereum based on credit to seize the assets, leading the Arbitrum team to freeze 30,766 ETH immediately following the incident. Subsequently, a legal battle between Aave and the terrorism victims over the ownership and disposal rights of these assets began in earnest.

• Total Asset Volume: 30,766 ETH (approx. $71 million)
• Initial Source: Kelp DAO exploit
• Current Network: Arbitrum
• Legal Status: Transfer to Aave approved as of May 9, 2026

Aave has requested the court to lift the freeze, arguing that the funds are not the property of the hacker but rather the liquidity of the protocol's users. Aave emphasized its plan to use these funds to compensate affected users through a governance-led recovery model. In particular, Aave has maintained the position that protecting user assets is the top priority to restore trust in decentralized finance.

Conversely, the plaintiffs, who are terrorism victims, believe the assets are linked to state-sponsored hackers such as North Korea's Lazarus Group. They maintain that the cryptocurrency should be seized to enforce existing legal judgments won against North Korea. In documents submitted on May 5, 2026, attorneys for the victims argued for the legitimacy of the seizure by reclassifying the incident not as simple theft, but as credit fraud.

According to statistics from TRM Labs, 2026 is recording an all-time high for North Korea-linked cybercrime. As of April 2026, approximately 76% of all cryptocurrency hack losses were analyzed to be the work of North Korea, an increase from 64% in 2025. This background has added complex political and economic considerations for the court in delivering rulings on North Korea-linked assets.

Arbitrum delegates showed overwhelming support for Aave's fund recovery plan, demonstrating strong solidarity at the community level. Linda Jeng, Chief Legal Officer of Aave Labs, stated that following this incident, the protocol is expanding its risk framework beyond simple financial metrics to include reviews of cybersecurity and technical structures. This is interpreted as an intention to build a preemptive response system for similar security incidents that may occur in the future.

The market is showing a cautious reaction to the ruling. As of May 7, 2026, the price of the Aave (AAVE) token recorded $94.13, down 0.24% over 24 hours, but future trends are being watched as some legal uncertainty has been resolved. This case is expected to serve as an important precedent for balancing the rights of DeFi users with international sanctions and the enforcement of legal judgments.

Legal experts are paying attention to the attempt to reclassify the hacking act as 'credit fraud' in this case. This is a strategy to broaden the scope of legal response by interpreting that the attacker did not simply steal the assets but borrowed the funds by exploiting vulnerabilities in the protocol. Such a shift in the legal framework could significantly impact how the nature of assets is defined in future cryptocurrency-related litigation.

In conclusion, Judge Garnett's decision favored Aave's attempt to secure the liquidity of the frozen assets, but it also suggests that the terrorism victims' claims of rights remain valid. A second legal battle over compensation is expected even after the assets move to the Aave protocol. This will serve as a testing ground for how the decentralized finance ecosystem survives and evolves within the grand discourse of international legal conflicts and the freezing of terrorist funds.