The LayerZero Failure and How Code Isn’t the Law Anymore

Summary

• April 18 was not a contract bug. It was a LayerZero infrastructure failure.
• A US court has frozen 30,766 ETH (~$71M) that Arbitrum DAO had voted to deploy for victim recovery.
• Creditors holding terrorism judgments against North Korea – totaling more than $877M – are now competing for the same funds.
• LayerZero settled with FTX’s bankruptcy estate in January 2025, signaling how crypto disputes are already shifting into legal arenas.

The $292 million that moved out of Kelp DAO’s bridge on April 18 did not move because of a bug in Kelp’s contracts. Two weeks later, a US court has stopped Arbitrum DAO from doing what its governance had nearly unanimously voted to do.

Both events point in the same direction. DeFi is no longer running on code alone.

For years, the assumption has been that on-chain systems run without external interference. If something executes, it is final. If governance passes, it gets enforced.

That assumption had a quiet dependency: that the off-chain infrastructure underneath was either decentralized enough to be beyond reach, or irrelevant enough that no one would bother. And that legal systems would not care about disputes happening on Ethereum.

Neither is true anymore.

This Starts With LayerZero, Not rsETH

The April 18 incident is often described as an rsETH exploit.

That framing misses the point.

The failure began with infrastructure operated by LayerZero Labs. LayerZero has linked the attack to Lazarus, the North Korea-associated hacking group, framing it as an external adversarial event.

Approximately $292 million was drained after an attacker forged a cross-chain message that the system accepted as valid. The contracts involved behaved exactly as written. There was no bug at the application layer.

The issue sat underneath.

According to Kelp’s post-incident analysis – corroborated by external researchers including Chainalysis – compromised RPC nodes and a coordinated DDoS attack forced LayerZero’s verifier to fall back on poisoned data, allowing a forged message to pass through and release funds.

Protocols built on LayerZero had no visibility into that layer. They could not audit it. They could not secure it. But it had the authority to release their funds.

LayerZero has pointed to Kelp’s choice of a single-verifier (“1-of-1 DVN”) setup as the underlying weakness. Kelp has argued that this configuration was aligned with LayerZero’s documented defaults and standard deployment patterns across major integrations – a claim external security researchers have largely supported. Whichever side you take, the upshot is the same: the failure occurred in a layer the consuming protocol could not control.

The downstream cost has been concrete. LlamaRisk has modeled $124 million to $230 million in bad debt at Aave alone, depending on how Kelp’s losses are allocated. Available WETH liquidity at Aave fell from $689 million to $1.5 million in two hours. The exploit did not stop at Kelp.

The Arbitrum Freeze Took It Off-Chain

After the exploit, Arbitrum DAO’s Security Council moved to freeze a portion of the stolen ETH that had been bridged through Arbitrum. That part followed a familiar pattern.

The rest did not.

A multi-protocol coalition known as DeFi United – led by Aave, Kelp DAO, and others – assembled more than $300 million in pledges to make affected users whole. Consensys committed 30,000 ETH. Mantle extended a 30,000 ETH low-interest loan. A Snapshot vote opened April 30 to release the frozen Arbitrum ETH into the recovery effort, ran 99% in favor, and was set to execute by May 7.

Then the court arrived.

On May 1, the US District Court for the Southern District of New York issued a restraining order preventing Arbitrum DAO from moving the 30,766 ETH it had frozen – roughly $71 million. The claim does not come from anyone harmed by the exploit. It comes from creditors holding old, unpaid terrorism judgments against North Korea, with combined awards exceeding $877 million tied to the killing of Reverend Kim Dong-shik, the Lod Airport massacre, and alleged North Korean support for Hezbollah during the 2006 Lebanon war.

Their legal theory: DAOs can be treated as general partnerships, making the entity’s assets – and potentially its members – reachable.

That theory has already cleared early hurdles in court. In Sarcuni v. bZx DAO (2023), a federal judge in California allowed plaintiffs to plausibly allege that bZx DAO was a general partnership and that its token holders could be sued as general partners. The firm running the current Arbitrum action, Gerstein Harrow, brought that case too. They are running the same playbook here.

So the situation now looks like this:

• A protocol whose users were exploited
• A DAO that voted to deploy frozen funds for victim recovery
• External creditors with no connection to the exploit claiming the same funds
• A US court deciding the outcome

None of these systems were designed to interact. They are interacting now.

Why LayerZero Doesn’t Get to Walk Away

Once courts enter the picture, the scope expands.

If creditors with no connection to the exploit can stake a claim over these funds, parties that were harmed by it have at least as much standing to do the same. That includes the LPs sitting on tens of millions in modeled bad debt, and users whose losses trace back to a layer they could not control.

And that brings LayerZero Labs back into focus.

There is precedent for where this leads. LayerZero settled with FTX’s bankruptcy estate in January 2025, ending a roughly two-year dispute over pre-collapse withdrawals through a buyout of FTX’s equity, token, and warrant interests. Different facts, same dynamic: large losses, an identifiable counterparty, resolution off-chain through legal process.

Galaxy Research has noted that resolving the current situation requires coordination across multiple actors with conflicting interests, with questions of legal liability already part of the conversation.

If April 18 is increasingly understood as an internal infrastructure failure rather than a smart contract exploit, the question of who bears responsibility will not stay within DeFi.

The Assumption That Is Breaking

DeFi has been built on the idea that code determines outcomes.

The past two weeks have surfaced two forces that on-chain governance cannot reach: off-chain infrastructure that protocols rely on but do not control, and legal systems that intervene regardless of what executes on-chain. April 18 surfaced the first. May 1 surfaced the second.

Infrastructure providers are companies. They have legal identities, settlement histories, and addressable liability. Courts do not need DeFi’s permission to intervene in disputes involving hundreds of millions of dollars.

What DeFi has not yet worked out is what to do when both arrive at the same time.