On Monday in Novel York, Aave filed an emergency motion to lift an injunction issued by a US law firm aimed at preventing the Arbitrum DAO from transferring 30,766 frozen ethers to victims of the Kelp exploit.
Gerstein Harrow LLP filed a cease and desist notice with Arbitrum DAO on Friday, arguing that its clients are owed more than $877 million in default judgments against North Korea. A law firm claims that the North Korean hacking group responsible for the Kelp exploit was in possession of the tokens, giving its clients legal claims over the Ether network.
Ghost filed an emergency motion to a Novel York district court arguing that a thief does not acquire legal ownership of property by stealing it. It was also argued that North Korea was only suspected of involvement in the theft and that the office’s argument “defies logic, common sense and the law.”
The Arbitrum DAO voted to release Ether to facilitate DeFi United, an industry-wide coordination effort to unite rsETH holders and facilitate restore rsETH support following the $292 million DAO hack on April 18. Voting ends on Thursday.
Source: Ghost
The delay will cause “irreparable harm” to Aave, the crypto ecosystem
Aave argued that if the court upholds Gerstein Harrow’s notice, it could discourage future recovery efforts for North Korea-related hacks due to the possibility of additional legal challenges being filed to recover funds. He further argued that this could encourage bad actors to attack more cryptographic protocols.
Aave’s lawyers also warned that the delay causes “irreparable harm” to the protocol, its users and the broader DeFi community, “none of which can subsequently be cured by monetary damages.”
“If stranded assets remain frozen and are not made available to restore value to users of the Aave protocol, there is a risk of destabilizing the entire DeFi ecosystem,” Aave lawyers said.
“Although Aave users cannot recover their assets from the Aave protocol, if those assets have been used as collateral in other positions elsewhere, then further restrictions on immobilized assets may result in these users being unable to meet their associated collateral obligations.”
Aave said that if the court upholds Gerstein Harrow’s notice, it could encourage bad actors to target more cryptographic protocols. Source: Listener of the Court
They then argued against Gerstein Harrow’s claim that its clients were entitled to the frozen ether, and also said the case was based on unsubstantiated allegations that North Korea was the thief.
“Plaintiffs have come forward in this case alleging – based on assumptions in internet posts – that the thief was North Korea and that by stealing the assets for a few hours, North Korea somehow became the rightful owner of those assets so that plaintiffs could keep them for their own purposes,” Aave’s lawyers said.
“The immobilized assets do not belong to North Korea or any related entities. Instead, the immobilized assets belong to Aave protocol users who fell victim when an external thief successfully stole their assets during a cyberattack on April 18, 2026.”
Related: Google Cloud reports North Korea-linked crypto malware campaign
If the court cannot immediately lift the restraining order, Aave’s lawyers are demanding that Gerstein Harrow post a $300 million bond to keep the restraining order in place until a decision is made.
The judge has not yet ruled on the emergency motion and a hearing date has not been set.
Gerstein Harrow has filed similar cases in the past, arguing that its clients have claims to funds stolen by North Korea and frozen by crypto companies, including resources from the 2023 Heco Bridge hack and the 2025 attack Bybit to utilize.
Warehouse: DeFi’s billion-dollar secret: the insiders behind the hacks
