A U.S. federal judge has cleared the way for decentralized finance platform Aave to move nearly $71 million worth of Ethereum linked to a North Korea-associated cyberattack. This marks a major legal and regulatory moment for the crypto industry.
The ruling, issued by Judge Margaret Garnett in the Southern District of New York, allows frozen Ethereum assets on the Arbitrum network to be transferred to a wallet controlled by Aave LLC. At the same time, the order maintains legal restrictions on the funds. The decision comes after weeks of courtroom disputes involving victims of terrorism-related claims against North Korea. In addition, DeFi recovery groups have been attempting to return stolen assets to affected users.
Court Decision Strengthens DeFi Recovery Efforts
The case centers around approximately 30,766 ETH that was frozen following the April 2026 KelpDAO exploit. This is one of the largest decentralized finance hacks this year. Blockchain investigators linked the exploit to the Lazarus Group. This is a cybercrime organization widely believed to operate on behalf of North Korea.
Hackers reportedly exploited vulnerabilities tied to KelpDAO’s LayerZero bridge infrastructure, draining nearly $292 million in rsETH-related assets. In response, the Arbitrum Security Council froze a large portion of the stolen Ethereum before it could be fully laundered through crypto protocols.
Aave, along with KelpDAO, Certora, EtherFi, and other members of the “DeFi United” coalition, proposed a coordinated recovery plan. This plan was designed to stabilize affected markets and reimburse impacted users.
Judge Garnett’s order now permits an on-chain governance vote allowing the transfer of those frozen funds to Aave LLC. However, the restraining notice attached to the assets remains active. This means Ethereum cannot be freely used or distributed until the broader legal dispute is resolved.
North Korea Terrorism Claims Complicate Recovery Process
The legal challenge emerged after attorney Charles Gerstein, representing families holding nearly $877 million in unpaid terrorism judgments against North Korea, attempted to seize the frozen crypto assets.
The plaintiffs argued that because the Lazarus Group allegedly carried out the hack, the Ethereum should qualify as North Korean property eligible for seizure under existing terrorism judgments.
Aave strongly opposed that interpretation in court filings, stating the funds belong to innocent users harmed by the exploit rather than the hackers themselves.
In its motion, Aave argued that stolen assets do not legally become the property of thieves simply because they were taken. The company warned that blocking the recovery process could create broader instability across decentralized finance markets. Furthermore, it said it could delay restitution for affected investors.
The judge ultimately sided with Aave on the procedural issue, allowing the transfer to proceed while preserving the plaintiffs’ ability to continue pursuing their claims in court.
Why the Aave and Ethereum Ruling Matters for Crypto Markets
The decision is already being viewed as a landmark development for crypto regulation, DeFi governance, and blockchain asset recovery.
Legal experts say the case could influence how courts treat frozen cryptocurrency tied to international cybercrime and sanctioned entities in future disputes. In addition, it raises broader questions about ownership rights involving hacked digital assets. Experts also wonder whether decentralized protocols can coordinate recoveries without violating sanctions laws.
For Ethereum investors and DeFi developers, the ruling provides temporary relief after weeks of uncertainty surrounding the frozen assets. The recovery process is expected to help reduce bad debt exposure tied to the exploit. It is also likely to restore confidence in affected liquidity pools.
Meanwhile, developers across the decentralized finance sector are reportedly reviewing bridge security models and governance safeguards following the KelpDAO incident. Several protocols have already begun replacing single-verifier systems that investigators believe contributed to the exploit.
Although the immediate transfer has been approved, the final legal ownership of the $71 million in Ethereum remains unresolved. Future court proceedings are expected to determine whether the assets ultimately return to protocol users. Otherwise, they could become subject to enforcement claims tied to North Korea-related terrorism judgments.
