A legal fight is unfolding after a major DeFi exploit, with Aave urging a U.S. court to release recovered funds back to affected users instead of allowing them to be seized under terrorism-related claims.

The dispute stems from an April attack involving Kelp DAO’s rsETH token, where a hacker exploited a cross-chain bridge vulnerability to borrow roughly $230 million in ether using unbacked collateral. In a rare recovery effort, the Arbitrum Security Council managed to secure over 30,000 ETH tied to the attacker.

However, the situation took a turn when U.S. plaintiffs linked to terrorism cases against North Korea moved to freeze the funds, arguing the assets could be connected to the Lazarus Group. This legal claim could allow the funds to be redirected as compensation under U.S. law.

Aave strongly disputes this position. Founder Stani Kulechov stated that stolen funds should not be treated as the property of attackers, emphasizing that the assets belong to users affected by the exploit. The protocol has asked the court to lift the freeze or require a substantial bond to maintain it.

Meanwhile, recovery efforts remain stalled. A coalition of DeFi players—including Aave Labs and partners—has raised over 137,000 ETH to stabilize losses, but access to the frozen funds is critical to fully restore user balances.

At a broader level, the case raises important questions for decentralized finance: when DAOs coordinate actions like freezing funds, do they begin to resemble traditional financial intermediaries in the eyes of regulators?

With a court decision pending, the outcome could set a major precedent for how legal systems treat hacked crypto assets—and who ultimately has the right to claim them.