The highly anticipated "Kelp Theft, Aave Bad Debt" incident has taken another unexpected turn.

Just as everyone believed the fundraising was complete and the vulnerability would soon be fully resolved (see《Final Fix Plan Unveiled: The Aave Bad Debt Scandal May Finally Be Over》), a law firm has issued an injunction—unexpected by the entire crypto community—targeting the actual ETH funds intended to patch this exploit.

On May 2, PaperImperium, head of MegaETH, disclosed an official document from the U.S. District Court for the Southern District of New York on X. The filing reveals that Gerstein-Harrow, a U.S. law firm, has submitted a motion for an injunction requesting that Arbitrum DAO not transfer approximately $71 million in ETH previously frozen during the Kelp hack incident, arguing that these funds should be used to satisfy uncollected court judgments related to North Korea’s long-standing involvement in terrorism, kidnapping, and other crimes.

Odaily Note: The original injunction document can be viewed here.

Gerstein-Harrow has also requested alternative service of process to legally notify Arbitrum DAO, treating it as a liable entity — Arbitrum DAO features a Security Council governed by ARB token holders, capable of taking emergency actions. Therefore, any member refusing cooperation could face contempt-of-court charges or other legal liabilities.

Who is Gerstein-Harrow?

Public records indicate that Gerstein-Harrow is a U.S.-based law firm headquartered in Washington, D.C., with offices in New York, Los Angeles, and Phoenix. Its partners are Charlie Gerstein and Jason Harrow.

Following PaperImperium's disclosure, prominent blockchain investigator ZachXBT quickly responded: “Gerstein-Harrow is a predatory law firm; their tactics are truly abhorrent.”

ZachXBT noted that every time a new Lazarus Group-related cyberattack emerges and associated crypto assets are frozen, this firm surfaces, claiming to represent a case tied to North Korea dating back 26 years, asserting authority to seek compensation on behalf of victims—despite the fact that this case has zero connection to the cryptocurrency industry, exploit abuse, or hacking incidents.

Beyond the current Kelp theft case, Gerstein-Harrow has previously attempted similar maneuvers in hacks involving Harmony, Bybit, and others. Even more troubling, the firm does not conduct its own investigations but instead directly leverages findings from security experts like ZachXBT before applying for asset freezes—a classic “sitting duck” strategy.

The Basis of the Injunction? A 26-Year-Old Case

As with this latest injunction request, Gerstein-Harrow’s legal basis stems from a single case they have represented—an event from 26 years ago.

The incident occurred in 2000 when Dong Shik Kim, a defector ("North Korean refugee"), disappeared without a trace. Evidence suggests he was abducted by North Korean agents and secretly returned to North Korea. In 2009, Kim’s family filed a lawsuit in the U.S. against the North Korean government, with Gerstein-Harrow serving as counsel for the victims’ relatives.

On April 9, 2015, a U.S. court ruled that Dong Shik Kim had been kidnapped by North Korean operatives and likely died after enduring torture in a North Korean prison camp. The court ordered the North Korean government to pay $330 million in damages to Kim’s family.

A U.S. law firm issuing a judgment against the North Korean government seems absurd—but at the time, media reports speculated: “While North Korea is expected to refuse payment, the lawyers will seek to seize North Korea’s assets, such as bank accounts and corporate shares.”

Pay close attention to that phrase: “lawyers will seek to seize North Korea’s assets”—this is precisely the legal foundation Gerstein-Harrow now invokes. In short, their strategy is to leverage a decades-old, already-won court ruling to claim newly discovered or recently identified North Korea-linked assets.

Under today’s sanctions regime, where are the most likely “North Korea-linked assets” to appear? Naturally, in the cryptocurrency sector—frequently targeted by hackers, and routinely blamed on Lazarus Group attacks, regardless of whether the evidence actually links to North Korea.

Thus, whenever new North Korea-associated funds are frozen—or any other on-chain assets identifiable as linked to North Korea—Gerstein-Harrow surfaces, asserting: “This money must be used to enforce the original judgment.”

This is akin to Person A winning a lawsuit over a decade ago, with a court ordering Person B to pay $1 million—but B never paid. Now, years later, authorities discover a fund linked to B. A suddenly appears and claims: “This money must go to me—I have a prior judgment.” But the issue is, this money may have just come from C, who is the actual victim directly involved.

Can This Strategy Succeed?

Industry professionals have begun offering analysis on Gerstein-Harrow’s injunction filing and its potential impact on DeFi’s efforts to patch vulnerabilities.

PaperImperium stated he doesn’t believe Gerstein-Harrow has a high chance of success in this dispute, yet they won’t leave empty-handed—given the urgent need for DeFi projects to remediate vulnerabilities, Gerstein-Harrow might exploit this situation to extract a “piece of meat” through legal pressure.

Lex_node, a crypto user who is also a lawyer, explained that this injunction constitutes a legally valid asset freeze, and its basis is not fabricated—it rests firmly within the existing U.S. enforcement framework for court judgments. Unless jurisdictional arguments succeed, Arbitrum DAO cannot access the frozen assets prior to the asset forfeiture hearing. Even if they ultimately win the right to retain the funds, they must pursue it through litigation—not unilaterally decide how to handle them. Though it sounds extreme, that’s exactly how the system works.

In summary, there appears to be a gray area within the legal system where such tactics can thrive. While Gerstein-Harrow’s claims seem far-fetched, they are technically grounded in a pre-existing judicial enforcement mechanism—a “legally compliant tool,” even if they fail to actually seize the funds. The mere act of freezing and delaying can substantially disrupt repair timelines for DeFi projects like Kelp and Aave. The core issue is that DeFi remediation is time-sensitive: the earlier the fix, the sooner protocols can resume normal operations. Gerstein-Harrow clearly anticipates this urgency and exploits it to “gaming the system” through opportunistic litigation.

As the Gerstein-Harrow injunction controversy intensifies, figures like ZachXBT have begun calling for the formation of a dedicated DAO focused on legal defense—specifically to counteract such predatory legal tactics. This may become an unavoidable lesson for the industry: as on-chain funds increasingly enter real-world legal scrutiny, code and consensus alone are no longer sufficient to build a complete defense. For all practitioners, developing resilience against off-chain legal risks is rapidly becoming a new imperative—on par with security and liquidity.

Author: Planet Daily