NY Judge Postpones Hearing on Aave’s Bid to Unlock $71M in Frozen ETH Tied to the Kelp DAO Hack

May 14, 2026

NY Judge Postpones Hearing on Aave’s Bid to Unlock $71M in Frozen ETH Tied to the Kelp DAO Hack

A fast-moving DeFi security crisis has now entered a slower-moving venue: a New York federal courtroom.

On May 14, 2026, U.S. District Judge Margaret M. Garnett (Southern District of New York) issued an order that effectively pushes back a near-term decision on Aave’s emergency request involving roughly $71 million worth of ETH that had been immobilized on Arbitrum after the Kelp DAO rsETH exploit—one of the largest DeFi incidents seen this year. For background reporting, see Cointelegraph’s coverage of the delay in proceedings and the new June schedule in its article on the case: NY judge pushes back hearing for Aave’s bid to unfreeze $71M in ETH.

Below is what happened, why it matters for Ethereum users and DeFi markets, and what security lessons are emerging for anyone who lends, borrows, or bridges assets onchain.

What the court is actually deciding (and what it isn’t)

This dispute is not a simple “release the funds to victims” scenario.

After the Kelp DAO hack, a pool of ETH on Arbitrum—often described as immobilized or frozen—became central to recovery plans. Aave’s position is that this ETH should be usable to support orderly remediation and reduce knock-on effects such as liquidations. Meanwhile, a U.S. law firm Gerstein Harrow LLP sought a restraining notice asserting its clients have legal rights to the same assets, which creates a legal blockade around onchain recovery actions.

Judge Garnett’s May 13, 2026 order (filed on the docket the week of the reporting) lays out the court’s reasoning and next steps, including a request for supplemental briefing on multiple legal questions before the next hearing date. You can read the primary document here: SDNY order requesting supplemental briefing (PDF).

Importantly, the court is not ruling on whether DeFi should be “reversible” in principle. It’s weighing priority of claims, the nature of hacking transactions under New York law, and what remedies (if any) can fairly allocate disputed digital assets when multiple parties allege entitlement.

Timeline: from exploit to June 5 hearing

The dates matter because Aave framed its motion as an emergency aimed at preventing cascading harm.

  • April 18, 2026: Kelp DAO’s rsETH incident occurs, with losses widely estimated around $293 million (numbers vary by source and methodology).
  • Early May 2026: The restraining notice is served, limiting what can be done with the immobilized ETH.
  • May 6, 2026: Oral arguments take place (referenced in the court’s May 13 order).
  • May 8, 2026: The court issues an order that permits an onchain Arbitrum DAO vote to transfer immobilized assets to a wallet controlled by Aave LLC—while still keeping legal restrictions attached after transfer. Primary document: May 8, 2026 order modifying the restraining notice (PDF).
  • May 22, 2026: Deadline for both sides to submit supplemental briefs (per Cointelegraph and the court order).
  • June 5, 2026: The rescheduled hearing date.

This sequencing underscores a recurring reality in crypto asset recovery: technical containment can happen in minutes, but legal finality can take weeks or months.

Why the judge wasn’t persuaded by Aave’s “compounding loss” argument (yet)

Aave warned that if the immobilized ETH remained locked, market volatility could trigger liquidations and amplify losses—potentially spreading stress across DeFi.

Judge Garnett did acknowledge the possibility of near-term harm to protocol users, but concluded Aave had not sufficiently shown that the feared “compounding” damage was actual and imminent, rather than speculative, based on the record before the court at that time. The reasoning appears in the May 13 order, which also discusses emergency-relief standards and why the current evidentiary showing did not justify immediate action: SDNY supplemental briefing order (PDF).

For DeFi users, the key takeaway is not that liquidation risk is imaginary—it’s that courts need concrete causal chains: how exactly a restraining notice leads to liquidation cascades, why those cascades are unavoidable without the funds, and why other mitigation steps are insufficient.

The six questions the court wants answered (and why DeFi should care)

Judge Garnett ordered both sides to brief several complex issues. These aren’t just courtroom technicalities—they map directly onto future DeFi recovery playbooks.

High-level themes include:

  1. Whether hacking transactions are governed by New York’s “shelter” principle (and how that interacts with the good-faith obligations in the UCC framework as cited by the court).
  2. Fraud vs. theft: whether the distinction matters when assessing what legal interest a hacker might obtain in stolen assets.
  3. Which law determines creditor priority over the immobilized ETH and how claims rank against one another.
  4. Whether a constructive trust is an appropriate remedy for digital assets in this context.
  5. Operational feasibility: whether Aave or Arbitrum can identify victims and distribute proceeds pro rata.
  6. Practical enforcement questions that determine whether any judicial remedy can be translated into an onchain process without creating new harms.

These issues will likely echo well beyond this case, because they touch the uncomfortable intersection of permissionless execution and permissioned enforcement.

Even as the court asks for more briefing, the Kelp DAO and Aave teams have moved forward with technical remediation steps.

Aave’s governance forum has posted ongoing operational updates tied to the incident and the rollback of precautionary parameters across deployments. One example (with concrete steps and timestamps) is the governance thread on restoring WETH configuration and unfreezing actions across Aave V3 instances: WETH unfreeze and LTV restoration across Aave V3.

In parallel, industry research has highlighted how this exploit surfaced broader systemic risks—especially around bridges and cross-chain messaging assumptions. Galaxy’s write-up frames the event as a stress test for DeFi’s “credibly neutral” narrative and for rollup governance trade-offs: KelpDAO/LayerZero exploit analysis by Galaxy Research.

What this case signals for DeFi in 2025–2026: security, governance, and “bounded intervention”

Crypto users have been debating for years whether DeFi should be able to freeze assets. The reality in 2025–2026 is more nuanced:

  • As Ethereum L2 ecosystems mature, many security models still retain emergency powers (councils, guardians, pausers, or upgrade paths). Those controls can be lifesaving in a crisis—but they also create governance and legitimacy questions.
  • Cross-chain and restaking-adjacent designs introduce composability risk that looks nothing like a classic smart contract bug. A bridge message that “should be true” can become the single point of failure for multiple protocols downstream.
  • The industry’s push toward “low-risk DeFi” as a core Ethereum use case (a theme widely discussed since 2025) runs directly into these realities. A good reference point is Vitalik Buterin’s 2025 essay on the topic, which Galaxy also cites: Low-risk DeFi can be for Ethereum what search was for Google.

The practical direction of travel is clear: bounded intervention—with transparent processes, narrow scopes, and auditable controls—will likely be seen more often, not less, especially when nine-figure losses are at stake.

What users can do now: a practical checklist

If you use lending protocols, L2s, or liquid restaking tokens, this incident and the court dispute offer a timely reminder to tighten personal risk controls:

  1. Reduce leverage during unresolved incidents
    If collateral pricing or redemption mechanics can change (haircuts, re-pegs, contract pauses), leverage becomes fragile.

  2. Track protocol communications from primary channels
    Prefer governance forums, post-mortems, and onchain transaction references over screenshots and reposts. For Aave-specific remediation actions, the governance forum is usually the best starting point: Aave Governance.

  3. Treat bridges and cross-chain assets as a distinct risk class
    Even if the lending market is audited, the collateral’s “backing truth” may depend on external verification systems.

  4. Use self-custody to avoid secondary platform risk
    When legal disputes or emergency parameter changes happen, you want the option to act quickly—without withdrawal queues or account-level restrictions.

Where a hardware wallet fits: minimizing signing risk during chaotic events

During exploit-driven volatility, phishing and malicious contract prompts surge. If you are interacting with Aave, Arbitrum, or recovery-related contracts, a hardware wallet can help reduce key-extraction and blind-signing risks.

OneKey is designed for active onchain users who want a secure, self-custodial workflow (including robust transaction confirmation and a security-first user experience). In moments like this—when governance votes, emergency transactions, and contract interactions happen fast—keeping keys offline and carefully verifying what you sign can be the difference between “contained risk” and a second loss event.

This article is for informational purposes only and does not constitute legal or financial advice.

Secure Your Crypto Journey with OneKey

View details for Shop OneKeyShop OneKey

Shop OneKey

The world's most advanced hardware wallet.

View details for Download AppDownload App

Download App

Scam alerts. All coins supported.

View details for OneKey SifuOneKey Sifu

OneKey Sifu

Crypto Clarity—One Call Away.