North Korea terror victims escalate fight to seize $71 million from Aave hack

Lawyers seeking to seize $71 million in frozen ether for victims of North Korean terrorism changed their legal strategy Tuesday, arguing in a new court filing that the April 18 rsETH exploit was not theft but fraud, directly countering Aave’s attempt to void a restraining notice blocking the release of the assets.

In a 30-page opposition brief filed in the Southern District of New York, a lawyer representing the North Korean terror victims argues the exploit was not a smash-and-grab theft but a fraudulent lending transaction, and that under longstanding U.S. law, fraudsters who acquire property through deception can obtain legal title to it, even if that ownership is later reversible.

“What actually happened is that North Korea borrowed assets from users of the ‘Aave Protocol’ and did not pay it back, and when the ‘Aave Protocol’ sought to liquidate North Korea’s collateral, the ‘Aave Protocol’ unhappily discovered that the collateral was worthless,” the new filing reads.

“The law is crystal clear that a fraud victim passes title, not merely possession, to a fraudster… Charles Ponzi obtained, through his now-eponymous scheme, ‘defeasible title’ to his victims’ cash,” it continues.

The dispute traces to a cross-chain bridge exploit last month that drained roughly $230 million from Aave, the largest decentralized lending protocol by total value locked.

An attacker, widely attributed to North Korea’s Lazarus Group by forensics firms including Chainalysis and TRM Labs, minted unbacked rsETH tokens, used them as collateral on Aave’s lending markets, and borrowed real ether against the worthless deposits.

Developers tied to the Arbitrum blockchain later intercepted about $71 million before it could be cashed out.

The filing also escalates the dispute beyond New York property law, invoking the Terrorism Risk Insurance Act (TRIA), a post-9/11 federal law that allows people who win court judgments against state sponsors of terrorism to collect those judgments from any U.S.-held property belonging to the country in question.

If the court accepts that theory, Aave’s earlier arguments about New York property law may matter less.

The filing also asks whether Aave has legal standing to challenge the freeze at all, citing the company’s own terms of service, which state that it does not have “possession, custody or control” over user assets, a core aspect of decentralized finance.

Lawyers also pointed out in the filing that the affected users may not need the frozen ether at all. DeFi United, an industry-led recovery fund Aave itself is part of, has raised $327.95 million as of Tuesday morning — more than four times the disputed $71 million.

A hearing is scheduled for Wednesday, May 6, in a Manhattan federal court.