Leading decentralized lending platform Aave has asked a U.S. federal court to block an attempt by victims of North Korean terrorism to seize about $71 million in crypto frozen after last month’s rsETH-related exploit, escalating a dispute that has already split Arbitrum’s governance.

The filing, submitted Monday in the Southern District of New York, seeks to vacate a restraining notice served on Arbitrum DAO by lawyers representing judgment creditors of the Democratic People’s Republic of Korea. Aave argues the assets belong to users of its protocol, not North Korea, and warns that keeping them frozen risks “irreparable harm” to the platform and the broader DeFi ecosystem.

At the center of the fight is 30,765 ETH that Arbitrum’s Security Council froze after the April exploit, when attackers used improperly valued or unbacked rsETH as collateral on Aave, contributing to a situation that the plaintiffs allege resulted in approximately $230 million in ETH being withdrawn from the Aave Protocol. Some of those funds were later intercepted and immobilized on Arbitrum, with plans to return them to affected users as part of a coordinated recovery effort.

The dispute centers on whether stolen property briefly held by hackers becomes their legal property.

The plaintiffs, three sets of judgment creditors holding $877 million in damages awards against North Korea, argue it does — and that's because the rsETH attackers are widely believed to be linked to Pyongyang's Lazarus Group, the recovered ether can be claimed against those decades-old judgments.

Aave's lawyers call that theory "flatly wrong" and warn it would punish blameless users while rewriting basic property law.

Aave’s motion challenges that theory directly. The filing argues the restrained ETH “belong[s] to completely blameless third parties,” not to North Korea, and that even if a thief briefly held the assets, that does not confer legal ownership.

It also disputes the underlying attribution, calling claims that the exploit was carried out by DPRK actors “conjecture” based on unverified reports.

Aave is asking the court to immediately lift the restraining notice, or at a minimum to suspend it while the case is heard.

Aave says keeping the funds frozen via the restraining notice could deepen losses and destabilize DeFi markets already strained by the exploit. The filing warns this “increases the likelihood of cascading liquidations, sustained liquidity outflows, and irreversible changes to user positions,” a chain reaction the industry has been trying to avoid for two weeks.

The outcome could have consequences far beyond this case. If courts allow seized or recovered crypto to be claimed by outside creditors, it could deter future rescue efforts and complicate how the industry responds to hacks, where speed and coordination are often the only tools to limit damage.