BTC
ETH
HTX
SOL
BNB
View Market
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt
Home
News
Pro
Articles
Trending
Topics
Events
Views
Tools
Download
Settings
Theme Switch
Login

Better Call Saul (Crypto Edition): A Law Firm Specializing in Tormenting North Korean Hackers' Victims

Azuma
Odaily资深作者
@azuma_eth
2026-05-04 03:46
This article is about 2680 words, reading the full article takes about 4 minutes
Using a 26-year-old case to target today's stolen funds...
AI Summary
Expand
  • Core Thesis: U.S. law firm Gerstein-Harrow, relying on a 26-year-old judgment against North Korea, seeks a restraining order to freeze approximately $71 million worth of funds in the Kelp hack held by the Arbitrum DAO. This could potentially interfere with the DeFi vulnerability remediation process, highlighting an emerging industry issue: on-chain assets facing off-chain judicial risks.
  • Key Elements:
    1. Gerstein-Harrow filed for a restraining order in the U.S. District Court for the Southern District of New York, requesting that the Arbitrum DAO be prohibited from moving approximately $71 million in ETH assets frozen in the Kelp hack, arguing the funds should be used to satisfy an outstanding judgment against North Korea.
    2. The firm's application is based on a 1999 disappearance case concerning a North Korean defector. In 2015, a U.S. court ordered North Korea to pay $330 million in damages, a judgment that remains unsatisfied. The firm's strategy is to use the older judgment to pursue newly discovered so-called "North Korean assets," including funds frozen in crypto industry hacks.
    3. The firm has previously employed similar tactics in the Harmony, Bybit, and other hacks, relying on the investigative work of on-chain sleuths like ZachXBT to "strike after the fact" rather than proactively investigating cases.
    4. Industry analysts suggest the injunction could have temporary legal force. If the Arbitrum DAO fails to comply, its members could face contempt of court risks. Even if the DAO ultimately prevails, the freezing and litigation process could substantially delay the remediation of DeFi protocols like Kelp and Aave.
    5. ZachXBT and others are calling for the creation of a specialized DAO focused on litigation to combat malicious law firms. The industry needs to build the capability to counter off-chain legal risks, seeing this as a new priority on par with security and liquidity.

Original by Odaily Planet Daily (@OdailyChina)

Author|Azuma (@azuma_eth)

The highly anticipated "Kelp hack, Aave bad debt" incident has taken another turn.

Just as everyone believed the fundraising was complete and the vulnerability was about to be fully resolved (see details in Final Fix Plan Unveiled, Aave Bad Debt Saga Nears Conclusion), a law firm has targeted the funds intended to plug the hole with an injunction that no one in the entire cryptocurrency community had anticipated.

On May 2, MegaETH lead PaperImperium disclosed an official document from the U.S. District Court for the Southern District of New York on X. The document shows that a law firm named Gerstein-Harrow has filed an injunction application with the court, requesting that Arbitrum DAO be barred from transferring approximately $71 million in ETH assets previously frozen in connection with the Kelp hacker incident. The firm argues that "these funds should be used to enforce outstanding judgment damages against North Korea for cases involving terrorism, kidnapping, and others over the years."

  • Odaily Note: The original injunction document can be viewed here.

Gerstein-Harrow has applied to serve legal notice to Arbitrum DAO via alternative means, treating it as an accountable organization. Arbitrum DAO has a Security Council governed by ARB holders, capable of taking action in emergencies. Therefore, if relevant members refuse to cooperate, they may face legal consequences such as contempt of court.

Who is Gerstein-Harrow?

Public records show that Gerstein-Harrow is a U.S. law firm headquartered in Washington, D.C., with offices in New York, Los Angeles, and Phoenix. Its partners are Charlie Gerstein and Jason Harrow.

Following PaperImperium's disclosure, renowned on-chain detective ZachXBT promptly commented: "Gerstein-Harrow is a predatory law firm, and their strategy is frankly quite egregious."

ZachXBT noted that every time a new incident involving North Korean hackers (Lazarus Group) occurs and crypto assets are frozen, this law firm emerges, claiming to represent a case against North Korea from 26 years ago, asserting the right to claim compensation on behalf of victims... But clearly, this case has absolutely nothing to do with the crypto industry, the exploit, or the hack.

Beyond the Kelp incident, Gerstein-Harrow has attempted similar maneuvers in hacks involving Harmony, Bybit, and others. More absurdly, Gerstein-Harrow does not conduct its own investigations but instead leverages the findings of industry security experts like ZachXBT to file freezing orders, playing "the mantis stalking the cicada, unaware of the oriole behind."

The Injunction's Basis: A 26-Year-Old Case

Including this injunction, Gerstein-Harrow's applications are based on a case they represent that is 26 years old.

The incident dates back to 2000, when North Korean defector Dong Shik Kim disappeared and was never heard from again. Clues suggested that Kim was allegedly abducted by North Korean agents and secretly taken back to North Korea. Subsequently, in 2009, Kim's family sued the North Korean government in the U.S. on these grounds, with Gerstein-Harrow acting as the victims' legal representatives.

On April 9, 2015, a U.S. court ruled on the case, finding that Dong Shik Kim was abducted by North Korean agents and likely died after torture in a North Korean prison camp. The court ordered the North Korean government to pay $330 million in damages to Kim's family.

It sounds quite absurd for a U.S. law firm to secure a judgment ordering the North Korean government to pay compensation... Accordingly, media reports at the time stated: "North Korea is not expected to pay the damages, but the lawyers will seek to seize North Korean assets, such as bank accounts and corporate shares." 

Note that phrase: "the lawyers will seek to seize North Korean assets." This is the purported "basis" of Gerstein-Harrow's claim. Simply put, Gerstein-Harrow's strategy is to use a long-ago won court judgment to pursue assets related to North Korea that emerge or are discovered now.

And in the current sanctions environment, where are so-called "North Korean assets" most likely to appear? Naturally, it's the frequently hacked cryptocurrency industry, which has routinely "blamed" North Korean hackers – whether or not these incidents are actually the work of North Korean hackers remains uncertain...

Thus, whenever new North Korean-linked funds are frozen in the industry, or other on-chain identifiable assets associated with North Korea appear, Gerstein-Harrow emerges, claiming "this money should be used to enforce the old judgment."

This is akin to A winning a lawsuit a decade ago, with the court ordering B to pay 1 million, but B delaying payment. Now, when police suddenly seize funds related to B, A jumps up and says, "This money should be mine; I have a prior judgment." The problem is, this money might have just been obtained by B from C, the directly affected victim...

Can This Maneuver Succeed?

Regarding Gerstein-Harrow's injunction application and its potential impact on DeFi's vulnerability repair progress, industry experts have offered their analyses and judgments.

PaperImperium commented that he doesn't believe Gerstein-Harrow has a high probability of winning this dispute, but it might also be difficult to send them away empty-handed. Given the urgency within the DeFi industry to fix vulnerabilities, Gerstein-Harrow might use this opportunity to forcefully extort a "pound of flesh."

Crypto user and lawyer @lex_node stated, This injunction is a legally effective asset freeze in form, and its basis is not fabricated out of thin air but rests on the existing U.S. judgment enforcement system. Unless certain jurisdictional arguments succeed, Arbitrum DAO currently cannot use the frozen funds before an asset disgorgement hearing – even if they ultimately win the right to retain the funds, they should fight for it through litigation, not decide on their own how to handle it. As outlandish as it sounds, that's the situation...

In summary, there appears to be a gray area permissible within the system. Gerstein-Harrow's claim, while seemingly absurd, is a "legal tool" built upon the existing judgment enforcement framework. Even if they ultimately cannot take the funds, they can significantly disrupt the repair process for DeFi projects like Kelp and Aave through freezing and delays. The issue lies in the time-sensitive nature of DeFi repairs. Completing the fix a day earlier allows the protocol to resume normal operations sooner. Gerstein-Harrow may have precisely targeted this vulnerability to "pick a fight."

As the Gerstein-Harrow injunction saga unfolds, industry figures like ZachXBT have begun calling for the establishment of a litigation-focused DAO to counter such malicious extortion by unscrupulous law firms. This may be an unavoidable lesson for the industry – as on-chain funds increasingly enter the purview of real-world judiciary systems, relying solely on code and consensus is no longer sufficient to build a complete line of defense. For all practitioners, learning how to build resilience against off-chain legal risks is becoming a new imperative, on par with security and liquidity.

Safety
DeFi
DAO
Arbitrum
Welcome to Join Odaily Official Community
Subscription Group
https://t.me/Odaily_News
Chat Group
https://t.me/Odaily_GoldenApe
Official Account
https://twitter.com/OdailyChina
Chat Group
https://t.me/Odaily_CryptoPunk
Search
Article Catalog
Author Library
Azuma
@azuma_eth
DeFi Hacked Again for $292 Million, Is Even Aave No Longer Safe?
Jeff Yan's "Hyper Life"
The Man Who Shilled SOL the Loudest Exits the Crypto World
Article Ranking
Daily
Weekly
Elon Musk vs. OpenAI Trial Day One: The Veneer of Idealism Is Torn Away
Elon Musk vs. OpenAI Trial Day One: The Veneer of Idealism Is Torn Away
Powell Bows Out But Stays On, Trump’s Rate Cut Hopes May Be Dashed
The most comprehensive review of eight Pre-IPO platforms: Which offer real equity, and which are mirror notes?
ArkStream Capital 2026 Q1 Report: Structural Purge of the Crypto Industry Amid Geopolitical Conflict and Liquidity Ebb
Encrypted Bear Market Entrepreneurship Guide Vol. 3: Prediction Market AI Copy Trading Bot
Download Odaily App
Let Some People Understand Web3.0 First
IOS
Android
About Us
Contact Us
Join Us
Friendly Links
Advertising Cooperation
User Agreement
Privacy Policy
Disclaimer
Odaily Brand Media Kit | Official Logo & Visual Guidelines
Hainan Modi Culture Media Co., Ltd.
琼ICP备 2022000863号