风骚律师(加密季):一家专注于恶心朝鲜黑客受害者的律所
- Quan điểm chính: Công ty luật Mỹ Gerstein-Harrow, dựa trên một phán quyết liên quan đến Triều Tiên từ 26 năm trước, đã yêu cầu lệnh cấm đóng băng khoảng 71 triệu USD tài sản của Arbitrum DAO trong vụ hack Kelp. Hành động này có thể can thiệp vào quá trình sửa lỗi của DeFi, làm nổi bật một vấn đề mới của ngành: rủi ro pháp lý ngoài chuỗi đối với tài sản trên chuỗi.
- Các yếu tố chính:
- Công ty luật Gerstein-Harrow đã nộp đơn lên Tòa án Quận phía Nam New York yêu cầu lệnh cấm Arbitrum DAO chuyển khoảng 71 triệu USD tài sản ETH đã bị đóng băng trong vụ hack Kelp, với lý do số tiền này nên được dùng để thi hành một phán quyết bồi thường chưa được thực hiện đối với Triều Tiên.
- Yêu cầu của công ty luật này dựa trên vụ án mất tích của "người đào tẩu" năm 2000. Năm 2015, tòa án Mỹ đã phán quyết Triều Tiên phải bồi thường 330 triệu USD nhưng chưa được thi hành. Chiến lược của công ty luật là sử dụng phán quyết cũ để truy đòi các tài sản mới được phát hiện mà họ cho là của Triều Tiên, bao gồm cả số tiền bị đóng băng trong các sự cố hack tiền điện tử.
- Công ty luật này từng có các thao tác tương tự trong các vụ hack Harmony, Bybit, v.v., dựa vào kết quả điều tra của các thám tử on-chain như ZachXBT để "ra đòn sau", chứ không chủ động điều tra vụ việc.
- Phân tích trong ngành cho rằng lệnh cấm có thể có hiệu lực pháp lý tạm thời. Nếu Arbitrum DAO không hợp tác, các thành viên có thể đối mặt với rủi ro bị kết tội khinh thường tòa án. Ngay cả khi thắng kiện cuối cùng, quá trình đóng băng và kiện tụng có thể thực sự làm chậm quá trình sửa lỗi của các giao thức DeFi như Kelp, Aave.
- ZachXBT và những người khác kêu gọi thành lập các tổ chức DAO chuyên về kiện tụng để đối phó với các công ty luật độc hại. Ngành công nghiệp cần xây dựng khả năng chống lại rủi ro pháp lý ngoài chuỗi, coi đây là một vấn đề mới quan trọng ngang hàng với bảo mật và thanh khoản.
Original by Odaily Planet Daily (@OdailyChina)
Author: Azuma (@azuma_eth)
A new twist has emerged in the highly-watched "Kelp hack, Aave bad debt" saga.
Just as everyone believed the fundraising was complete and the vulnerability was about to be fully patched (see Final Fix Unveiled, The Aave Bad Debt Saga Nears Its End), a law firm has targeted the funds intended to cover this incident with an injunction the entire crypto community never saw coming.
On May 2nd, MegaETH lead PaperImperium disclosed an official document from the U.S. District Court for the Southern District of New York on X. The document shows that a law firm named Gerstein-Harrow has filed an injunction application with the court, requesting that Arbitrum DAO be barred from transferring the approximately $71 million in ETH assets previously frozen in the Kelp hack. Their stated reason is that "these funds should be used to satisfy outstanding judgment awards against North Korea for years of involvement in terrorism, kidnapping, and other cases."
- Odaily Note: The original injunction document can be viewed here.
Gerstein-Harrow has applied to serve legal notice to Arbitrum DAO via alternative service, treating it as an accountable organization. Arbitrum DAO has a Security Council governed by ARB holders, capable of taking action in emergencies. Therefore, if relevant members refuse to comply, they could face legal liabilities such as contempt of court.
Who is Gerstein-Harrow?
Public records show that Gerstein-Harrow is a U.S. law firm headquartered in Washington, D.C., with offices in New York, Los Angeles, and Phoenix. Its partners are Charlie Gerstein and Jason Harrow.
Following PaperImperium's statements, renowned on-chain investigator ZachXBT quickly added: "Gerstein-Harrow is a predatory law firm, and their tactics can be described as quite malicious."
ZachXBT mentioned that every time there's a new incident involving North Korean hackers (Lazarus Group) where crypto assets are frozen, this law firm appears, claiming to represent a North Korea-related case from 26 years ago and having the right to file claims against North Korea on behalf of victims... But clearly, this case has absolutely nothing to do with the crypto industry, the exploit, or the hacking incident.
Beyond the current Kelp theft, Gerstein-Harrow has attempted similar operations in hacks involving Harmony, Bybit, and others. Even more absurdly, Gerstein-Harrow itself doesn't actively conduct investigations; instead, it directly leverages the investigative findings of industry security experts like ZachXBT before applying for freezes, playing the "mantis stalks the cicada, unaware of the oriole behind" game.
The Basis for the Injunction: A 26-Year-Old Case
Including this current injunction, Gerstein-Harrow's applications are based on a case they represent that is 26 years old.
This incident occurred in the year 2000. "Defector" Dong Shik Kim disappeared that year and has never been heard from since. Clues suggested that Dong Shik Kim was allegedly kidnapped by North Korean agents and secretly taken back to North Korea. Subsequently, in 2009, Dong Shik Kim's family sued the North Korean government in the U.S. over this incident, with Gerstein-Harrow representing the victim's relatives.
On April 9, 2015, a U.S. court ruled on the case, finding that Dong Shik Kim was kidnapped by North Korean agents and likely died after being tortured in a North Korean prison camp. The court ordered the North Korean government to pay $330 million in damages to Dong Shik Kim's family.
An American law firm ordering the North Korean government to pay compensation sounds quite absurd... Media reports at the time even noted: "North Korea is not expected to pay the damages, but lawyers will seek to seize North Korea's assets, such as bank accounts and corporate shares."
Note this phrase: "lawyers will seek to seize North Korea's assets" – this is the "basis" Gerstein-Harrow claims. Simply put, Gerstein-Harrow's strategy is to take a court judgment won long ago and use it to pursue North Korea-related assets that are only now being discovered or appearing.
And in the current sanction environment, where are the so-called "North Korean assets" most likely to appear? Naturally, it's the frequently hacked cryptocurrency industry, where the industry is already accustomed to "blaming" North Korean hackers – it remains unclear whether these incidents are indeed the work of North Korean hackers...
So, whenever new funds linked to North Korea are frozen in the industry, or other on-chain identifiable assets related to North Korea appear, Gerstein-Harrow emerges, claiming "this money should be used to execute the judgment from back then."
This is akin to person A winning a lawsuit over a decade ago, with the court ordering person B to pay $1 million in compensation. B kept dragging their feet. Now, suddenly, law enforcement seizes funds related to B. A then pops up saying "this money is mine, I have the prior judgment." The problem is, this money might be funds B just obtained from person C, where C is the directly related victim...
Will This Maneuver Succeed?
Regarding the injunction application submitted by Gerstein-Harrow and whether it will affect DeFi's vulnerability patching process, industry professionals have also offered their analyses and judgments.
PaperImperium stated that he doesn't believe Gerstein-Harrow has a high probability of winning this dispute, but making them walk away empty-handed might also be difficult. Considering the urgency in the DeFi industry to patch vulnerabilities, Gerstein-Harrow might use this opportunity to forcefully extort "a pound of flesh."
Cryptocurrency user and lawyer @lex_node stated that this injunction is effectively a legally binding asset freeze. Its basis is not fabricated out of thin air but is built upon the existing U.S. judgment enforcement system. Unless certain jurisdictional arguments succeed, Arbitrum DAO currently cannot use the frozen funds before the asset disgorgement hearing. Even if they ultimately win the right to retain the funds, they should fight for it through litigation, not decide how to handle it on their own. It sounds exaggerated, but that's the situation...
In summary, there appears to be a gray area for maneuvering within the bounds of the system. Gerstein-Harrow's claim seems absurd, but it is a "legitimate tool" based on the existing judgment enforcement framework. Even if they ultimately cannot actually take the funds, they can effectively disrupt the recovery process for DeFi projects like Kelp and Aave through freezing and delays. The problem is that DeFi recovery is highly time-sensitive. Completing the fix a day earlier allows the protocol to resume normal operations a day sooner. Gerstein-Harrow may have precisely targeted this aspect to choose to "ambush" this situation.
As the Gerstein-Harrow injunction incident unfolds, industry figures like ZachXBT have begun calling for the establishment of a DAO focused on judicial litigation to counter malicious extortion by such unscrupulous law firms. This might be a lesson the industry is forced to learn – as on-chain funds frequently enter the purview of real-world judiciary, relying solely on code and consensus is no longer sufficient to build a complete line of defense. For all practitioners, developing the ability to counter off-chain legal risks is becoming a new imperative, as crucial as security and liquidity.
