Weekly Incident Watch #2 — The Free Lunch in DeFi Is Ending (2026–05–08)

--

The Aave Lawsuit Exposes Structural Debt, and the Myth of Decentralization

Ninja Weekly Watch — 2026–05–08, by Kazuki Kaneshiro / ZKSC

Press enter or click to view image in full size

Opening — The First Test of a Prediction Made in Weekly #1

Last week, in Weekly Incident Watch #1, I wrote:

DeFi United is about to be tested. How will neutrality be ensured. How will a multi-DAO council be organized. How will legitimacy be built. These are not technical questions. They are questions of governance, politics, and responsibility.

The first test of that prediction came on May 5.

On May 4, a U.S. law firm called Gerstein Harrow LLP filed a restraining notice in the Southern District of New York. The target: 30,766 ETH (around $71M) that the Arbitrum Security Council had frozen on April 20. These were the assets DeFi United was attempting to recover for KelpDAO victims.

The next day, May 5, Aave LLC filed an emergency motion to vacate. The plaintiffs: a victims’ group holding default judgments totaling $877M+ against North Korea over terrorism cases.

What is happening, in plain terms: a group of terrorism victims is trying to seize the recovery funds that belong to DeFi victims.

But this article is not about the outcome of the courtroom battle. It reads the lawsuit as a symptom and confronts the structural debt sitting underneath it.

Two arguments.

First, DeFi has been enjoying a free lunch. It boasted about surface efficiency without paying for defense. The bill arrived for the first time with the KelpDAO event.

Second, the banner of decentralization has functioned as the rationale for that free-lunch structure. The essence of DeFi is not decentralization. It is Programmable Finance.

The prescription — “how should we pay” — is reserved for next week’s Weekly #3. Today, I lay out the problem in three pillars.

Pillar 1: The KelpDAO Court Battle — Organizing the Facts

1.1 Timeline

4/18 14:23 UTC: KelpDAO/LayerZero exploit
  - Fake DVN message mints 116,500 unbacked rsETH ($292M)
  - Deposited to Aave as collateral, ETH/USDC borrowed,
    portion bridged to Arbitrum

4/20: Arbitrum Security Council freezes 30,766 ETH ($71M)
  - Funds the attacker had not yet moved off Arbitrum
  - Transferred to a special wallet under Arbitrum DAO control4/22-30: DeFi United forms
  - Led by Aave Labs; Compound / Lido / LayerZero / EtherFi / Morpho join
  - $300M+ relief funds aggregated
  - Aave LLC (Delaware entity) takes the legal lead5/3: DeFi United technical recovery plan published
  - Restore rsETH backing → liquidate attacker positions → market normalization5/4: Gerstein Harrow LLP serves the restraining notice
5/5: Aave LLC files emergency motion to vacate

1.2 Restraining Notice — Understood Through a Bank Robbery Analogy

A restraining notice is a freezing instrument under New York State law (CPLR 5222). Without obtaining an additional court order, a creditor’s attorney can directly serve a written notice on a third party holding the debtor’s assets, freezing them. A third party who ignores the notice and moves the assets faces contempt of court.

A bank robbery analogy makes this concrete.

“A flagship branch of Megabank A is robbed. The robber stashes part of the loot in a safe-deposit box at Bank B in another jurisdiction. Bank B notices and freezes the box. Bank A, as the victim, negotiates with Bank B to return the funds. Then a third party shows up: ‘That money belongs to a criminal organization. We have a separate winning judgment against that organization. We’re claiming it.’”

In this analogy:

• The victims of the robbery = users of KelpDAO + Aave + EtherFi + Compound + Lido
• Where the loot was stashed = Arbitrum (the chain)
• The freezing custodian = Arbitrum Security Council
• The negotiating representative = Aave Labs (acting as DeFi United)
• The third-party claimant = Gerstein Harrow LLP’s clients

Arbitrum itself is not a victim. The funds happened to be on Arbitrum, so Arbitrum’s freezing power could be invoked. Aave LLC is acting as the victim representative.

1.3 The Four Disputes

Dispute 1: Who owns stolen assets?

In traditional property law, stolen items do not become the thief’s assets. The original owner’s rights are not extinguished. Therefore the ETH stolen in the KelpDAO attack still belongs to the users — that is Aave’s central argument.

The plaintiffs’ counter is sharp: “Then who, exactly, represents the original owners and brings that claim? With no individual users in court, the asset is legally unclaimed. An unclaimed ‘North Korea-linked asset’ is something we — terrorism judgment creditors — can attach.”

Dispute 2: Does TRIA apply to crypto?

TRIA (Terrorism Risk Insurance Act) Section 201 lets victims attach blocked assets of terrorist states. But “blocked assets” has traditionally meant bank accounts and real estate. Whether crypto qualifies has no precedent.

Dispute 3: Who legally represents DeFi victims?

Aave LLC is a single corporate entity. It can represent its own users, but it has no legal basis to represent all KelpDAO users globally. The plaintiffs’ strategy targets exactly this gap.

Dispute 4: Global unfairness of “U.S. court winners take all”

Logically, victim groups against North Korea anywhere in the world could file the same kind of claim. South Korea (Cheonan ship families), Japan (abductee victim families), the U.K., Germany, Canada — all have analogous standing. In practice, however, Aave LLC is a Delaware entity under U.S. court jurisdiction, so whoever wins in U.S. court takes it all. That itself is a global unfairness.

1.4 The TRM Labs “76%” Report Sets the Stage

On May 7, TRM Labs released a Q2 report: “North Korea Stole 76% of All Crypto Hack Value in 2026 — With Just Two Attacks.”

• 2026 YTD crypto theft total: about $760M
• DPRK-linked share: $577M (76%)
• The two attacks: Drift ($285M, 4/1) + KelpDAO ($292M, 4/18)
• DPRK share trajectory: 22% (2022) → 37% (2023) → 39% (2024) → 64% (2025) → 76% (2026 YTD)

This report sends an “act now” signal to plaintiffs like Gerstein Harrow LLP. The higher the proof quality of “Lazarus involvement,” the easier TRIA-style attachment becomes. Going forward, every DeFi recovery asset will carry the risk of being labeled “North Korean property.”

Pillar 2: The Anatomy of the Free Lunch — Inversion in the Numbers

2.1 Surface Problem vs. Structural Problem

On the surface, the May 5 court battle is about “Aave’s litigation outcome” and “the success or failure of KelpDAO victim recovery.”

Structurally, however, it reveals something deeper. The bills for costs DeFi has long avoided paying are now arriving.

2.2 Prevention Investment: The Numbers Are Inverted

Annual cost TradFi spends on prevention:

• AML/KYC compliance for U.S. banking: about $30B per year
• Transaction monitoring and fraud detection: hundreds of millions per major bank
• FDIC deposit insurance reserves: hundreds of billions cumulative
• Bank Secrecy Act compliance: tens of billions industry-wide

TradFi’s annual losses (fraud, cyber):

• Annual U.S. banking fraud losses: about $3–5B (before recovery)

The TradFi ratio: $30B+ in prevention vs. $3–5B in annual losses = prevention is 6–10x annual loss. This is the correct ratio. “Prevention is cheaper than after-the-fact response by orders of magnitude” is implemented in TradFi.

Now the DeFi numbers:

• Cumulative funding for top DeFi security companies (Blockaid $83M + Hypernative $68M + GoPlus + Forta + Hexagate + Chainalysis): under $1B cumulative
• Industry annual operating cost: estimated $200–300M
• 2026 YTD (4 months) crypto theft losses: $760M
• 2025 full-year crypto theft losses: $3.5B (GoPlus)

DeFi: $200–300M/year prevention vs. $3.5B annual losses = prevention is under 1/10 of losses. The ratio is fully inverted.

ItemTradFiDeFiComparisonAnnual prevention investment$30B+$200–300M100x+ gapAnnual losses$3–5B$2–3B (annualized)Same orderPrevention-to-loss ratio6–10xUnder 0.1x60–100x structural inversion

DeFi has marketed itself as “more efficient than Web2.” The truth: DeFi was not paying these prevention costs, so the apparent efficiency was a mirage. In quiet times the illusion of a free lunch holds. With the KelpDAO event, a bill of $600M-1B emerged in a single shot (direct losses $292M + DeFi United aggregation $300M+ + litigation costs + opportunity costs).

2.3 The Bill Doesn’t Disappear — It Eventually Arrives

The May 5 court battle should be read as the invoice from the free-lunch era.

DeFi did not pay defense costs. That left defense fragile, the attack landed. When recovery was attempted, a separate claimant appeared. There was no system for prevention investment. There was no institution to coordinate recovery. Everything became improvised after the fact.

This is the anatomy of the free lunch.

Pillar 3: Dismantling the Decentralization Myth

3.1 Decentralization Is Not Monolithic — It Decomposes Into Five Layers

The word “decentralization” has been used too sloppily. There are at least five distinct layers in practice.

LayerWhat is decentralizedReal valueHarm1. SettlementConsensus, finalityAtomic settlement, structural elimination of Herstatt riskLow2. Censorship resistanceInability to block executionCritical geopolitically, for human rightsUnnecessary for routine finance3. OpennessPermissionless participation, buildingInnovation velocityQuality control gap4. GovernanceDistributed decision-makingAvoids single rulerSlow decisions, diffused responsibility5. AccountabilityNo one bears responsibility(Effectively zero)Nobody invests in defense

The valuable layers are 1–3. These derive from Web3 properties — programmability, verifiability, transparency — and are structural advantages.

The problem is layers 4–5. Especially layer 5 (decentralized accountability), which is purely harmful. The root cause of the free-lunch structure lives here.

3.2 Industry’s Intellectual Dishonesty

The DeFi industry exposes a contradiction every time crisis hits. In quiet times it raises the banner of “decentralization,” “code is law,” “regulation-free.” But when an event like KelpDAO occurs, it suddenly invokes Web2’s centralized mechanisms: the Arbitrum Security Council using emergency power to freeze, Aave LLC litigating in U.S. court, DeFi United assembling for relief.

DeFi has used “decentralization in good times, centralization in bad times” to its convenience. Gerstein Harrow LLP is exploiting this contradiction legally.

3.3 The Essence of DeFi Is Programmable Finance

To consolidate.

The source of DeFi’s value is not decentralization itself. It is the ability to express financial contracts, rules, and incentive structures in code, make them public, and make them composable. That is programmability.

Decentralization is just one of the technical components supporting programmability. Only certain layers of it carry real value. Settlement decentralization, censorship resistance, openness — value. Governance decentralization, accountability decentralization — costly without commensurate value.

What’s needed is a hybrid: “centralized accountability × decentralized execution.” Accountability is centralized; execution is distributed in code. That is the coherent design.

Closing — Next Week, the Prescription

That completes Weekly #2’s diagnosis.

In summary:

• The May 5 court battle is symptomatic treatment, an extension of the TradFi solution
• The real problem is the free-lunch structure — DeFi has not paid prevention investment
• TradFi-to-DeFi prevention investment ratio is inverted by 100x or more
• The myth of decentralization has rationalized this free-lunch structure
• DeFi’s essence is not decentralization. It is Programmable Finance.

That is the diagnosis.

The prescription — “how should we pay” — comes next week, in Weekly #3.

A preview: the answer is not “imitate TradFi’s ability-to-pay model.” Because of Programmable Finance, DeFi can implement what TradFi failed to build in fifty years — a benefit-based contribution ecosystem. Transparency and verifiability remove the need for the ability-to-pay compromise.

Specifically, next week covers:

• The limits of TradFi solutions (Madoff Recovery Trustee model and others)
• The three structural barriers Web3’s properties (programmability, verifiability, transparency) can break
• The shift from ability-to-pay to benefit-based contribution
• Three implementation mechanisms: benefit-based automatic accumulation (insurance + prevention investment), Composable Track Record, and Industry-Wide Coordination

Next week, alongside follow-up on the Aave litigation, I will lay out this prescription concretely.

— Kazuki Kaneshiro / Founder, ZKSC Inc.

CTA

• Try NinjaScan: send any contract address to @NinjaScanBot
• PoC / investor / grant inquiries: [email protected]
• Whitepaper: Ninja Whitepaper

References

• BanklessTimes 5/5: Aave LLC Files Emergency Bid to Void Arbitrum’s $71M ETH Restraining Notice
• CoinDesk 5/5: DeFi lender Aave asks court to block $71 million crypto seizure
• The Defiant: Aave Asks Court to Vacate Restraining Notice
• TRM Labs: North Korea Stole 76% of All Crypto Hack Value in 2026
• The Block 5/7: North Korea accounts for 76% of 2026 crypto hack losses
• The Block: DeFi United unveils plan to restore rsETH
• Halborn Top 100 DeFi Hacks Report
• GoPlus 2025 Web3 User Security Report