- ZachXBT accused Gerstein Harrow LLP of filing fraudulent claims over frozen crypto assets linked to North Korea’s Lazarus Group.
- The firm is attempting to claim approximately $71 million in frozen ETH connected to the April 2026 KelpDAO exploit.
- Lazarus Group has stolen over $6 billion in crypto since 2017 and caused 76% of all 2026 crypto hack losses.
Onchain investigator ZachXBT has accused U.S. law firm Gerstein Harrow LLP of filing fraudulent claims over frozen crypto assets linked to North Korea’s Lazarus Group Bitcoin News reports. The boutique litigation firm is attempting to claim approximately $71 million in frozen ether connected to the April 2026 KelpDAO exploit.
The strategy rests on a 2015 U.S. court judgment from the Han Kim et al. case against North Korea, a ruling that stems from the abduction of a South Korean reverend in 2000 and has no direct connection to the current hack. Gerstein Harrow LLP has stepped in to argue that the frozen funds should be redirected to satisfy the 2015 judgment, effectively placing its clients ahead of the actual 2026 hack victims in any recovery queue.
Lazarus Group, the North Korean state-backed hacking collective, is suspected of draining approximately $290 million from KelpDAO on April 18, 2026, by exploiting a vulnerability in its Layerzero V2 bridge TechCrunch reports. The Arbitrum Security Council responded by freezing 30,766 ETH worth roughly $71 million in an emergency onchain action designed to prevent further laundering.
Legal Predation on Frozen Assets
ZachXBT, whose onchain work was instrumental in building the evidence base that led to the freeze, was unsparing in his assessment. “This is a predatory U.S. law firm with a strategy that is pure evil,” he wrote on X while also criticizing the firm for leveraging research he produced. The frustration within the crypto community is compounded by what the tactic achieves in practice as it clogs the legal recovery process, buys time for hackers to move remaining funds, and leaves genuine victims waiting.
ZachXBT separately proposed that the community form a decentralized autonomous organization to take coordinated legal action against the firm, a suggestion that drew immediate and widespread support. The broader context makes the scheme especially troubling, given that North Korea’s Lazarus Group has stolen over $6 billion in crypto since 2017, accounting for 76% of all crypto hack losses recorded so far in 2026 Gizmodo reports.
The KelpDAO exploit is the second major Lazarus operation within weeks, with roughly $285 million taken from Drift Protocol in early April. April 2026 was the worst month on record for crypto hacks with $651 million in losses across 29 incidents tracked by crypto data provider DefiLlama. Drift and Kelp DAO combined for $579 million in losses, representing nearly 89% of the monthly total.
Courtroom Battle Over Recovery
As the KelpDAO fallout continues, the exploitation of frozen asset pools with unrelated legal claims introduces a new and troubling dimension to the hack recovery problem, one that will play out in courtrooms, not just on the blockchain Bitcoin News notes. Whether the frozen $71 million ultimately reaches actual KelpDAO victims or gets diverted through the courts remains unresolved.
The tactic effectively places unrelated claimants ahead of actual hack victims in any recovery queue, creating a perverse incentive structure that rewards legal opportunism over victim restitution. This pattern could become more common as crypto hacks grow larger and more frequent, with law firms increasingly viewing frozen asset pools as targets for unrelated judgments.
North Korean hackers stole more than $2 billion in crypto last year alone, and the regime’s total haul since 2017 approaches $6 billion. The Lazarus Group has become the most prolific crypto hacking operation in history, with sophisticated techniques that continue to evade even the most advanced security measures.
Gerstein Harrow LLP did not respond to requests for comment.