14
Onchain investigator ZachXBT has accused U.S. law firm Gerstein Harrow LLP of filing fraudulent claims over frozen crypto assets linked to North Korea’s Lazarus Group, a tactic he says directly harms the actual victims of recent exploits.
Key Takeaways:
- ZachXBT named Gerstein Harrow LLP for filing fake DPRK claims to seize $71M in frozen KelpDAO funds.
- Lazarus Group has stolen over $6 billion since 2017 and caused 76% of all 2026 crypto hack losses.
- ZachXBT has proposed a community DAO to counter the firm legally, as recovery for actual victims remains blocked.
A Legal Scheme Built on Old Judgments
The target is Gerstein Harrow LLP, a boutique litigation firm attempting to claim approximately $71 million in frozen ether ( $ETH) connected to the April 2026 KelpDAO exploit. The strategy rests on a 2015 U.S. court judgment from the Han Kim et al. case against North Korea, a ruling that stems from the abduction of a South Korean reverend in 2000 and has no direct connection to the current hack.
Lazarus Group, the North Korean state-backed hacking collective, is suspected of draining approximately $290 million from KelpDAO on April 18, 2026, by exploiting a vulnerability in its Layerzero V2 bridge. The Arbitrum Security Council responded by freezing 30,766 $ETH worth roughly $71 million in an emergency onchain action designed to prevent further laundering.
Gerstein Harrow LLP has stepped in to argue that the frozen funds should be redirected to satisfy the 2015 judgment, effectively placing its clients ahead of the actual 2026 hack victims in any recovery queue.
“Pure Evil,” ZachXBT’s Verdict
ZachXBT, whose onchain work was instrumental in building the evidence base that led to the freeze, was unsparing in his assessment. “This is a predatory U.S. law firm with a strategy that is pure evil,” he wrote on X while also criticizing the firm for leveraging research he produced.
The frustration within the crypto community is compounded by what the tactic achieves in practice as it clogs the legal recovery process, buys time for hackers to move remaining funds, and leaves genuine victims waiting. ZachXBT separately proposed that the community form a decentralized autonomous organization ( DAO) to take coordinated legal action against the firm, a suggestion that drew immediate and widespread support.
A Growing Legal Front in the Hack Wars
The broader context makes the scheme especially troubling, given that North Korea’s Lazarus Group has stolen over $6 billion in crypto since 2017, accounting for 76% of all crypto hack losses recorded so far in 2026. The KelpDAO exploit is the second major Lazarus operation within weeks, with roughly $285 million taken from Drift Protocol in early April.
As the KelpDAO fallout continues, the exploitation of frozen asset pools with unrelated legal claims introduces a new and troubling dimension to the hack recovery problem, one that will play out in courtrooms, not just on the blockchain. Whether the frozen $71 million ultimately reaches actual KelpDAO victims or gets diverted through the courts remains unresolved.
cointelegraph.com
cryptopolitan.com
1
bitcoinworld.co.in