Key Takeaways
- Over 30,000 ETH (approximately $71M) connected to the KelpDAO hack was frozen by Arbitrum’s Security Council
- An elected 12-person council deployed emergency authority to transfer stolen assets into an ownerless wallet
- The rapid response stopped the attacker from laundering funds but sparked controversy over network centralization
- Skeptics warn this action establishes a dangerous precedent for centralized intervention on supposedly decentralized platforms
- Arbitrum representatives maintain the powers are community-approved, transparent, and used only in extreme circumstances
In a swift and controversial move this week, Arbitrum’s Security Council intervened to freeze more than 30,000 ETH—valued at approximately $71 million—linked to a major exploit targeting KelpDAO. The council executed the operation by moving the funds from the hacker’s address into an ownerless wallet, effectively rendering them inaccessible.
The decision was made rapidly. Steven Goldfeder, co-founder of Offchain Labs—the development team behind Arbitrum—revealed that the council initially leaned toward non-intervention. The creative solution to isolate the compromised funds emerged from discussions within the council itself.
“The default was do nothing,” Goldfeder explained. “Then this idea actually emerged — a way to do it in a very surgical way without affecting any other user.”
The timing proved critical. Within hours of the council’s action, the attacker attempted to move and launder the remaining stolen assets, demonstrating just how narrow the response window had been.
The Security Council comprises 12 individuals elected by Arbitrum token holders in biannual on-chain elections. This body possesses emergency authority that can be activated without requiring a comprehensive community referendum.
Patrick McCorry, research director at the Arbitrum Foundation, emphasized that these powers have never been hidden. “You can see exactly what powers they have,” he noted, stressing that council members are “elected by token holders, not hand-picked by us.”
The Decentralization Dilemma
This freeze has reignited a fundamental debate within the cryptocurrency community about the true meaning of decentralization. At its core, decentralization suggests that no individual entity or small group should possess the ability to reverse or alter transactions after they occur—a concept often summarized as “code is law.”
Skeptics argue that this intervention fundamentally undermines that principle on Arbitrum. If a limited group can act decisively on stolen assets, the same mechanism could theoretically be deployed under different circumstances—perhaps in response to regulatory demands or political pressure.
Goldfeder dismissed suggestions that a comprehensive token-holder vote would have been feasible under the circumstances. “The DAO cannot be consulted, because the second the DAO is consulted, that essentially means North Korea is consulted,” he stated, referencing investigative evidence linking the attacker to state-sponsored actors.
Some community members maintained that broader governance participation should have occurred regardless of the risks. Arbitrum representatives countered that immediate action was imperative and that public deliberation would have alerted the attacker to the planned intervention.
Emergency Powers vs. Centralized Control
Arbitrum’s leadership frames the Security Council as an emergency failsafe mechanism rather than a permanent governing body. They point to the transparency of its powers and its election-based structure as proof that authority is granted by the community rather than centrally imposed.
“We’re no more or less decentralized today than we were yesterday,” Goldfeder asserted.
The locked funds remain frozen awaiting additional governance decisions from the wider Arbitrum DAO community.
