Arbitrum’s Security Council intervened to immobilize more than 30,000 ETH—approximately $71 million—associated with the KelpDAO security breach. The council executed a transfer moving these assets from the attacker’s control into an ownerless wallet, creating an effective freeze.
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, …
The response came swiftly. Steven
Goldfeder, who co-founded Offchain Labs (the development team behind Arbitrum), revealed that the council initially leaned toward non-intervention. The tactical solution to quarantine the compromised funds emerged from deliberations within the council itself.
The default was do nothing, Goldfeder said. Then this idea actually emerged — a way to do it in a very surgical way without affecting any other user.
The strategy proved timely. Within hours of the council’s intervention, the perpetrator attempted to move and obfuscate the remaining stolen cryptocurrency, demonstrating how narrow the opportunity window truly was.
Arbitrum token holders elect the Security Council’s 12 members biannually through blockchain-based voting mechanisms. This body possesses emergency intervention capabilities that bypass standard community voting procedures.
Patrick McCorry, head of research at the Arbitrum Foundation, said those powers have always been visible. “You can see exactly what powers they have,” he said, adding that members are “elected by token holders, not hand-picked by us.”
The Central Question: Who Governs Decentralized Systems?
This freeze has reignited ongoing debates within cryptocurrency circles regarding the authentic meaning of decentralization. The foundational concept suggests that no centralized entity should possess the ability to reverse or alter transactions after execution—a philosophy commonly summarized as “code is law.”
Skeptics argue this intervention demonstrates that principle fails to apply within Arbitrum. If a limited group can intervene with stolen assets, that identical authority could theoretically extend to other scenarios—including responses to government regulatory demands.
Goldfeder rejected the idea that a full token-holder vote would have been appropriate given the stakes. “The DAO cannot be consulted, because the second the DAO is consulted, that essentially means North Korea is consulted,” he said, citing investigative reports tying the attacker to state-linked actors.
Certain community members maintained that broader governance participation should have occurred regardless. Arbitrum’s leadership countered that rapid action was critical and that public discussion would have compromised operational security by alerting the attacker.
Strategic Compromise, Not Authority Seizure
Arbitrum’s official stance characterizes the council as an emergency failsafe mechanism rather than ongoing oversight. The public visibility of its capabilities and its democratic election process are presented as proof that authority stems from community delegation, not unilateral assumption.
“We’re no more or less decentralized today than we were yesterday,” Goldfeder said.
The immobilized cryptocurrency remains in stasis while awaiting additional governance determinations from the complete Arbitrum DAO.
