TLDR
- Arbitrum’s Security Council froze over 30,000 ETH (~$71M) linked to the KelpDAO exploit
- A small 12-member elected council used emergency powers to move funds into a locked wallet
- The move prevented stolen funds from being laundered but reignited debates about decentralization
- Critics argue the intervention sets a precedent for centralized control on “decentralized” networks
- Arbitrum insiders say the powers are transparent, community-elected, and were a last resort
Arbitrum’s Security Council stepped in this week to freeze more than 30,000 ETH, worth roughly $71 million, connected to an exploit targeting KelpDAO. The council transferred the funds from the attacker’s address into a wallet with no owner, effectively locking them in place.
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times,…
— Arbitrum (@arbitrum) April 21, 2026
The move was fast. According to Steven Goldfeder, co-founder of Offchain Labs, the team that built Arbitrum, the council’s first instinct was actually to do nothing. The idea to surgically isolate the funds came from within the council itself.
“The default was do nothing,” Goldfeder said. “Then this idea actually emerged — a way to do it in a very surgical way without affecting any other user.”
The intervention worked as intended. The attacker began moving and laundering remaining stolen funds within hours of the council acting, showing how tight the window was.
The Security Council is made up of 12 members elected by Arbitrum token holders every six months through on-chain voting. It holds emergency powers that can be exercised without a full community vote.
Patrick McCorry, head of research at the Arbitrum Foundation, said those powers have always been visible. “You can see exactly what powers they have,” he said, adding that members are “elected by token holders, not hand-picked by us.”
Who Controls a Decentralized Network?
The freeze has renewed a long-running argument in crypto about what decentralization actually means. In its purest form, the idea is that no single group can reverse or override a transaction once it happens — often described as “code is law.”
Critics say the intervention proves that principle doesn’t hold on Arbitrum. If a small group can act on stolen funds, that same mechanism could, in theory, be used under other circumstances — regulatory pressure, for example.
Goldfeder rejected the idea that a full token-holder vote would have been appropriate given the stakes. “The DAO cannot be consulted, because the second the DAO is consulted, that essentially means North Korea is consulted,” he said, citing investigative reports tying the attacker to state-linked actors.
Some in the community argued the decision should have gone through broader governance anyway. Arbitrum insiders pushed back, saying speed was essential and public deliberation would have tipped off the attacker.
A Tradeoff, Not a Takeover
Arbitrum’s position is that the council acts as a last-resort safeguard, not a standing authority. The transparency of its powers and its elected structure are offered as evidence that authority is delegated by the community, not seized.
“We’re no more or less decentralized today than we were yesterday,” Goldfeder said.
The frozen funds remain locked pending further governance decisions by the broader Arbitrum DAO.
