coindesk.com
The Arbitrum Security Council moved swiftly this week to contain the fallout from the KelpDAO exploit, touting the emergency “freeze” of more than 30,000 ETH linked to the attacker as a win for user protection.
But beneath the language of containment, the intervention has reopened one of crypto’s oldest and most uncomfortable debates: What decentralization actually means when a group of people can step in and override outcomes for a network after the fact.
At the center of the debate is the role of Arbitrum’s Security Council, a small, elected group chosen by token holders every 6 months, empowered to act in emergencies. In this case, it exercised those powers to take control of funds associated with the exploit, effectively locking them away pending further governance decisions.
Supporters see this as a system working as intended, preventing tens of millions of dollars from being laundered and buying time for potential recovery. Critics, however, argued the move underscores a different reality: That even in ostensibly decentralized systems, ultimate control can still rest with a handful of actors.
For Arbitrum insiders, however, the decision was far from a reflexive intervention. According to Steven Goldfeder, co-founder of Offchain Labs, the company that originally created and supports Arbitrum, the starting point was inaction.
“The default was do nothing,” Goldfeder said to CoinDesk, describing the early stages of the Security Council’s deliberations. “Then this idea actually emerged [from a security council member]… a way to do it in a very surgical way… without affecting any other user, not affecting the network performance and not having any downtime.”
The result was what Arbitrum has described as a “freeze.” But technically, the move required something more active: The use of privileged powers to transfer funds out of the attacker-controlled address and into a wallet with no owner, effectively rendering them immobile.
That distinction is at the heart of the decentralization debate. In its purest form, decentralization implies that no individual or group can unilaterally interfere with transactions once they are executed, often summed up by the phrase “code is law.” Critics worry that if a small group can step in to stop a hacker, the same mechanism could, in theory, be used in other situations as well, whether under regulatory pressure or political influence.
In simpler terms, the concern is less about this specific case and more about precedent: If intervention is possible, where is the line drawn, and who decides?
That capability, now demonstrated in practice, raises broader questions about the boundaries of decentralization on Layer 2 blockchains, and the tradeoff between security and neutrality.
While the Security Council is elected by token holders, it is still a relatively small group capable of acting quickly and, in this case, decisively.
Patrick McCorry, the head of research at the Arbitrum Foundation and who coordinates with the Security Council, emphasized that this structure is by design.
The Security Council is “a very transparent part of the system,” according to McCorry; “You can see exactly what powers they have.” In addition, he said, “they’re elected by token holders… not hand-picked by us [Arbitrum Foundation + Offchain Labs].”
Currently, the Security Council is selected through recurring on-chain elections, with token holders voting every six months to appoint its 12 members
From that perspective, Arbitrum’s model reflects a different interpretation of decentralization, one where authority is delegated by the community, rather than eliminated entirely.
Some critics have argued that a decision of this magnitude should have gone through token-holder governance. But Goldfeder pushed back on that idea, arguing that speed and discretion were essential.
“The DAO cannot be consulted, because the second the DAO is consulted, that essentially means North Korea is consulted,” he said, referring to ongoing investigative efforts suggesting the attacker’s ties.
“If you say, ‘hey guys, should we move these funds?’ then you might as well do nothing," he said.
In that framing, the choice was not between decentralized and centralized decision-making, but between acting quickly or allowing the funds to disappear. Indeed, the attackers began moving and laundering the remaining stolen funds within hours of the Security Council’s intervention.
Supporters of the move say that reality highlights a different tradeoff, one between ideals and practical risk management. Without some form of emergency intervention, stolen funds in crypto are typically unrecoverable, and large exploits can cascade through the ecosystem.
From this perspective, the Security Council functions less as a centralized authority and more as a last-resort safeguard, designed to step in only under extreme conditions.
“We’re no more or less decentralized today than we were yesterday,” Goldfeder said.
Read more: Arbitrum freezes $71 million in ether tied to Kelp DAO exploit