The Arbitrum Security Council this week moved quickly to contain the impact of the KelpDAO vulnerability and declared an emergency “freeze” of more than 30,000 ETH associated with the attacker, a victory for user protection.
But beneath the language of containment, the intervention has reignited one of the oldest and most troubling debates in cryptocurrency: what decentralization actually means when a group of people can step in and overturn the results of a network after the fact.
At the center of the debate is the role of the Arbitrum Security Council, a small group elected every six months by token holders with the power to take action in emergencies. In this case, it exercised those powers to take control of the funds associated with the vulnerability, effectively locking them up pending further governance decisions.
Supporters argue it’s a system that works as intended, preventing tens of millions of dollars from being laundered and buying time for potential recovery. Critics, however, believe the move highlights a different reality: Even in ostensibly decentralized systems, ultimate control remains in the hands of a handful of actors.
For Arbitrum insiders, however, the decision was far from a knee-jerk intervention. Steven Goldfeder, co-founder of Offchain Labs, which originally created and backed Arbitrum, said the starting point was to do nothing.
“The default is to take no action,” Goldfeder told CoinDesk, describing the early stages of the Security Council deliberations. “Then the idea really came up [from a security council member]…a very surgical approach…that won’t impact any other users, won’t affect network performance, and won’t cause any downtime. “
The result is what Arbitrum calls “freezing.” But technically speaking, the move required a more aggressive step: using privileges to move funds from an attacker-controlled address to a wallet without an owner, effectively rendering them immovable.
This distinction is at the heart of the devolution debate. Decentralization in its purest form means that no individual or group can unilaterally interfere with a transaction once it is executed, which can often be summarized as “code is law.” Critics worry that if a small group can step in to stop hackers, the same mechanism could theoretically be used in other situations, whether under regulatory pressure or political influence.
Simply put, the concern is not with this specific case but with precedent: if intervention is possible, where are the boundaries and who decides?
This capability has now been proven in practice, raising broader questions about the boundaries of decentralization in layer 2 blockchains and the trade-offs between security and neutrality.
While the Council is elected by token holders, it is still a relatively small group capable of acting quickly and, in this case, decisively.
Patrick McCorry, head of research at the Arbitrum Foundation and responsible for coordinating with the Security Council, emphasized that this structure is by design.
McCoury stated that the Council is “a very transparent part of the system”; “you can clearly see what powers they have.” Additionally, he said, “They are elected by token holders… rather than hand-picked by us. [Arbitrum Foundation + Offchain Labs]”.
Currently, the Council is elected through regular on-chain elections, with token holders voting every six months to appoint its 12 members
From this perspective, Arbitrum’s model reflects a different interpretation of decentralization, where power is delegated to communities rather than removed entirely.
Some critics argue that such a significant decision should go through token holder governance. But Goldfeder pushed back against that idea, saying speed and caution were crucial.
“The DAO cannot be consulted because once the DAO is consulted, it means consulting with North Korea,” he said, referring to ongoing investigative efforts indicating the attacker’s ties.
“If you say, ‘Hey guys, should we move these funds?’ then you might as well do nothing,” he said.
In this framework, the choice is not between decentralized and centralized decision-making, but between acting quickly or letting the money disappear. In fact, within hours of the Council’s intervention, the attackers began moving and laundering the remaining stolen funds.
Supporters of the move say reality highlights a different trade-off, between ideal and practical risk management. Without some form of emergency intervention, stolen crypto funds are often unrecoverable, and large-scale breaches can occur throughout the ecosystem.
From this perspective, the Security Council functions not so much as a centralized body but as a last resort, designed to intervene only in extreme conditions.
“We are no more decentralized today than we were yesterday,” Goldfeder said.
Read more: Arbitrum freezes $71M worth of ether tied to Kelp DAO vulnerability
