The Arbitrum Security Council moved quickly this week to contain the fallout from the KelpDAO exploit, touting the emergency “freeze” of more than 30,000 ETH tied to the attacker as a win for user protection.
But beneath the language of containment, the intervention has reopened one of crypto’s oldest and most uncomfortable debates: What decentralization really means, when a group of people can step in and override results for a network after the fact.
At the center of the debate is the role of Arbitrum’s Security Council, a small, elected group elected by token holders every 6 months, empowered to act in an emergency. In this case, it exercised those powers to take control of funds associated with the exploitation, effectively locking them up pending further government decisions.
Supporters see this as a system that works as intended, preventing tens of millions of dollars from being laundered and buying time for potential recovery. Critics, however, argued that the move underscores another reality: That even in seemingly decentralized systems, ultimate control can still rest with a handful of actors.
For Arbitrum insiders, however, the decision was far from a reflexive intervention. According to Steven Goldfeder, co-founder of Offchain Labs, the company that originally created and supports Arbitrum, the starting point was inaction.
“The default was to do nothing,” Goldfeder told CoinDesk, describing the early stages of the Security Council’s deliberations. “Then this idea actually came up [from a security council member]… a way to do it in a very surgical way … without impacting any other user, not impacting network performance and having no downtime.”
The result was what Arbitrum has described as a “freeze”. But technically, the move required something more active: the use of privileged powers to transfer funds from the attacker-controlled address into an ownerless wallet, effectively rendering them immobile.
That distinction is at the heart of the decentralization debate. In its purest form, decentralization implies that no individual or group can unilaterally interfere with transactions once they are done, often summed up by the phrase “code is law.” Critics worry that if a small group can step in to stop a hacker, the same mechanism could in theory be used in other situations, whether under regulatory pressure or political influence.
More simply, the concern is less about this specific case and more about precedent: If intervention is possible, where is the line drawn and who decides?
This capability, now demonstrated in practice, raises broader questions about the limits of decentralization on Layer 2 blockchains and the trade-off between security and neutrality.
While the Security Council is elected by token holders, it is still a relatively small group capable of acting quickly and in this case decisively.
Patrick McCorry, head of research at the Arbitrum Foundation and who coordinates with the Security Council, emphasized that this structure is by design.
The Security Council is “a very transparent part of the system,” according to McCorry; “You can see exactly what powers they have.” Additionally, he said, “they are chosen by token holders… not handpicked by us [Arbitrum Foundation + Offchain Labs].”
Currently, the Security Council is selected through recurring on-chain elections, where token holders vote every six months to appoint its 12 members
From that perspective, Arbitrum’s model reflects a different interpretation of decentralization, one in which authority is delegated by the community, rather than eliminated entirely.
Some critics have argued that a decision of this magnitude should have gone through token-holder governance. But Goldfeder pushed back on that idea, arguing that speed and discretion were essential.
“The DAO cannot be consulted, because the second the DAO is consulted, that essentially means North Korea is being consulted,” he said, referring to ongoing investigative efforts that suggest the attacker’s ties.
“If you say, ‘hey guys, are we going to move these funds?’ then you might as well do nothing,” he said.
In that framework, the choice was not between decentralized and centralized decision-making, but between acting quickly or letting the funds disappear. In fact, the attackers began moving and laundering the remaining stolen funds within hours of the Security Council’s intervention.
Supporters of the measure say the reality highlights a different trade-off, one between ideals and practical risk management. Without some sort of emergency intervention, stolen funds in crypto are typically irrecoverable, and large exploits can cascade through the ecosystem.
From this perspective, the Security Council functions less as a centralized authority and more as a safeguard of last resort, designed to step in only in extreme circumstances.
“We are no more or less decentralized today than we were yesterday,” Goldfeder said.
Read more: Arbitrum Freezes $71 Million in Ether Tied to Kelp DAO Exploitation
