The Arbitrum Security Council moved quickly this week to contain the fallout from the KelpDAO exploit, touting the emergency “freeze” of more than 30,000 ETH tied to the attacker as a victory for user protection.
But under the language of containment, the intervention reopened one of crypto’s oldest and most uncomfortable debates: what decentralization actually means when a group of people can step in and overturn a network’s results after the fact.
At the center of the debate is the role of the Arbitrum Security Council, a small elected group chosen by token holders every 6 months, empowered to act in emergencies. In this case, he exercised these powers to take control of the funds associated with the exploit, thereby locking them pending further governance decisions.
Supporters see it as a system working as intended, preventing tens of millions of dollars from being laundered and buying time for possible recovery. Critics, however, say the move underscores a different reality: Even in seemingly decentralized systems, ultimate control may still rest with a handful of actors.
For Arbitrum insiders, however, the decision was far from a reflexive intervention. According to Steven Goldfeder, co-founder of Offchain Labs, the company that originally created and supports Arbitrum, the starting point was inaction.
“The default was to do nothing,” Goldfeder told CoinDesk, describing the early stages of Security Council deliberations. “Then this idea emerged [from a security council member]…a way to do it very surgically…without affecting any other users, without affecting network performance, and without any downtime.
The result was what Arbitrum described as a “freeze.” But technically, this move required something more active: using privileged powers to transfer funds from the attacker-controlled address to an ownerless wallet, thereby rendering them immobile.
This distinction is at the heart of the debate on decentralization. In its purest form, decentralization implies that no individual or group can unilaterally interfere with transactions once they are executed, which is often summed up by the expression “the code is the law.” Critics fear that if a small group can intervene to stop a hacker, the same mechanism could, in theory, be used in other situations as well, whether under regulatory pressure or political influence.
In simpler terms, the concern relates less to this specific case than to the previous one: if intervention is possible, where is the limit and who decides?
This capability, now demonstrated in practice, raises broader questions about the limits of decentralization on layer 2 blockchains and the trade-off between security and neutrality.
Even though the Security Council is elected by token holders, it remains a relatively small group, capable of acting quickly and, in this case, decisively.
Patrick McCorry, head of research at the Arbitrum Foundation and who coordinates with the Security Council, stressed that this structure was intentional.
The Security Council is “a very transparent part of the system,” according to McCorry; “You can see exactly what powers they have.” Additionally, he said, “they are elected by the token holders…not by us.” [Arbitrum Foundation + Offchain Labs].”
Currently, the Security Council is chosen in recurring on-chain elections, with token holders voting every six months to appoint its 12 members.
From this perspective, the Arbitrum model reflects a different interpretation of decentralization, one in which authority is delegated by the community, rather than completely eliminated.
Some critics have argued that a decision of this magnitude should have involved governance of token holders. But Goldfeder pushed back on the idea, arguing that speed and discretion were essential.
“The DAO cannot be accessed, because the second the DAO is accessed, it basically means North Korea is accessed,” he said, referring to ongoing investigative efforts suggesting the attacker’s ties.
“If you say, ‘Hey guys, should we move these funds?’ so you might as well do nothing,” he said.
In this framework, the choice was not between decentralized or centralized decision-making, but between acting quickly or letting the funds disappear. Indeed, the attackers began moving and laundering the remaining stolen funds within hours of the Security Council’s intervention.
Supporters of the move say the reality highlights a different trade-off, between ideals and practical risk management. Without some form of emergency intervention, funds stolen from cryptocurrencies are generally unrecoverable and major exploits can ripple through the ecosystem.
From this perspective, the Security Council functions less as a centralized authority than as a safeguard of last resort, designed to intervene only in extreme conditions.
“We are no more or less decentralized today than yesterday,” Goldfeder said.
Read more: Arbitrum Freezes $71 Million in Ether Tied to Kelp DAO Exploit
