The Arbitrum Security Council acted quickly this week to contain the fallout from the KelpDAO exploit, touting the emergency “freeze” of more than 30,000 ETH linked to the attacker as a victory for user protection.
But under the containment language, the intervention has reopened one of cryptocurrencies’ oldest and most uncomfortable debates: what decentralization really means when a group of people can intervene and overturn a network’s results after the fact.
At the center of the debate is the role of the Arbitrum Security Council, a small group elected by token holders every 6 months, empowered to act in emergencies. In this case, it exercised those powers to take control of the funds associated with the exploit, effectively locking them pending further governance decisions.
Supporters see this as a system that works as intended, preventing the laundering of tens of millions of dollars and buying time for a possible recovery. Critics, however, argued that the move underscores a different reality: that even in seemingly decentralized systems, ultimate control can still rest with a handful of actors.
For Arbitrum insiders, however, the decision was far from a thoughtful intervention. According to Steven Goldfeder, co-founder of Offchain Labs, the company that originally created and backs Arbitrum, the starting point was inaction.
“The default option was to do nothing,” Goldfeder told CoinDesk, describing the early stages of the Security Council deliberations. “Then this idea came up. [from a security council member]…a way to do it in a very surgical way…without affecting any other users, without affecting network performance and without having any downtime.”
The result was what Arbitrum has described as a “freeze”. But technically, the move required something more active: the use of privileged powers to transfer funds from the address controlled by the attacker to an ownerless wallet, effectively rendering them immobile.
That distinction is at the heart of the debate over decentralization. In its purest form, decentralization implies that no individual or group can unilaterally interfere with transactions once they have been executed, which is often summed up in the phrase “code is law.” Critics worry that if a small group can intervene to stop a hacker, the same mechanism could, in theory, be used in other situations as well, whether under regulatory pressure or political influence.
In simpler terms, the concern is less about this specific case and more about the precedent: if intervention is possible, where is the line drawn and who decides?
That capability, now demonstrated in practice, raises broader questions about the limits of decentralization in Layer 2 blockchains and the balance between security and neutrality.
While the Security Council is elected by token holders, it is still a relatively small group capable of acting quickly and, in this case, decisively.
Patrick McCorry, head of research at the Arbitrum Foundation and who coordinates with the Security Council, emphasized that this structure is by design.
The Security Council is “a very transparent part of the system,” according to McCorry; “You can see exactly what powers they have.” Furthermore, he said, “they are chosen by the token holders…not personally selected by us.” [Arbitrum Foundation + Offchain Labs].”
Currently, the Security Council is selected through recurring on-chain elections, with token holders voting every six months to appoint its 12 members.
From that perspective, the Arbitrum model reflects a different interpretation of decentralization, one in which the community delegates authority, rather than eliminating it entirely.
Some critics have argued that a decision of this magnitude should have gone through the governance of token holders. But Goldfeder rejected that idea, arguing that speed and discretion were essential.
“You can’t consult the DAO, because the moment you consult the DAO, that essentially means you consult North Korea,” he said, referring to ongoing investigative efforts that suggest the attacker’s links.
“If you say, ‘Hey guys, should we move these funds?’ So it’s better to do nothing,” he said.
In that framework, the choice was not between decentralized and centralized decision-making, but between acting quickly or allowing the funds to disappear. In fact, the attackers began moving and laundering the remaining stolen funds within hours of the Security Council intervention.
Supporters of the measure say reality highlights a different balance, one between ideals and practical risk management. Without some form of emergency intervention, stolen cryptocurrency funds are often unrecoverable and large exploits can cascade through the ecosystem.
From this perspective, the Security Council functions less as a centralized authority and more as a safeguard of last resort, designed to intervene only in extreme conditions.
“Today we are no more or less decentralized than yesterday,” Goldfeder said.
Read more: Arbitrum freezes $71 million in ether linked to Kelp DAO exploit
