Arbitrum freeze renews debate over policing stolen crypto
Arbitrum froze attacker-linked tokens after a $293M Kelp DAO exploit tied to suspected North Korean hackers, raising questions about who can halt or recover stolen DeFi funds.
Arbitrum’s security council froze tokens linked to the attacker after a March exploit that drained about $293 million from Kelp DAO on the Arbitrum layer-2 network. The council used its nine-of-12 multisig authority to block movement of some assets.
The security council consists of 12 members chosen by the network’s DAO. In emergency situations the council can authorize changes when nine members sign a multisig transaction, a mechanism Arbitrum uses for rapid intervention.
Advocates of the freeze argued rapid action can prevent stolen funds from being converted into other assets or moved off-chain, reducing the chance of laundering.
Critics said the freeze concentrates control in a small group and runs counter to decentralization goals. Connor Howe, CEO of Enso, argued, “The differentiation from a bank compliance officer is less than DeFi idealists will ever admit,” and called for clear disclosure of who holds keys and what safeguards exist.
Projects take different approaches to freezes. THORChain has maintained it cannot freeze funds by design. Stablecoin issuers operate at the token level: Tether has frequently frozen tokens quickly when illicit activity is flagged, while Circle has written that freezing USDC is a compliance obligation executed only when legally compelled.
Bernardo Bilotta, CEO of Stables, argued freeze powers should be narrow, time-limited and governed by criteria set before any breach: “Freeze capabilities need to be narrowly scoped, time-limited and governed by transparent criteria that existed before the breach occurred.” Wish Wu, CEO of Pharos, questioned who gets to define what counts as an “extreme” situation and recommended encoding emergency rules into governance in advance.
Security researchers have pointed to past incidents where projects that described themselves as non-custodial nonetheless intervened, and industry participants note that attackers can swap and move assets within minutes, making response speed a practical factor in recovery efforts.
The Arbitrum action has led to calls for clearer rules and technical safeguards. Some participants favor narrow, pre-authorized procedures for emergencies; others continue to insist on no-intervention models. Protocol teams, token issuers and governance bodies are under pressure to disclose how and when they can halt transactions or reverse flows.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
