Arbitrum’s 12-member security council on Monday froze 30,766 Ether (about $71.2 million) tied to the recent Kelp protocol exploit. The council, an elected body that oversees emergency interventions on the Arbitrum network, moved the ETH into what it described as “an intermediary frozen wallet,” rendering the funds inaccessible to the original address unless further Arbitrum governance approves a transfer.
The freeze follows a large-scale attack on Kelp, a liquid restaking protocol, which was exploited for at least $293 million on Saturday through its LayerZero-powered bridge. LayerZero has publicly accused North Korean-linked actors of conducting the attack. According to reports, the stolen Kelp tokens were subsequently used to borrow assets on the lending platform Aave, producing millions of dollars in bad debt across connected lending markets.
Arbitrum characterized the council’s action as “emergency action” taken with input from law enforcement. The council said it balanced its commitment to the network’s security and integrity while aiming not to disrupt legitimate Arbitrum users or applications. Griff Green, a member of the Arbitrum Security Council, said the decision followed “countless hours of debates, technical, practical, ethical and political” considerations and that nine of the 12 council members voted in favor of freezing the funds.
The intervention has prompted debate within the crypto community. Critics argue that censoring or freezing addresses undermines decentralization and the blockchain’s permissionless principles. Proponents counter that temporarily freezing stolen assets can protect users, limit systemic contagion, and preserve network stability while authorities and governance sort out next steps.
The episode highlights a persistent tension in crypto governance: how projects should balance decentralized principles against protective measures that may require centralized or collective decisions in emergencies. Arbitrum’s move underscores how some layer-2 networks are relying on governance structures to respond rapidly to large hacks and to coordinate with law enforcement when necessary.