Arbitrum pulled off a stunt: 9 people pretended to be hackers and “stole” $70 million back

$BTC ‌
Last week, KelpDAO was stolen by the North Korean hacker group Lazarus Group. Nearly $300 million was taken; more than 30,000 ETH were left on the Arbitrum chain, worth more than $70 million. Everyone thought the money was gone for good.
$ETH ‌
In the end, the Arbitrum Security Council stepped in. The 9 people signed a multi-signature, temporarily upgraded the cross-chain bridge contract, and added a “divine” feature: transactions can be initiated in the name of any wallet, without needing a private key.
$RAVE ‌
Then they forged a message. The sender field was filled in with the hacker’s address, and the content read: “Transfer all my ETH away.” The chain obediently carried out the order on-chain, and the money went into a frozen address. Upgrade, forge, transfer, restore—done with a single transaction. From start to finish, the hacker had no idea what was happening; the on-chain record looked like he was the one who did it himself.

Put it into plain human language: 9 people held a meeting, pretended to be hackers, and “stole” $70 million back.

Good outcome. Bold move.

The community erupted in an uproar. One side said it was a great job, protecting the assets; the other side asked a deadly question—if 9 people can sign to transfer on behalf of anyone, is that still decentralization? In response, a member of the Arbitrum Security Council, Griff Green, said this decision wasn’t made casually. The members debated for “countless hours” from every angle—technical, operational, moral, and political—before finally casting their votes.

But the issue isn’t how long they debated. It’s that they had the power to do so. With 9 people signing, they upgraded the core contracts with zero delay. This time it was used to go after hackers—what about next time?

The word “decentralization” is increasingly starting to sound like stage talk

What’s interesting is that Arbitrum isn’t special. Right now, most mainstream L2s preserve similar emergency upgrade permissions. Optimism has a 12-member security council, Polygon can patch with multi-signatures, and MakerDAO has an emergency shutdown process. The chain you’re using probably also has a group of people holding master keys. This isn’t an Arbitrum-only invention; it’s the standard setup for L2s at this stage.

Have the keys run out—did they just merge?

Arbitrum says that after the contract upgrade, they downgraded back to the original version. The keys were created, they opened a door once, and then it melted/merged. But the “ability to create keys” itself still exists. Can the 9 people create another key next time? Of course they can. That’s the entire point of the Security Council—to be able to act in emergencies. But who defines what “emergency” means? They do.

Be more realistic

Of the $292 million that was stolen, more than $70 million was recovered—less than a quarter. The remaining ETH is still scattered across other chains, and over $100 million in bad debt on Aave hasn’t been resolved yet. This war isn’t over by a long shot.

Good outcome, bold move—but with a wild approach. This time they used it to chase hackers—what will they use it for next time?
#Kelp定因，Aave坏账最高$3.4亿 #恐慌贪婪指数
​​#美伊二轮谈判进展 #KelpDAO跨链桥遭攻击