It blew up! Arbitrum intercepted the hacker’s 3万 ETH, winning against the thief while puncturing its own trust hole

After trading for 7 years, from traditional markets to Web3, I know best: the most terrifying thing in the market isn’t hackers—it’s the moment when the rules are torn apart by hand.

The 3万 ETH stolen from KelpDAO was taken by Arbitrum’s Security Council using “unconventional operations”—they didn’t take the hacker’s private key, didn’t freeze the address; they directly issued a transfer instruction in the hacker’s name. The on-chain record looks as if the hacker themselves transferred the funds, and the money was locked into a governance address. $ARB ‌$ETH ‌

The principle is simple: they temporarily upgraded the cross-chain bridge contract, opened a “back door,” allowing them to initiate cross-chain transactions without a private key and under any address name; after using it, they immediately changed the contract back.

In the short term, the hacker’s busywork was all in vain—the victims managed to recover their losses, and yes, it’s satisfying. But anyone who trades understands: the precedent opened today for “legitimate purposes” can be used tomorrow on anyone.

We trust on-chain assets because, at the core, “private key = money”—no one can move your address. Now Arbitrum has directly smashed this underlying logic: its Security Council has the power to bypass private keys and forge transactions.

In the future, it can say it’s “anti-money laundering” and “anti-fraud,” using the same method to move any user’s address. This time it won against the hacker, but it has torn apart all users’ trust in the security of on-chain assets. #KelpDAO跨链桥遭攻击 #Gate13周年现场直击 #Progress in the US-Iran second round negotiations