Unprecedented! Twelve people press the pause button, and $ETH L2's "decentralization" underwear is pulled off. Is your asset safe?

A few days ago, Kelp DAO was hacked and $290 million was stolen, becoming the largest crypto theft of the year. The attacker is believed to be North Korea’s Lazarus Group.

The day after the incident, a 12-person group chat directly reprogrammed the Arbitrum blockchain, freezing $71 million worth of $ETH. The official statement called it an “emergency action by the Security Council” because law enforcement provided the attacker’s identity.

The technical reality is: with only 9 signatures, no account holder’s consent is needed to modify an account balance on a so-called “decentralized” Layer 2 chain.

The stolen rsETH was quickly exchanged for $ETH. The attacker’s wallet balance changed as follows: peaked at about $260 million on April 19, dropped to $240 million on the 20th, and was about $175 million on the 21st. As of the analysis, $71 million was publicly confirmed frozen, about 25% of the total; the attacker still controls roughly $175 million, accounting for 60%; the rest is unknown.

On the Ethereum mainnet, no committee can freeze an address. But on Arbitrum, the committee has exercised this power.

This committee is elected by Arbitrum DAO governance, consisting of 12 members, with actions requiring 9 approvals, rotating every six months. They have direct admin rights over all system contracts.

The normal upgrade process takes about 13 days of public notice. The security committee’s process is: 9 signatures, immediate execution, zero delay. The documentation states they have full access, no time lock, no voting needed.

The specific operation was not performed directly on Arbitrum. The committee initiated a call from Ethereum, temporarily modifying the core code that handles cross-chain messages in Arbitrum. The modified version bypassed signature verification, allowing the caller to specify any sending address.

They forged the attacker’s signature, initiated a transfer from the attacker to a recovery wallet, exploiting an internal function that allows transactions to be executed without signature verification. 30,766 ETH were transferred. The modified code was immediately restored afterward.

Throughout the process, the attacker’s private key was never used. They only temporarily rewrote the rules, forged an equivalent signature transfer, then reverted the rules. This is a reusable power, and the on-chain history was not rolled back.

Recovering user funds is a righteous act, and the committee acted as designed. But the core question is: who can prevent such power from being abused next time?

Under geopolitical pressure, strict regulatory demands, national security secrets, or court orders, only 9 signatures are needed. Coercing one member’s family and gathering 8 more signatures is also possible.

Tools that can recover the stolen $71 million can also confiscate another $71 million in disputes. These tools are not good or evil. The only barrier between user assets and confiscation becomes the moral, personal safety, and legal risks faced by 12 ordinary people. Our trust is no longer in mathematics and code, but in 12 ordinary individuals.

This is not unique to Arbitrum. $OP, Base, Polygon zkEVM, zkSync Era, StarkNet, Scroll, Linea—every Layer 2 claiming to be a “decentralized Ethereum scaling solution”—has a committee that can freeze funds.

$ETH L1 is a mainstream blockchain that cannot be frozen structurally; it has no sequencer, no admin keys. No Layer 2 can do this. The entire L2 ecosystem claims to “inherit Ethereum’s trustlessness,” but structurally, it cannot truly inherit it.

All rollups are essentially a high-speed database, a slow withdrawal channel, and a group of key-holders acting as a committee.

Establishing a security committee is an engineering trade-off: zero-knowledge circuits may have vulnerabilities needing urgent fixes; fraud proof systems have had issues historically; sequencer failures require manual intervention.

If Ethereum’s slow upgrade pace is applied to experimental cryptography, rollups might fail before they are mature enough.

But the industry rarely discusses this as a trade-off. What you hear is “Rollups inherit Ethereum’s security.” The reality is: “Rollups inherit Ethereum’s security unless those 12 key-holders with admin keys step in.”

Follow me for more real-time analysis and insights into the crypto market! $BTC $ETH $SOL

#Gate13周年现场直击 #WCTC trading contest to share 8 million USDT #Bitcoin rebound