Arbitrum Security Committee Members: Why Are We Activating “God Mode” to Freeze $72.00 Million?

Compiling | Deep Tide TechFlow

Guest: Griff Green, Member of the Arbitrum Security Council

Host: Zack Guzman

Original link:

Editor’s Introduction

In the past few days, Ethereum and the entire crypto community have been focused on the incident where Kelp DAO (a liquidity re-staking protocol) was hacked, affecting Aave (a decentralized lending platform).

The Arbitrum Security Council used emergency authority to freeze and recover approximately $72 million worth of assets from addresses suspected to be controlled by North Korean hackers. This is the first time in the crypto industry that a “God mode” on an L2 chain has been used to freeze funds belonging to a specific address. Before this podcast episode, community opinions were divided, with controversy centering on the fact that while Arbitrum did the right thing, the ability of a single chain to “transfer out assets from a specific address” raises questions about its authority boundaries and decentralization.

The guest in this episode is Griff Green, a member of the Arbitrum Security Council authorized to make such decisions. Griff is also a veteran of the 2016 The DAO hack and one of the advocates for Ethereum hard forks. In the interview, he directly criticizes Circle (the issuer of USDC) for “continued inaction” during the North Korean hacker incident, and contrasts this with Tether’s proactive freezing actions, arguing that Circle’s decision-making is entirely driven by financial statements.

Highlights and Quotes

The misconception of blockchain’s “immutability”

“People think blockchain is immutable, but in reality, the foundation of blockchain operation is social consensus. If everyone agrees to upgrade the protocol, the rules can be changed. Ethereum and Bitcoin are both like this.”

“That’s why some in the Bitcoin community are now discussing freezing Satoshi’s coins. Technically, it’s entirely feasible because blockchain isn’t inherently immutable; it just has rules.”

The true cornerstone of decentralization is market behavior

“If people dislike our decisions, they will sell their tokens. If the Bitcoin network coordinates to steal from people, holders will obviously sell. The real foundation of decentralization is market behavior; the role of market dynamics in this matter is severely underestimated.”

“To be honest, no one would blame us for doing nothing. Doing nothing carries almost no risk, so you need a bit of willingness to take risks.”

North Korean hackers’ attack patterns

“North Korea rarely attacks at the smart contract layer. Most of the time, the attack isn’t on the code but on people. They use social engineering to find key holders with special permissions, gaining access to their computers and keys.”

“I don’t know why they left funds in one address for two days without moving them. Maybe they worked for three days straight, took Sunday off, and were late on Monday. That’s our window.”

Comparison between Circle and Tether

“I’ll say this clearly: there are obviously no good actors at Circle. They’ve been choosing to do nothing. Tether, on the other hand, keeps freezing North Korean funds, recovering amounts far exceeding $70 million.”

“Circle’s origin isn’t crypto-native; it’s Goldman Sachs. So their decision logic is: does this reflect well on their financial reports? If freezing North Korean funds can make them money, they will definitely do it.”

Security issues are the biggest obstacle to crypto adoption

“With today’s technology, we can create systems more secure than PayPal or banks. Take the infrastructure of banks and PayPal, remove the custodians, and make a non-custodial version—technologically, it’s already possible.”

“I don’t know anyone whose bank account was hacked and money stolen after a phishing attack. But I know many who lost crypto after being phished.”

“I’ve been building for the public good, trying to create better systems than governments, but I keep hitting the same problem: this technology still isn’t safe enough for ordinary people to use securely.”

Enabling God Mode

Zack Guzman: Many people are paying attention to how things develop. The controversy hasn’t stopped. Let’s start with the structure of the Arbitrum Security Council. You’re a member, and you mentioned in your post that this was a very serious decision. Can you explain how the whole incident unfolded?

Griff Green: Kelp DAO was attacked. There’s still debate over whether the main responsibility lies with Kelp DAO or LayerZero (the cross-chain messaging protocol), but the impact definitely reached Aave. It was a cross-chain bridge attack where about $300 million worth of tokens on Layer 2 were stolen by hackers from the bridge, then deposited into Aave on Ethereum mainnet and Arbitrum as collateral to borrow ETH.

After the North Korean hackers obtained ETH, they left it in their wallet for several days without moving it, giving us a window to coordinate rescue efforts. Arbitrum, as a still-in-development Stage 1 rollup (meaning some security guarantees but not fully decentralized), has a Security Council. It’s a 9-of-12 multi-signature (out of 12 members, 9 signatures are required to execute actions). We collaborated with the Seal 911 team (a security emergency response organization in crypto) to use emergency permissions to transfer funds out of the address controlled by North Korea, freezing them into a new address they cannot access.

The foundation of blockchain

Zack Guzman: I didn’t realize a 9-of-12 threshold was needed, and many people probably don’t know that Arbitrum has this capability. You probably also don’t want North Korean hackers to know about this feature.

Griff Green: Actually, this information is fully public. I think there’s some misunderstanding about blockchain technology. The core of blockchain is open-source code, nodes running on servers, and social consensus.

My first project was The DAO. We raised $150 million, then got hacked. If you want to learn more, check out Laura Shin’s book The Cryptopians, which dedicates 100 pages to this incident. Ultimately, we used an Ethereum hard fork to do something very similar to what we did on Arbitrum: breaking the rules without the hacker’s permission, moving funds out of the hacker’s wallet.

This can be done on Ethereum, Bitcoin, and any chain because blockchain is fundamentally based on social consensus. Now, some in the Bitcoin community are discussing freezing Satoshi’s coins—if everyone agrees, it can be done.

On Arbitrum, it’s slightly different: instead of convincing all node operators, there are two paths—ARB token holders can vote to execute the same action, or the 9-of-12 multi-signature of the Security Council can do it in an emergency. Before this, the Security Council’s authority was only used for bug fixes and protocol upgrades, never for freezing funds. As far as I know, this is the first time a major L2 has frozen on-chain funds.

Comparison of two incidents

Zack Guzman: You’ve experienced both the DAO hack and this recent incident. How do they compare?

Griff Green: This one was much easier. The DAO was my own project, hacked for $150 million, and the pressure was much greater. This time, I personally didn’t lose any funds; I just helped as a Security Council member.

And infrastructure is so much better now, so we could understand what happened much faster. When The DAO was hacked, we didn’t even know who the hacker was. This time, Seal 911 was able to contact the FBI, and they confirmed the attacker was North Korean hackers. We gained intelligence outside the ecosystem through the network we built over the years.

Key issues discussed

Zack Guzman: In decision-making, not acting means North Korea keeps the funds. But some worry this could set a chilling precedent for DeFi. How did the discussion go?

Griff Green: First, there’s the technical challenge. We spent a lot of time finding a perfect technical solution—just finding that solution was a major achievement, thanks to the behind-the-scenes technical heroes.

Once the technical feasibility was confirmed, we moved to the real debate: should we do it or not?

From my personal perspective, the attackers are almost certainly North Korean, involving $72 million, and DeFi faces existential risk. My duty is to uphold Arbitrum’s constitution and do what I believe is right for Arbitrum. No one would blame us for choosing inaction; doing nothing carries almost zero risk, so a bit of risk-taking is necessary.

Some people might feel uncomfortable, thinking “9 people can do this on-chain.” But I tell you, getting 9 highly risk-averse security experts to agree on doing something after thorough checks is far more difficult than you think. It’s probably harder than coordinating miners to freeze Satoshi’s coins.

The key point is that the system remains decentralized. This is reflected not only in architecture but also in market sentiment and price behavior. If people dislike our decision, they will sell their tokens. That’s the true foundation of decentralization—the role of market dynamics in this matter is severely underestimated.

Zack Guzman: The Security Council is elected by ARB token holders. Could this incident set a precedent that changes how people view hacker incidents in the Ethereum ecosystem?

Griff Green: One thing that’s underestimated: hackers rarely leave funds in one address for two days without moving them. It’s precisely because they didn’t move the funds that we had a window of opportunity. I can’t recall any previous hacker incident on Arbitrum with a similar situation. I don’t know why they didn’t transfer the funds. Maybe they worked for three days straight, took Sunday off, and were late on Monday.

So I think people will be more open-minded about this. Not because it’s technically possible (it’s always possible), but because they saw a real operation. L2Beat (an L2 security assessment project sponsored by the Ethereum Foundation) clearly states that the Security Council has emergency upgrade permissions. Hackers could transfer the funds at any time, causing us to fail, but we’re fortunate this time.

Security lessons

Zack Guzman: What are the security lessons learned?

Griff Green: First, we need to improve technical risk analysis. Aave does well in controlling access to low-market-cap, high-volatility tokens, but it’s too lax with liquid staking tokens (LSTs). These tokens’ underlying asset is ETH, so the economic risk is relatively low, but the technical risk requires more scrutiny. This isn’t just Aave’s problem; protocols like Morpho, Compound, Sky, and others need to double down on technical risk analysis.

Kelp DAO’s setup has a single point of failure—if one key point is compromised, it’s vulnerable. But a bigger issue is operational security (opsec): if keys are compromised, that’s the real risk. North Korea rarely attacks at the smart contract level; most of the time, they attack people—using social engineering to gain access to computers and keys with special permissions.

There are two ways to respond: one is to strengthen security standards. If you manage large amounts of funds, your computer security should be as strict as a CEO’s in a major tech company. But the crypto industry hasn’t reached that level yet.

Handling the $72 million recovery

Zack Guzman: What’s next for the recovered $72 million? Is it decided by your vote?

Griff Green: Yes, that will be very interesting. The situation for Aave and Kelp DAO users will improve, but the specific plan is hard to determine. DAO coordination is already difficult; it’s like working with governments and large organizations, especially without a clear final decision-maker.

Previously, Aave and Kelp DAO blamed each other. Now, with Arbitrum involved, it’s three DAOs working together. The good news is that there’s actual money involved, so Aave and Kelp DAO can’t just pass the buck—they need to publicly develop a plan. How to return this $72 million to users will ultimately be decided by Arbitrum DAO token holders’ vote.

My personal stance is that unless the funds are directly returned to users 100%, Arbitrum DAO should not release this money.

It’s worth noting that the Security Council only acts in emergencies. We deliberately transferred the funds to address 0x0000DAO—the “DAO” suffix was chosen intentionally, meaning this money now belongs to the DAO community. I am also a delegate of Arbitrum DAO. But the total voting power can reach 200 million votes, and I only have about 10 million votes, roughly 5%. Many others have greater influence.

Projects I’m working on

Zack Guzman: Tell us about the projects you’re currently involved in, especially those related to security.

Griff Green: Since the DAO incident, I’ve been building in this space. One platform I helped develop is Giveth, a decentralized donation platform that helps many nonprofits raise funds on Ethereum. I’ve seen these nonprofits lose money in all sorts of ways: sending funds to the right address but on the wrong chain, phishing, smart contract bugs, exchange hacks, and more.

With today’s technology, we can create systems more secure than PayPal or banks. The technology is ready. But the reality is, I don’t know anyone whose bank account was hacked and money stolen after a phishing attack, but I know many who lost crypto after being phished.

That’s why we created the DAO Security Fund. The goal is to make Ethereum safer than banks. We have about $170 million in staked assets, using staking yields as a long-term funding source for security.

The first large-scale funding round starts tomorrow. On qf.giveth.io, you can donate to security projects. Based on your donation, a $1 million fund will be proportionally distributed to various security initiatives.

But more important than funding is project discovery. There are hundreds of free open-source security tools out there, but many people don’t even know they exist. The core purpose of this round is to gather these projects in one place, so people can discover them. Funding helps these projects survive, but market signals—knowing which projects are most needed and which directions deserve more investment—are truly impactful.

Circle vs. Tether comparison

Zack Guzman: When there’s no security council mechanism, centralized stablecoin issuers like Circle are forced to face the issue of freezing or not freezing assets. How do you see these two models?

Griff Green: If you have the ability to solve this problem, you have the responsibility to do so. There’s an old saying: “All evil needs to triumph is for good men to do nothing.”

Let me be clear: there are obviously no good actors at Circle. They’ve been choosing inaction. Tether, on the other hand, keeps freezing North Korean funds, recovering amounts far exceeding $70 million.

You might think it should be the other way around, but I believe the reason is that Tether’s founding team is crypto-native, DeFi-native—they retain some old-school crypto values. Circle’s origin is Goldman Sachs, so their decision logic is: does this look good on the reports? If freezing North Korean funds can make them money, they will definitely do it.

I’m not an extremist about Tether; I lean more toward decentralization. But their behavior in this matter is truly perplexing. I wonder if we need to collectively sell USDC to give them enough market feedback. North Korea’s attacks aren’t just damaging our portfolios—they threaten real-world security. Everyone suffers because they don’t stop North Korea.

Zack Guzman: The politics in the blockchain world are much more complex than many realize.

Griff Green: Exactly. You think it’s just finance and hardcore tech, but there’s a lot of political discussion—about self-regulation, how to build society on new frameworks, very deep debates. But every time I try to bring these issues into the real world, I hit security problems.

North Korea’s attacks on major protocols are just one dimension. There are many lower-level issues, like scam calls impersonating Coinbase support, user experience improvements, and more. Many problems aren’t state-level attacks; they’re just our own tech not being polished enough.

I entered crypto in 2013, got my first master’s degree in digital currency in 2016. I’ve been building for the public good, trying to create systems better than governments, but I keep hitting the same problem: this technology still isn’t safe enough for ordinary people to use securely. But now, there’s a huge opportunity to change that.