BTC
ETH
HTX
SOL
BNB
View Market
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt
Home
News
Pro
Articles
Trending
Topics
Events
Views
Tools
Download
Settings
Theme Switch
Login

Dialogue with Arbitrum Security Council Members: Why We Activated the "God Mode" to Freeze North Korean Hacker Funds

深潮TechFlow
特邀专栏作者
2026-04-23 12:00
This article is about 5916 words, reading the full article takes about 9 minutes
If freezing North Korean funds allows Circle to make money, they will definitely do it.
AI Summary
Expand
  • Core Thesis: The Arbitrum Security Council, for the first time, exercised its emergency authority to freeze and recover approximately $72 million in assets from North Korean hackers. This action challenges the inherent perception of blockchain immutability, highlights the foundational role of social consensus and market behavior in decentralized systems, and reveals the deep-seated contradictions within the crypto industry regarding security protection and the responsibilities of stablecoin issuers.
  • Key Elements:
    1. The Arbitrum Security Council, via a 9-of-12 multi-signature mechanism, froze and recovered approximately $72 million in assets from North Korean hacker addresses within a two-day window when the funds were stranded. This is the first time a mainstream L2 has executed such an operation.
    2. Griff Green emphasized that blockchain's "immutability" is a misconception, as its foundation lies in social consensus; if the entire network agrees, the rules can be changed, as exemplified by Ethereum's hard fork following The DAO incident.
    3. The hacker attack mode primarily involved social engineering, not code vulnerabilities, by gaining access to key holders' permissions, exposing weaknesses in operational security (opsec).
    4. Griff Green criticized Circle (USDC issuer) for "persistent inaction" regarding the freezing of North Korean funds, whereas Tether (USDT issuer) acted proactively, recovering sums far exceeding $70 million. This difference stems from the founders' backgrounds and decision-making logic of the two companies.
    5. Security shortcomings in the crypto industry hinder technological adoption; although the technology is mature, ordinary people still face risks of fund loss from phishing and smart contract vulnerabilities, which are significantly higher than in traditional banking systems.
    6. The recovered $72 million has been transferred to an address controlled by a DAO. The final disposal plan requires coordination among three DAOs — Aave, Kelp DAO, and Arbitrum — and a vote by ARB token holders.

Compiled & Edited by: Odaily TechFlow

Guest: Griff Green, Arbitrum Security Council member

Host: Zack Guzman

Podcast Source: Coinage

Original Title: Why Arbitrum Decided To Take Back $72M North Korea Stole

Broadcast Date: April 23, 2026

Editor's Note

Over the past few days, Ethereum and the broader crypto space have been focused on the incident where Kelp DAO (a liquid restaking protocol) was hacked, impacting Aave (a decentralized lending platform).

The Arbitrum Security Council used emergency powers to freeze and recover approximately $72 million in assets from an address suspected to be controlled by North Korean hackers. This marks the first time in the crypto industry that an L2 has activated a "god mode" to freeze funds in a specific address. Prior to this podcast, the community was divided. The controversy lies in the fact that while Arbitrum did the right thing, a chain having the ability to "move assets from an address" raises doubts about its power boundaries and decentralization.

This podcast's guest is Griff Green, a member of the Arbitrum Security Council that made this decision. Griff also experienced the 2016 The DAO hack firsthand and was one of the drivers behind the Ethereum hard fork. In the interview, he directly criticized Circle (the USDC issuer) for its "continued inaction" regarding the North Korean hacker incident, and compared it to Tether's proactive freezing actions, arguing that Circle's decision-making logic is entirely driven by financial statements.

Highlight Quotes

The 'Immutability' of Blockchain is a Misconception

  • "People think blockchains are immutable, but in reality, blockchains run on social consensus. If everyone agrees to upgrade the protocol, the rules can change. The same applies to Ethereum and Bitcoin."
  • "That's why there are discussions in the Bitcoin community now about freezing Satoshi's coins. It's technically entirely feasible because blockchains were never absolute immutable; they just have rules."

The True Foundation of Decentralization is Market Behavior

  • "If people don't like our decision, they will sell their tokens. If the Bitcoin network coordinated to steal people's money, holders would obviously dump. The real foundation of decentralization is market behavior. The role of market dynamics in this matter is severely underestimated."
  • "To be honest, no one would blame us for doing nothing. Doing nothing carries almost no risk, so you need a bit of willingness to take risks."

North Korean Hacker Attack Pattern

  • "North Korea rarely conducts smart contract-level attacks. Most of the time, they don't attack the code; they attack the people. They use social engineering to find key holders with special permissions and gain access to their computers and keys."
  • "I don't know why they left the funds sitting in one address for two days without moving them. Maybe they worked for three days straight, took Sunday off, and overslept on Monday. That was our window."

Circle vs. Tether

  • "Let me be very clear: there are clearly no good guys at Circle. Because they keep choosing inaction. On the other hand, Tether keeps freezing North Korean funds, recovering far more than $70 million."
  • "Circle's origin isn't crypto native; it's Goldman Sachs. So their decision-making logic is: does this look good on the balance sheet? If freezing North Korean funds made them money, they would definitely do it."

Security is the Biggest Hurdle for Crypto Adoption

  • "With today's technology, we can absolutely build something safer than PayPal or banks. Take the infrastructure from banks and PayPal, remove the custodian, make it non-custodial—the technology is already there."
  • "I don't know anyone who had their bank account drained after being phished. But I know many people who lost crypto after being phished."
  • "I've been building for the public good, trying to create something better than governments, but I keep hitting the same roadblock: this technology currently isn't safe enough for ordinary people to use."

Activating God Mode

Zack Guzman: A lot of people are watching this situation unfold. The controversy has been ongoing. Let's start with the structure of the Arbitrum Security Council. You're a member, and in your post, you mentioned this was a very serious decision. Can you walk us through how the whole event unfolded?

Griff Green: Kelp DAO was attacked. Whether the primary responsibility lies with Kelp DAO or LayerZero (a cross-chain messaging protocol) is still debated, but the impact certainly reached Aave. It was a cross-chain bridge attack. Approximately $300 million in tokens, originally on Layer 2, were stolen from the bridge by the hacker, then deposited into Aave on Ethereum Mainnet and Arbitrum as collateral to borrow ETH.

After the North Korean hackers got the ETH, they left it in their wallet for several days without moving it, giving us a window to coordinate a rescue. Arbitrum, as a Stage 1 rollup still under development (meaning it has some security guarantees but is not yet fully decentralized), has a Security Council. It's a 9-of-12 multisig (requiring 9 signatures out of 12 members to execute operations). We coordinated with the Seal 911 team (a security emergency response group in the crypto industry) and used the emergency powers to transfer the funds out of the North Korean-controlled address, freezing them in a new address they couldn't access.

The Foundation of Blockchain

Zack Guzman: I didn't know about the 9-of-12 threshold requirement; many people seem unaware that Arbitrum has this capability. You probably didn't want the North Korean hackers to know about this function either.

Griff Green: Actually, this is completely public information. I think there are some misunderstandings about blockchain technology. The foundation of blockchain is open-source code, nodes running on servers, and social consensus.

My first project was The DAO. We raised $150 million and then got hacked. For details, you can read Laura Shin's book 'The Cryptopians,' which has 100 pages dedicated to this. Ultimately, we performed a hard fork on the Ethereum network, doing something very similar to what we did on Arbitrum this time: breaking the rules without the hacker's permission to move funds out of the hacker's wallet.

This can be done on Ethereum, Bitcoin, and any other chain. Because blockchain essentially runs on social consensus. There are discussions in the Bitcoin community now about freezing Satoshi's coins; if everyone agrees, it can be done.

The difference on Arbitrum is minor. Instead of needing to convince all network node operators, there are two paths: ARB token holders can vote to execute the same operation, or the Security Council's 9-of-12 multisig can act in emergency situations. Before this, the Security Council's powers were only used to fix bugs and upgrade the protocol, never to freeze funds. As far as I know, this is also the first time a major L2 has frozen on-chain funds.

Comparing the Two Events

Zack Guzman: You experienced both The DAO hack and this incident. How do the two compare?

Griff Green: This one was much easier. The DAO was my own project; losing $150 million was far more stressful. In this case, I had no personal financial loss; I just stepped in to help as a Security Council member.

Also, the infrastructure is much better now. We can figure out what happened much faster. When The DAO was hacked, we had no idea who the hacker was. This time, Seal 911 was able to contact the FBI and basically confirm the attacker was a North Korean hacker. We gained intelligence outside the ecosystem through the behind-the-scenes network we've built over the years.

Discussion on Key Issues

Zack Guzman: During the decision-making discussion, one side was allowing North Korea to keep the funds by taking no action. But conversely, people worry this could have a chilling effect on DeFi. What was the discussion process like?

Griff Green: First, there were the technical challenges. We spent a lot of time finding a perfect technical solution. The fact that we found one is itself remarkable; credit goes to the technical heroes working behind the scenes.

Once the technical feasibility was confirmed, we entered the real discussion: we can do it, but should we?

From my personal standpoint, the attacker was almost certainly North Korea, involving $72 million, and DeFi faced an existential risk. My duty is to uphold the Arbitrum Constitution and do what I believe is right for Arbitrum. No one would blame us for choosing inaction; doing nothing carries almost zero risk. So this indeed required a bit of a pioneering spirit.

Some people feel uncomfortable, thinking '9 people can just do this on the chain.' But let me tell you, getting 9 security experts who are inherently extremely risk-averse to agree on doing something, after vetting all potential issues, is much harder than you think. Possibly harder than coordinating mining pools to freeze Satoshi's coins.

The key message is that the system is still decentralized. Not just architecturally, but also in terms of market sentiment and price action. If people don't like our decision, they will sell their tokens. That is the real foundation of decentralization. The role of market dynamics in this situation is severely underestimated.

Zack Guzman: The Security Council is elected by ARB token holders. Could this event set a precedent and change people's attitudes towards hacker incidents in the Ethereum ecosystem?

Griff Green: One thing that's underestimated: hackers rarely leave funds in one address for two days without moving them. It was precisely because they didn't move them that we had a window to act. I can't think of any other hack on Arbitrum where a similar situation occurred. I don't know why they didn't transfer the funds. Maybe they worked for three days, got tired, rested on Sunday, and overslept on Monday.

So I think people will be more open to this. Not because it became technically possible (it always was), but because people saw an actual operation. L2Beat (an L2 security evaluation project sponsored by the Ethereum Foundation) clearly states that the Security Council has emergency upgrade capabilities. The hackers could have moved the funds at any time, ruining our efforts, but we were lucky.

Security Lessons

Zack Guzman: What about the security lessons learned?

Griff Green: First, technical risk analysis needs to be better. Aave has done well controlling access for low-market-cap, high-volatility tokens, but was too lax with Liquid Staking Tokens (LSTs). The underlying asset for these tokens is ETH, so the economic risk is indeed lower, but technical risk requires more scrutiny. This isn't just Aave's problem. Lending protocols like Morpho, Compound, Sky, etc., all need to double down on technical risk analysis.

Kelp DAO's setup had a single point of failure (one-of-one, meaning compromising one key point was enough), which is why it was criticized. But the bigger issue was operational security (opsec); the keys were compromised. North Korea rarely conducts smart contract-level attacks. Most of the time, they don't attack the code; they attack the people. They gain access to computers and keys with special permissions through social engineering.

There are two ways to respond: First, strengthen security standards. If you manage large sums of money, your computer's security level should be like that of a traditional big tech company CEO. But the crypto industry hasn't achieved this level yet.

What to Do with the $72 Million

Zack Guzman: What happens next with the recovered $72 million? Is that also decided by your vote?

Griff Green: Yes, and this will be interesting. The situation for users in the Aave and Kelp DAO ecosystem will improve, but the specific plan is hard to determine. Internal coordination within a DAO is inherently difficult, just like with governments and large organizations, especially without a clear final decision-maker.

Previously, Aave and Kelp DAO were pointing fingers at each other. Now with Arbitrum added, it requires three DAOs to collaborate. The good side is that there are actual funds to distribute now, so Aave and Kelp DAO can't just blame each other anymore; they need to formulate a plan publicly. How this $72 million is returned to users will ultimately need a vote by Arbitrum DAO token holders.

My personal stance is that unless 100% is returned directly to users, the Arbitrum DAO should not release these funds.

It needs to be clear that the Security Council only acts in emergencies. We deliberately sent the funds to the address 0x0000DAO. The 'DAO' suffix was a deliberate choice, signifying that this money now belongs to the DAO community. I am also a delegate for the Arbitrum DAO. But total votes might be around 200 million, and I only have about 10 million votes, roughly 5% voting power. Many people have more weight than me.

Current Projects

Zack Guzman: Let's talk about the project you're working on now; it's very relevant to the security theme.

Griff Green: After The DAO event, I've been building in this industry. I helped build a platform called Giveth (a decentralized donation platform), helping many non-profits raise funds on Ethereum. I've watched these non-profits lose money in every way imaginable: sending funds to the right address but the wrong chain, getting phished, smart contract vulnerabilities, exchange hacks, and so on.

With today's technology, we can absolutely build something safer than PayPal or banks. The technology is ready. But the reality is, I don't know anyone who lost bank account funds after being phished, but I know many people who lost crypto after being phished.

So we created the DAO Security Fund. The goal is to make Ethereum safer than banks. We have approximately $170 million in staked assets, using the staking yields as a long-term funding source for the security space.

The first round of large-scale funding starts tomorrow. At qf.giveth.io, you can donate to security projects. Based on your donation direction, a $1 million matching pool will be distributed proportionally to various security projects.

But more important than the money is project discovery. There are hundreds of free, open-source security tools out there, but many people don't even know they exist. The core purpose of this round is to bring these projects together in one place so people can discover them. Funding helps these projects survive, but the real impact comes from the market signal: which projects are most needed, which directions deserve more people's attention.

Comparing Circle and Tether

Zack Guzman: When there's no mechanism like a Security Council, centralized stablecoin issu

DeFi
Arbitrum
Welcome to Join Odaily Official Community
Subscription Group
https://t.me/Odaily_News
Chat Group
https://t.me/Odaily_CryptoPunk
Official Account
https://twitter.com/OdailyChina
Chat Group
https://t.me/Odaily_CryptoPunk
Search
Article Catalog
Author Library
深潮TechFlow
Single Article with 150 Million Views: Dan Koe and His Super-Individual Business
My Crypto Wallet Was Drained After Three Days on Hotel Wi-Fi
The Ultimate Guide to Clawdbot: 40-Hour Hands-On Test, Deconstructing the Real Boundaries of the "All-in-One AI Assistant"
Article Ranking
Daily
Weekly
AI Agent Trading Really Makes Money: Turning 100 U into 200,000 U in 8 Days
AI Agent Trading Really Makes Money: Turning 100 U into 200,000 U in 8 Days
DeFi Hacked Again for $292 Million, Is Even Aave No Longer Safe?
Netflix Founder's "Defection" to AI: Do What You Fear
DWF Report: AI Outperforms Humans in DeFi Yield Optimization, but Autonomous Trading Lags Behind by 5x
World Models: From Prediction to Planning, HWM and the Challenge of Long-Horizon Control
Download Odaily App
Let Some People Understand Web3.0 First
IOS
Android
About Us
Contact Us
Join Us
Friendly Links
Advertising Cooperation
User Agreement
Privacy Policy
Disclaimer
Odaily Brand Media Kit | Official Logo & Visual Guidelines
Hainan Modi Culture Media Co., Ltd.
琼ICP备 2022000863号