<对话Arbitrum安委会成员：我们为何启用「上帝权限」冻结朝鲜黑客资金>

Compiled & Edited: Deep Tide TechFlow

Guest: Griff Green, Arbitrum Security Council Member

Host: Zack Guzman

Podcast Source: Coinage

Original Title: Why Arbitrum Decided To Take Back $72M North Korea Stole

Release Date: April 23, 2026

Editor's Note

Over the past few days, the Ethereum and broader crypto communities have been focused on the hack of Kelp DAO (a liquid restaking protocol) and its impact on Aave (a decentralized lending platform).

The Arbitrum Security Council used its emergency powers to freeze and recover approximately $72 million in assets from an address suspected to be controlled by North Korean hackers. This marks the first instance in the crypto industry where an L2 has activated "god mode" to freeze funds at a specific address. Before this podcast, the community was divided; the controversy lies in the fact that while Arbitrum did the right thing, a chain having the ability to "transfer assets from an address" raises questions about the boundaries of its power and its decentralization.

The guest on this podcast is Griff Green, a member of the Arbitrum Security Council that had the authority to make this decision. Griff also experienced the 2016 The DAO hack firsthand and was one of the driving forces behind the Ethereum hard fork. In the interview, he directly criticized Circle (USDC issuer) for its "continued inaction" regarding the North Korean hacker incident and contrasted it with Tether's proactive freezing actions, arguing that Circle's decision-making logic is entirely driven by financial statements.

Key Quotes

The 'Immutability' of Blockchains is a Misconception

• "People think blockchains are immutable, but in reality, blockchains operate on social consensus. If everyone agrees to upgrade the protocol, the rules can be changed. This applies to Ethereum, Bitcoin, and all others."
• "This is why there are discussions in the Bitcoin community about freezing Satoshi's coins. It's technically possible because blockchains were never absolutely immutable; they just have rules."

The True Bedrock of Decentralization is Market Behavior

• "If people don't like our decision, they will sell the token. If the Bitcoin network coordinated to steal people's money, holders would obviously dump it. The real foundation of decentralization is market behavior. The role of market dynamics in this event has been severely underestimated."
• "Frankly, no one would blame us for doing nothing. Doing nothing carries almost no risk, so you need a bit of a willingness to take risks."

North Korean Hacker's Attack Pattern

• "North Korea rarely conducts attacks at the smart contract level. Most of the time, they don't attack the code; they attack people. They use social engineering to find key holders with special permissions and gain access to their computers and keys."
• "I don't know why they left the funds in one address for two days without moving them. Maybe they worked three days straight, rested on Sunday, and were late on Monday. That was our window."

Comparing Circle and Tether

• "Let me be very clear: there are apparently no good people at Circle. Because they have consistently chosen inaction. Meanwhile, Tether has been continuously freezing North Korean funds and has recovered far more than $70 million."
• "Circle's origin isn't crypto-native; it's Goldman Sachs. So their decision-making logic is: 'Does this look good on the balance sheet?' If freezing North Korean funds made them money, they would definitely do it."

Security is the Biggest Barrier to Crypto Adoption

• "With today's technology, we can absolutely build something more secure than PayPal or banks. Take the infrastructure of banks and PayPal, remove the custodian, make it non-custodial—the technology is already there."
• "I don't know a single person who had money stolen from their bank account after being phished. But I know many people who lost crypto after being phished."
• "I've been building for the public good, trying to create something better than governments, but I keep hitting the same wall: this technology still isn't safe enough for ordinary people to use."

Activating God Mode

Zack Guzman: Many are watching the situation unfold. The controversy has been ongoing. Let's start with the structure of the Arbitrum Security Council. You're a member, and in your post, you mentioned this was an incredibly serious decision. Can you walk us through how the whole event unfolded?

Griff Green: Kelp DAO was attacked. There's still debate over whether the primary fault lies with Kelp DAO or LayerZero, but the impact definitely affected Aave. It was a cross-chain bridge attack. About $300 million in tokens, originally on Layer 2, were stolen from the bridge by the hacker, then deposited as collateral into Aave on Ethereum mainnet and Arbitrum to borrow ETH.

The North Korean hackers then held the ETH in their wallet for several days without moving it, which gave us a window to coordinate a rescue. Arbitrum, as a Stage 1 rollup (meaning certain security guarantees are in place but not fully decentralized), has a Security Council. It's a 9-of-12 multisig (9 out of 12 members need to sign to execute). We collaborated with the Seal 911 team (a security emergency response group in the crypto industry) and used emergency powers to transfer the funds from the North Korean-controlled address, freezing them in a new address they couldn't access.

The Foundation of Blockchain

Zack Guzman: I didn't know about the 9-of-12 threshold, and it seems many people didn't know Arbitrum had this capability. I guess you'd rather the North Korean hackers not know about this feature either.

Griff Green: Actually, this is completely public information. I think people have some misconceptions about blockchain technology. The foundation of a blockchain is open-source code, nodes running on servers, and social consensus.

My first project was The DAO. We raised $150 million and then got hacked. For a detailed account, check out Laura Shin's book 'The Cryptopians'; it has 100 pages on this. Ultimately, we did something through an Ethereum network hard fork that was very similar to what we just did on Arbitrum: without the hacker's permission, we broke the rules and transferred the funds from the hacker's wallet.

You can do this on Ethereum, on Bitcoin, on any chain. Because blockchains operate on social consensus. Right now, there's a discussion in the Bitcoin community about freezing Satoshi's coins. If everyone agrees, it can be done.

On Arbitrum, it's slightly different. You don't need to convince all the node operators. There are two paths: ARB token holders can vote to execute the same action, or the Security Council's 9-of-12 multisig can act in emergencies. Before this, the Security Council's powers had only been used to fix bugs and upgrade the protocol. They had never frozen funds before. To my knowledge, this is the first time a major L2 has frozen on-chain funds.

Comparing the Two Events

Zack Guzman: You've experienced the DAO hack and this event. How do they compare?

Griff Green: This one was much easier. The DAO was my own project; getting hacked for $150 million was far more stressful. In this case, I personally didn't lose any funds; I just stepped in as a Security Council member to help.

Also, the infrastructure is so much better now. We could figure out what happened much faster. When The DAO was hacked, we had no idea who the hacker was. This time, Seal 911 was able to contact the FBI and was fairly certain the attackers were North Korean hackers. We had external intelligence through the behind-the-scenes network we've built over the years.

Discussion on Key Issues

Zack Guzman: During the decision-making process, the side favoring inaction meant letting North Korea keep the funds. But conversely, some worry this could have a chilling effect on DeFi. What was the discussion like?

Griff Green: First, there were technical challenges. We spent a lot of time finding a perfect technical solution. Finding that solution was remarkable in itself, and the credit goes to the unsung technical heroes behind the scenes.

Once the technical feasibility was confirmed, we entered the real debate: It's possible, but should we do it?

From my personal standpoint, the attacker was almost certainly North Korea, involving $72 million, and DeFi faced an existential level of risk. My duty is to uphold the Arbitrum Constitution and do what I believe is right for Arbitrum. No one would blame us for choosing inaction; doing nothing was almost zero risk. So it indeed required a bit of a pioneering spirit.

Some people are uncomfortable, thinking, 'Nine people can just do this on-chain.' But let me tell you, getting nine security experts who are inherently extremely risk-averse to agree on an action, after exhausting all potential issues, is much harder than you think. It might be even harder than coordinating mining pools to freeze Satoshi's coins.

The key point is that the system remains decentralized. Not just architecturally, but also in terms of market sentiment and price action. If people don't like our decision, they will sell the token. That's the real foundation of decentralization. The role of market dynamics in this event has been severely underestimated.

Zack Guzman: The Security Council is elected by ARB token holders. Could this event set a precedent that changes people's attitudes towards hacks in the Ethereum ecosystem?

Griff Green: One thing is underrated: Hackers rarely leave funds in one address for two days without moving them. Because they didn't move them, we had a window to act. I can't think of any other hack on Arbitrum with a similar situation. I don't know why they didn't transfer the funds. Maybe they worked for three days, got tired, rested on Sunday, and were late on Monday.

So I think people will be more open to this. Not because it's suddenly technically possible (it always was), but because people saw it happen in practice. L2Beat clearly states that the Security Council has emergency upgrade powers. The hackers could have moved the funds at any time and foiled our plan, but we were lucky.

Security Lessons

Zack Guzman: What about the security lessons learned?

Griff Green: First, technical risk analysis needs to be better. Aave did well in controlling access for low-market-cap, high-volatility tokens, but they were too lenient with liquid staking tokens (LSTs). The underlying asset for these tokens is ETH, which is lower economic risk, but the technical risk side needs more scrutiny. This isn't just Aave's problem; all lending protocols like Morpho, Compound, and Sky need to double down on technical risk analysis.

Kelp DAO's setup had a single point of failure (one-of-one), which is why it's been criticized. But the bigger issue was operational security (opsec); the keys were compromised. North Korea rarely does smart contract-level attacks. Most of the time, they don't attack the code; they attack people. They use social engineering to gain access to computers and keys with special permissions.

There are two ways to address this: First, strengthen security standards. If you manage large sums of money, your computer security should be comparable to that of a CEO at a major traditional tech company. But the crypto industry hasn't reached that level yet.

What to Do with the $72 Million

Zack Guzman: What happens next with the recovered $72 million? Is that also decided by your vote?

Griff Green: Yes, and this will be very interesting. Users in the Aave and Kelp DAO ecosystem will be in a better position, but the specific plan is hard to finalize. DAO coordination is inherently difficult, similar to governments and large organizations, especially without a clear ultimate decision-maker.

Previously, it was Aave and Kelp DAO pointing fingers at each other. Now with Arbitrum involved, it requires collaboration among three DAOs. The good side is that there are actual funds to distribute now. Aave and Kelp DAO can't just pass the buck; they need to publicly develop a plan. How to return this $72 million to users will ultimately be decided by a vote of the Arbitrum DAO token holders.

My personal stance is that unless the funds are returned 100% directly to the users, the Arbitrum DAO should not release them.

It's important to note that the Security Council only acts in emergencies. We deliberately sent the funds to the address 0x0000DAO. The 'DAO' suffix was a purposeful choice, signifying that the money now belongs to the DAO community. I'm also a delegate for the Arbitrum DAO. But the total vote might be around 200 million votes; I have only about 10 million votes, which is roughly 5% voting power. Many others have more weight than me.

Ongoing Projects

Zack Guzman: Let's talk about the projects you're working on now, which are very relevant to the security theme.

Griff Green: After the DAO incident, I've been building in this industry. One platform I helped build is Giveth, helping many non-profits raise funds on Ethereum. I've watched these non-profits lose money in every way imaginable: sending funds to the right address on the wrong chain, getting phished, smart contract vulnerabilities, exchange hacks, etc.

With today's technology, we can absolutely build something more secure than PayPal or banks. The technology is ready. But the reality is, I don't know a single person who had their bank account drained after being phished, yet I know many who lost crypto after being phished.

So we created the DAO Security Fund. The goal is to make Ethereum more secure than banks. We have about $170 million in staked assets, using the staking rewards as a long-term funding source for the security field.

The first round of large-scale grants launches tomorrow. At qf.giveth.io, you can donate to security projects. Based on your donation direction, a $1 million grant pool will be proportionally distributed among various security projects.

But more important than the funding is project discovery. There are hundreds of free, open-source security tools available, but many people don't even know they exist. The core purpose of this round is to bring these projects together in one place so people can discover them. Funding helps these projects survive, but the truly impactful thing is the market signal: which projects are most needed, and which directions deserve more people's effort.

Comparing Circle and Tether

Zack Guzman: When there isn't a mechanism like the Security Council, centralized stablecoin issuers like Circle are forced to face the decision of whether to freeze