Cuộc trò chuyện với thành viên Ủy ban An ninh Arbitrum: Lý do chúng tôi kích hoạt "quyền tối thượng" để đóng băng quỹ của tin tặc Triều Tiên

Curated & Translated by: Deep Tide TechFlow

Guest: Griff Green, Member of the Arbitrum Security Council

Host: Zack Guzman

Podcast Source: Coinage

Original Title: Why Arbitrum Decided To Take Back $72M North Korea Stole

Air Date: April 23, 2026

Editor's Introduction

Over the past few days, Ethereum and the entire crypto community have been focused on the incident where Kelp DAO, a liquid restaking protocol, was hacked, subsequently impacting Aave, a decentralized lending platform.

The Arbitrum Security Council used its emergency powers to freeze and recover approximately $72 million in assets from an address suspected to be controlled by North Korean hackers. This marks the first instance in the crypto industry where an L2 has activated "god-mode permissions" to freeze funds from a specific address. Before this podcast, community opinions were divided, with the core controversy being that while Arbitrum did the right thing, the ability for a chain to "move assets from an address" raises doubts about its power boundaries and decentralization.

The guest on this podcast is Griff Green, a member of the Security Council that authorized this decision. Additionally, Griff experienced the 2016 The DAO hack firsthand and was a key proponent of the Ethereum hard fork. In the interview, he directly criticized Circle (the issuer of USDC) for its "continued inaction" regarding North Korean hackers and contrasted it with Tether's proactive freezing actions, arguing that Circle's decision-making is purely driven by financial statements.

Key Quotes

Blockchain's 'Immutability' Is a Misconception

• "People think blockchains are immutable, but in reality, blockchains operate on social consensus. If everyone agrees to upgrade the protocol, the rules can be changed. This is true for Ethereum, Bitcoin, and others."
• "That's why there are now discussions in the Bitcoin community about freezing Satoshi's coins. This is technically feasible because blockchains were never absolutely immutable; they just have rules."

The True Foundation of Decentralization is Market Behavior

• "If people don't like our decisions, they will sell their tokens. If the Bitcoin network coordinated to steal people's money, holders would obviously sell. The real foundation of decentralization is market behavior, and the role of market dynamics in this matter is severely underestimated."
• "Honestly, no one would blame us for doing nothing. Doing nothing carries almost no risk, so it requires a bit of a willingness to take a risk."

North Korean Hacker Attack Vector

• "North Korea rarely attacks at the smart contract level. Most of the time, they don't attack the code; they attack people. They use social engineering to find key holders with special permissions and gain access to their computers and keys."
• "I don't know why they left the funds in one address for two days without moving them. Maybe they worked for three days straight and took Sunday off, then overslept on Monday. That was our window."

Circle vs. Tether

• "Let me be very clear: There are clearly no good people at Circle. Because they consistently choose inaction. On the other hand, Tether continuously freezes North Korean funds and has recovered far more than $70 million."
• "Circle's origin isn't crypto-native; it's Goldman Sachs. So their decision-making logic is: does this look good on the balance sheet? If freezing North Korean funds made them money, they would definitely do it."

Security is the Biggest Hurdle for Crypto Adoption

• "With today's technology, we can absolutely build something safer than PayPal or banks. Take the infrastructure of banks and PayPal, remove the custodians, make it non-custodial – the technology is already there."
• "I don't know a single person who has had money stolen from their bank account after being phished. But I know many people who lost crypto after being phished."
• "I've been building for the public good, trying to create something better than the government, but I keep hitting the same wall: this technology currently can't be used safely by ordinary people."

Activating God Mode

Zack Guzman: Many people are watching the situation unfold. The controversy hasn't stopped either. Let's start with the structure of the Arbitrum Security Council. You're a member, and in your post, you mentioned this was a very serious decision. Can you walk us through how the whole event unfolded?

Griff Green: Kelp DAO was attacked. There's still debate over whether primary responsibility lies with Kelp DAO or LayerZero (a cross-chain messaging protocol), but the impact definitely reached Aave. It was a cross-chain bridge attack. Approximately $300 million worth of tokens were stolen from the bridge on L2 and then deposited as collateral into Aave on Ethereum mainnet and Arbitrum to borrow ETH.

After the North Korean hackers got the ETH, they left it in their wallet for several days without moving it, giving us a window to coordinate a rescue. Arbitrum, as a Stage 1 rollup still under development (meaning it has certain security guarantees but isn't fully decentralized yet), has a Security Council. It's a 9-of-12 multisig (9 signatures out of 12 members required to execute actions). We collaborated with the Seal 911 team (a security emergency response group in the crypto industry) and used emergency powers to transfer the funds out of the North Korean-controlled address, freezing them in a new address they couldn't access.

The Foundation of Blockchain

Zack Guzman: I didn't know about the 9-of-12 threshold; it seems many people also didn't know Arbitrum had this capability. You probably didn't want the North Korean hackers to know about this function either.

Griff Green: Actually, this is completely public information. I think there are some misconceptions about blockchain technology. The foundation of blockchain is open-source code, nodes running on servers, and social consensus.

My first project was The DAO. We raised $150 million and then got hacked. For details, you can read Laura Shin's "The Cryptopians," which has a hundred pages dedicated to this. Eventually, we performed a hard fork on the Ethereum network, doing something very similar to what we just did on Arbitrum: breaking the rules without the hacker's permission to move funds out of the hacker's wallet.

This can be done on Ethereum, Bitcoin, and any chain. Because the essence of a blockchain is that it runs on social consensus. Right now, there are discussions in the Bitcoin community about freezing Satoshi's coins. If everyone agrees, it can be done.

The slight difference on Arbitrum is that it doesn't require convincing all network node operators. Instead, there are two paths: ARB token holders can vote to execute the same action, or the Security Council's 9-of-12 multisig can act in emergencies. Before this, the Security Council's powers were only used to fix bugs and upgrade the protocol, never to freeze funds. As far as I know, this is also the first time a major L2 has frozen funds on-chain.

Comparing the Two Events

Zack Guzman: You experienced both The DAO hack and this event. How do the two compare?

Griff Green: This one was much easier. The DAO was my own project. Getting hacked for $150 million was significantly more stressful. This time, I didn't have any personal financial loss; I just stepped in as a Security Council member to help out.

Moreover, the infrastructure is much better now, allowing us to figure out what happened much faster. When The DAO was hacked, we had no idea who the attackers were. This time, Seal 911 was able to contact the FBI, which basically confirmed the attackers were North Korean hackers. Through the behind-the-scenes network we've built over the years, we gained intelligence from outside the ecosystem.

Key Discussion Points

Zack Guzman: During the decision-making discussion, one side was letting North Korea keep the funds by doing nothing. But conversely, some worried this would have a chilling effect on DeFi. What was the discussion process like?

Griff Green: First, there were technical challenges. We spent a significant amount of time finding a perfect technical solution. The fact that we found this solution is remarkable in itself, and the credit goes to the technical heroes behind the scenes.

Only after confirming the technical feasibility did we enter the real discussion: We could do it, but should we?

From my personal standpoint, the attacker was almost certainly North Korea, involving $72 million, and DeFi faced an existential-level risk. My duty is to uphold the Arbitrum Constitution and do what I believe is right for Arbitrum. No one would blame us for choosing inaction; doing nothing is almost risk-free. So it did require a bit of a willingness to take a risk.

Some people feel uncomfortable, thinking, "Nine people can just do this on the chain." But let me tell you, getting nine security experts, who are inherently extremely risk-averse, to agree on doing something, after exhausting all potential issues, is much harder than you think. It might be even harder than coordinating mining pools to freeze Satoshi's coins.

The key point is that the system remains decentralized. This is reflected not only in the architecture but also in market sentiment and price action. If people don't like our decisions, they will sell their tokens. This is the real foundation of decentralization, and the role of market dynamics in this matter is severely underestimated.

Zack Guzman: The Security Council is elected by ARB token holders. Could this event set a precedent and change people's attitudes towards hacking incidents in the Ethereum ecosystem?

Griff Green: One thing is underestimated: Hackers rarely leave funds in one address for two days without moving them. It was precisely because they didn't move them that we had a window of action. I can't recall any previous hack on Arbitrum with a similar situation. I don't know why they didn't move the funds. Maybe they worked for three days, got tired, rested on Sunday, and overslept on Monday.

So, I think people will be more open to this now. Not because it technically became possible (it was always possible), but because people saw it happen in practice. L2Beat (an L2 security assessment project sponsored by the Ethereum Foundation) clearly states that the Security Council has emergency upgrade powers. The hackers could have moved the funds at any time and made our efforts futile, but we got lucky.

Security Lessons

Zack Guzman: What about the security lessons learned?

Griff Green: First, technical risk analysis needs to be better. Aave does a good job controlling access for low-market-cap, high-volatility tokens, but it was too relaxed with liquid staking tokens (LSTs). The underlying asset for these tokens is ETH, so the economic risk is indeed lower, but the technical risk needs stricter scrutiny. This isn't just Aave's problem; it's a problem for all lending protocols like Morpho, Compound, Sky, etc. They all need to double down on technical risk analysis.

Kelp DAO's setup had a single point of failure (one-of-one), which is why it was criticized. But the bigger issue was operational security (opsec), meaning the keys were compromised. North Korea rarely attacks at the smart contract level; most of the time, they attack the people, not the code. They use social engineering to gain access to computers and keys with special permissions.

There are two ways to respond: First, strengthen security standards. If you manage large sums of money, your computer security level should be like that of a CEO at a major traditional tech company. But the crypto industry hasn't reached that level yet.

How to Handle the $72 Million

Zack Guzman: What happens next with the recovered $72 million? Will you vote on that too?

Griff Green: Yes, and this will be very interesting. The situation for users in the Aave and Kelp DAO ecosystems will improve, but the specific plan is hard to decide. Coordination within a DAO is inherently difficult, just like with governments and large organizations, especially without a clear final decision-maker.

Previously, it was just Aave and Kelp DAO blaming each other. Now, with Arbitrum added, it becomes a three-DAO coordination problem. The good side is that there are actual funds to distribute now. Aave and Kelp DAO can't just pass the buck anymore; they need to publicly develop a plan. How this $72 million is returned to users will ultimately be decided by a vote of Arbitrum DAO token holders.

My personal stance is that unless it's 100% directly returned to users, the Arbitrum DAO should not release these funds.

It's important to clarify that the Security Council only acts in emergencies. We deliberately sent the funds to the address 0x0000DAO. The 'DAO' suffix was intentional, meaning this money now belongs to the DAO community. I am also a delegate for the Arbitrum DAO. But the total voting power might be 200 million votes, and I only have about 10 million, which is about 5%. There are many people with more sway than me.

Current Projects

Zack Guzman: Tell us about the projects you're working on now. They seem very relevant to the security theme.

Griff Green: I've been building in this industry since the DAO event. One platform I helped build is called Giveth (a decentralized donation platform). It helps many non-profits raise funds on Ethereum. I've watched these non-profits lose money in every way imaginable: sending funds to the right address but the wrong chain, getting phished, smart contract exploits, exchange hacks, etc.

With today's technology, we can absolutely build something safer than PayPal or banks. The technology is there. But the reality is, I don't know a single person who has had money stolen from their bank account after being phished, but I know many people who lost crypto after being phished.

So we created the DAO Security Fund. The goal is to make Ethereum safer than banks. We have approximately $170 million in staked assets, and the staking rewards provide a long-term funding source for the security space.

The first round of large-scale grants launches tomorrow. At qf.giveth.io, you can donate to security projects. Based on your donation directions, a $1 million matching pool will be distributed proportionally to various security projects.

But more important than the funds is project discovery. There are hundreds of free, open-source security tools out there, but many people don't even know they exist. The primary goal of this round is to bring these projects together in one place so people can discover them. Money helps these projects survive, but what really has impact is the market signal: which projects are most needed and which directions deserve more people's effort.

Comparing Circle and Tether