Arbitrum Security Council took action following the security breach in KelpDAO last week and emergency frozen more than 30,000 ETH associated with the attack. Although the decision was presented as an important step in terms of user protection, it once again brought into question the limits of the concept of “decentralization” in the crypto ecosystem.
Centralism and the Security Impasse
Security Council is a board of 12 people elected by token holders every six months at Arbitrum and has the authority to step in in case of emergency. Using this authority, the Council took control of the assets seized in the KelpDAO attack and made it impossible to use these Ethereums. While this step was seen as a quick intervention to prevent possible theft and prevent the user from being harmed, concerns about the ability of a few people in a decentralized structure to radically manipulate the network came to the fore in some circles.
Supporters argued that the laundering of millions of dollars of funds was prevented and time was gained to recoup losses. Those who oppose this emphasized that the system can come under the control of a single or small number of actors at critical moments; In other words, a central power can come into play even after the transaction is completed.
The Process Behind Urgent Decisions
According to Steven Goldfeder, a co-founder of Offchain Labs, the developer of Arbitrum, the Security Council’s initial approach was to do nothing. Goldfeder stated that at the beginning of the process, the board discussed remaining passive, but the process took shape with the idea of ”minimum intervention” from a member. With the decision taken, the assets under the control of the attacker were transferred to a wallet that did not belong to anyone and became inaccessible.
This technical intervention is described as a more active and effective measure than the expression “freezing”. However, such privileged interventions bring about discussions about decentralization. Although the principle of “code is law” is often advocated in the crypto world, the fact that a small group can affect the network in extraordinary situations such as an attack worries many users.
Community Representation and Governance
Arbitrum Foundation research officer Patrick McCorry stated that the Security Council is a completely transparent part of the system. According to McCorry, council members are elected by the community and the powers they have are clearly visible. Currently, council members are determined every 6 months by on-chain votes, and in this structure, the aim is to transfer authority on behalf of the community.
Some critics argued that such a major decision should have been made in consultation with all token holders. However, Goldfeder points out that speed and privacy are critical in such situations. He pointed out that if the DAO was consulted, the attackers would take action and could smuggle the funds more easily.
Goldfeder shared his assessment: “You cannot consult the DAO. As soon as you do this, the attackers will be informed and take action. In this case, you will have done nothing.”
After the incident, research that traces of the attack may be linked to North Korea was also mentioned. As a matter of fact, following the rapid intervention of the Security Council, it was observed that the attackers began to put the remaining ETHs into circulation.
The events demonstrated once again that the balance between decentralization and the need for urgent intervention is not easy to establish. The powers given to security boards for user protection and ecosystem security have the potential to conflict with the fundamental principles of crypto in the long term. This shows that discussions on how to manage similar events will continue in the future.
