DeFi protocols face a stark choice after the $293 million Kelp DAO exploit and $280 million Drift Protocol breach: freeze stolen assets to protect users, or preserve decentralization by letting theft stand. Arbitrum’s security council chose to freeze funds following the Kelp DAO attack, drawing both praise for swift action and criticism for abandoning core DeFi principles. The decision has exposed a fundamental fracture in how the industry defines itself.
Arbitrum Freezes Assets While Industry Fragments
Arbitrum’s 12-member security council voted to freeze stolen funds after the Kelp DAO exploit attributed to North Korean hackers. The move required 9 of 12 multisig members to approve. Other protocols responded differently: Circle, the issuer of USDC, emphasized that it freezes stablecoins only when legally compelled by authorities through lawful process. Tether, which controls the $266 billion combined market cap of USDt and USDC alongside Circle, has taken a faster approach in some instances. THORChain claims its design makes fund freezing impossible by architecture, though security researchers dispute whether this technical constraint is genuine.
The Compliance Officer Problem in Decentralization
The core tension is ideological, not technical. Connor Howe, CEO of Enso, a cross-chain infrastructure project, stated plainly: “The differentiation from a bank compliance officer is less than DeFi idealists will ever admit.” Bernardo Bilotta, CEO of Stables, a stablecoin infrastructure platform, proposed a middle ground: “Freeze capabilities need to be narrowly scoped, time-limited and governed by transparent criteria that existed before the breach occurred.” He added: “A protocol shouldn’t be making up the rules while the house is on fire.” Dante Disparte, Circle’s Head of Global Policy, framed freezing as obligation rather than choice. Wish Wu, CEO of Pharos, a layer-1 network, cut deeper: “In practice, ‘extreme’ is too often defined after the fact by whoever holds the keys, which is exactly the failure mode decentralization was meant to avoid.”
Security Council Control Reveals Centralization Risk
Arbitrum’s decision highlights a structural reality: protocols claiming decentralization often maintain hidden centralization through security councils and multisig structures. When a 9-of-12 council can unilaterally freeze funds, the system functions like a custodian with faster reflexes than traditional finance. The $573 million in combined losses across Kelp DAO and Drift Protocol demonstrates the stakes. Yet no protocol has published clear governance rules defining when freezing is justified or what process determines “extreme” cases.
Next Move: Governance Codification
The industry faces pressure to codify freeze policies before the next exploit. Without transparent pre-attack criteria, each freeze decision will spark the same ideological wars. Protocols that remain silent—including Arbitrum itself, which has not publicly explained its security council’s rationale—risk erosion of trust from both security-conscious users and decentralization purists. The question is no longer whether protocols can freeze funds. It’s whether they will admit they are custodians.
