Post #11963

Arbitrum just rugged the North Koreans for $71M – possibly the most important DeFi recovery of 2026 This night Arbitrum's Security Council forcibly moved 30,766 ETH (~$71M) out of the KelpDAO exploiter's wallet on Arbitrum One – without the attacker's private key, without a reorg, without rewriting history. The mechanism: an ArbitrumUnsignedTxType (EIP-2718 type 0x65) – privileged ArbOS system tx only the chain itself can inject through the sequencer, controlled by the 12-of-N Security Council. The attacker's key still signs – but the chain moved the ETH. Functionally a state-level clawback, reserved in Arbitrum's docs for "catastrophic emergencies." First clear public use. Funds now sit in a protocol-controlled recovery sink, movable only via further Arbitrum governance. What it means: • Lazarus-linked attacker lost the entire Arbitrum leg of the cashout • ~75,700 ETH on Ethereum mainnet is still in attacker hands, outside Arbitrum's reach • Aave still faces ~$230M in potential bad debt on the Ethereum side • Umbrella slashing on aWETH stakers is still loaded The uncomfortable question: Arbitrum just proved the Security Council can override any wallet when it deems the situation “catastrophic”. Against state-sponsored theft, clean call. But the precedent is now public – L2 Security Councils have functional state-rewrite power, and it works. Net positive for DeFi: $71M recovered, North Korea down a meaningful slug, exploiters lose the assumption that bridging to an L2 is safe parking. For the “L2s are decentralized” pitch, more complicated. The override worked exactly as designed. 🔗x.com/arbitrum/status/2046435443680346189 Top 7 Ecosystem:Alpha| X | Aggregator