A post-hack intervention on Arbitrum has triggered renewed scrutiny of how much control actually exists within leading layer-2 networks, after funds linked to the $292 million KelpDAO exploit were frozen by governance actors.
Charles Guillemet, chief technology officer at Ledger, today said the move highlights a structural reality: many scaling networks rely on trusted groups that can intervene in exceptional cases.
Two days after the exploit, Arbitrum’s Security Council froze 30,766 ETH tied to the attacker. The assets were moved to an intermediary wallet and can only be accessed through further governance decisions.
Emergency powers override code
In a detailed post on X, Guillemet described the action as a “state-changing,” where human-controlled keys were used to override on-chain behavior. No vulnerability in the smart contracts was exploited to execute the freeze itself.
Such mechanisms are not hidden. Arbitrum and similar networks operate with upgradeable systems and emergency controls, often managed by multisignature wallets. According to industry frameworks, most major rollups remain in early decentralization stages, where trusted parties retain influence over system operations.
This includes networks like Optimism and zkSync, which also rely on governance structures capable of intervening under defined conditions.
KelpDAO exploit triggers broader fallout
The intervention followed one of the largest DeFi incidents this year. The KelpDAO exploit saw roughly 116,500 rsETH tokens minted without backing and used as collateral across lending platforms.
The attack stemmed from a cross-chain bridge issue tied to LayerZero infrastructure. By forging transaction messages, the attacker created unbacked assets and leveraged them within the ecosystem.
The impact spread quickly. Aave absorbed significant losses as the fake collateral was used to borrow real assets, leaving an estimated $177 million to over $200 million in bad debt. The event also triggered a wave of withdrawals, with billions in ETH exiting Aave and its total value locked dropping sharply within days.
Decentralization claims face scrutiny
For Guillemet, the freeze did not break the system; it exposed its underlying assumptions. While such interventions can limit damage, they also demonstrate that user balances may be subject to governance decisions.
He argued that much of the current DeFi stack operates with varying degrees of permissioning, despite the broader narrative of decentralization. Upgradeable contracts, oracle dependencies, and multisig governance remain common across ecosystems.
Security trade-offs remain unresolved
The incident highlights a core tension in blockchain design: fully permissionless systems are harder to defend, while governed systems introduce trust assumptions. In this case, the freeze likely prevented further movement of compromised funds. At the same time, it confirmed that layer-2 networks can rely on human intervention when under stress.
The longer-term solution, according to Guillemet, lies in stronger cryptographic guarantees, particularly systems based on validity proofs, where outcomes are enforced by mathematics rather than governance.
A turning point for L2 transparency
The incident has renewed calls for clearer disclosure around how different networks operate. As users move across chains, understanding the level of decentralization, and who can intervene, has become more relevant.
For now, the Arbitrum freeze stands as a reminder that scalability has come with trade-offs, and that the line between decentralization and control remains unsettled.
Also Read: A $292 Million Wake-Up Call: Inside KelpDAO Hack That Exposed DeFi’s Fragility
