Exclusive Interview with an Arbitrum Security Council Member: Why Did We Activate the “God Mode” to Freeze $72 Million Stolen by North Korean Hackers?
TechFlow Selected TechFlow Selected
Exclusive Interview with an Arbitrum Security Council Member: Why Did We Activate the “God Mode” to Freeze $72 Million Stolen by North Korean Hackers?
If freezing North Korean funds could make Circle money, they would certainly do it.
Navigating Web3 tides with focused insightsCompiled & Translated by TechFlow
Guest: Griff Green, Member of the Arbitrum Security Council
Host: Zack Guzman
Podcast Source: Coinage
Original Title: Why Arbitrum Decided To Take Back $72M North Korea Stole
Air Date: April 23, 2026
Editor’s Note
Over the past few days, Ethereum and the broader crypto community have been closely watching the hack targeting Kelp DAO—a liquid re-staking protocol—and its ripple effects on Aave, a decentralized lending platform.
The Arbitrum Security Council exercised emergency authority to freeze and recover approximately $72 million in assets from addresses suspected to be controlled by North Korean hackers. This marks the first time in the crypto industry that an L2 chain has activated “god-mode” permissions to freeze funds held at a specific address. Prior to this podcast episode, community sentiment was sharply divided: while many acknowledged Arbitrum had done the right thing, others raised serious concerns about the implications of granting any chain the power to unilaterally seize assets—questioning both the boundaries of such authority and Arbitrum’s commitment to decentralization.
This episode’s guest is Griff Green—one of the members of Arbitrum’s Security Council empowered to make such decisions. Griff was also a direct participant in the 2016 DAO hack and one of the key drivers behind Ethereum’s hard fork. In this interview, he directly criticizes Circle—the issuer of USDC—for its “persistent inaction” during the North Korean hack incident, contrasting Circle’s passivity with Tether’s proactive freezing of North Korean funds, and arguing that Circle’s decision-making logic is purely driven by financial statements.
Key Quotes
“Immutability” of blockchains is a misconception
- “People assume blockchains are immutable, but in reality, they operate on social consensus. If everyone agrees to upgrade the protocol, the rules can change—just as they have for Ethereum and Bitcoin.”
- “That’s why some in the Bitcoin community are now discussing freezing Satoshi Nakamoto’s coins. Technically, it’s fully feasible—because blockchains aren’t absolutely immutable; they’re governed by rules.”
The true foundation of decentralization lies in market behavior
- “If people dislike our decision, they’ll sell their tokens. If the Bitcoin network coordinated to steal users’ funds, holders would clearly dump their holdings. The real bedrock of decentralization is market behavior—a role that’s been severely underestimated in this context.”
- “Frankly, no one would blame us for doing nothing. Doing nothing carries almost zero risk—so you need a bit of willingness to take risks.”
North Korea’s hacking pattern
- “North Korea rarely attacks at the smart contract layer. Most often, their targets aren’t code—but people. They use social engineering to identify individuals holding privileged keys, then gain access to their computers and private keys.”
- “I don’t know why they left the funds sitting in one address for two days without moving them. Maybe they worked three days straight, took Sunday off, and showed up late on Monday—that gave us our window.”
Circle vs. Tether
- “Let me be unequivocal: There are clearly no ‘good people’ at Circle—because they’ve consistently chosen inaction. By contrast, Tether has repeatedly frozen North Korean funds, recovering far more than $70 million.”
- “Circle’s origins lie not in crypto-native culture, but in Goldman Sachs. So their decision logic boils down to one question: ‘Does this look good on our balance sheet?’ If freezing North Korean funds could generate profit, they’d do it in a heartbeat.”
Security remains the biggest barrier to mainstream crypto adoption
- “With today’s technology, we can absolutely build something safer than PayPal or traditional banks. Take banking and PayPal’s infrastructure, remove the custodians, and rebuild it as non-custodial—we already have the technical capability.”
- “I don’t know a single person whose bank account was drained after falling for a phishing scam—but I know many who lost crypto the same way.”
- “I’ve spent years building for the public good—trying to create something better than government—but I keep hitting the same wall: this technology still isn’t safe enough for ordinary people to use. Yet now, we have a massive opportunity to change that.”
Activating God-Mode
Zack Guzman: Many people are following developments closely—and controversy hasn’t subsided. Let’s start with the Arbitrum Security Council’s structure. You’re a council member, and in your post you described this decision as extremely serious. Could you walk us through how this unfolded?
Griff Green: Kelp DAO was attacked. Whether primary responsibility lies with Kelp DAO itself or with LayerZero—the cross-chain messaging protocol—is still debated. But the impact spilled over to Aave. This was a cross-chain bridge attack: roughly $300 million in tokens on Layer 2 were stolen via the bridge and deposited into Aave on Ethereum mainnet and Arbitrum as collateral to borrow ETH.
After obtaining ETH, the North Korean hackers held it in their wallet for several days without moving it—giving us a critical window to coordinate a response. Arbitrum, currently operating as a Stage 1 rollup (meaning it offers certain security guarantees but is not yet fully decentralized), has a Security Council. It operates under a 9-of-12 multisig scheme—requiring signatures from nine out of twelve members to execute actions. Working alongside Seal 911—an emergency response team serving the crypto industry—we leveraged emergency authority to transfer funds out of the North Korean-controlled addresses and freeze them into new addresses inaccessible to the attackers.
The Foundation of Blockchains
Zack Guzman: I wasn’t aware of the 9-of-12 threshold before—many people apparently weren’t either. And you probably wouldn’t want North Korean hackers knowing about this feature.
Griff Green: Actually, this information is fully public. I think there’s a widespread misunderstanding about blockchain technology. Blockchains rest on three pillars: open-source code, nodes running on servers, and social consensus.
My first project was The DAO. We raised $150 million—and then got hacked. For deeper context, check Laura Shin’s book The Cryptopians, which dedicates 100 pages to this event. Ultimately, we executed an Ethereum hard fork—a move strikingly similar to what we just did on Arbitrum: breaking the rules without the hacker’s consent to move funds out of their wallet.
This is possible on Ethereum, Bitcoin, and any blockchain—because blockchains fundamentally run on social consensus. Today, some in the Bitcoin community are even debating freezing Satoshi’s coins—if everyone agreed, it could happen.
What makes Arbitrum slightly different is that you don’t need to convince every node operator across the network. Instead, there are two paths: ARB token holders can vote to execute the same action—or the Security Council’s 9-of-12 multisig can act in emergencies. Until now, the Security Council’s authority had only ever been used to fix bugs and upgrade protocols—not to freeze funds. To my knowledge, this is the first time a major L2 has frozen on-chain funds.
Comparing Two Incidents
Zack Guzman: You experienced both The DAO hack and this incident firsthand. How do they compare?
Griff Green: This one felt much easier. The DAO was my own project—I lost $150 million. The pressure was immense. This time, I personally suffered no financial loss; I simply stepped in as a Security Council member to help.
Also, infrastructure has improved dramatically—enabling faster diagnosis of what happened. During The DAO hack, we had no idea who the attacker was. This time, Seal 911 collaborated with the FBI and confirmed with high confidence that the attackers were North Korean. Through networks built over years, we accessed intelligence beyond the ecosystem.
Key Discussion Points
Zack Guzman: In deliberations, one side argued for inaction—leaving the funds with North Korea. Conversely, others worried this could chill DeFi innovation. How did those discussions unfold?
Griff Green: First came the technical challenge. We spent considerable time identifying a technically flawless solution—and finding one at all was remarkable. Credit goes to the unsung technical heroes behind the scenes.
Once technical feasibility was confirmed, the real debate began: “We *can* do it—but *should* we?”
From my perspective, the attacker was almost certainly North Korea, the amount involved was $72 million, and DeFi faced existential risk. My duty is to uphold the Arbitrum Constitution—to do what I believe is right for Arbitrum. No one would blame us for doing nothing; inaction carries near-zero risk. So yes—this truly required a willingness to take risks.
Some may feel uneasy about “nine people wielding such power on-chain.” But let me tell you: getting nine deeply risk-averse security experts to unanimously agree on any action—after exhaustively vetting all potential pitfalls—is far harder than you imagine. It might even be harder than coordinating mining pools to freeze Satoshi’s coins.
The crucial point is that the system remains decentralized—not just architecturally, but also in terms of market sentiment and price behavior. If people dislike our decision, they’ll sell their tokens. That’s the real foundation of decentralization—and the role of market dynamics here has been severely underestimated.
Zack Guzman: The Security Council is elected by ARB token holders. Could this incident set a precedent that shifts how the Ethereum ecosystem handles future hacks?
Griff Green: One point being overlooked: hackers rarely leave funds untouched in one address for two full days. It was precisely because they didn’t move them that we gained our operational window. I can’t recall any prior hack on Arbitrum where this occurred. I don’t know why they delayed transferring funds—maybe they worked three days straight, took Sunday off, and arrived late on Monday.
So I think people will become more open-minded about this—not because it’s newly technically possible (it always was), but because they’ve now witnessed it in practice. L2Beat—the Ethereum Foundation–sponsored L2 security assessment project—clearly states the Security Council holds emergency upgrade authority. Hackers could have moved funds at any moment, undermining our efforts—but we were lucky.
Security Lessons
Zack Guzman: What security lessons emerge from this?
Griff Green: First, technical risk analysis must improve. Aave handled access control for low-market-cap, high-volatility tokens well—but was too permissive with liquid staking tokens (LSTs). While their underlying asset is ETH—and thus economically lower-risk—their technical risk profile demands stricter scrutiny. This isn’t just Aave’s problem: Morpho, Compound, Sky, and all lending protocols must double down on technical risk analysis.
Kelp DAO’s architecture contained a single point of failure (“one-of-one”—meaning breaching one critical node sufficed)—a flaw drawing criticism. But the larger issue was operational security (opsec): compromised keys. North Korea rarely attacks at the smart contract level; most often, they target people—not code—using social engineering to gain access to privileged computers and keys.
There are two responses: First, raise security standards. If you manage large sums, your computer’s security posture should match that of a Fortune 500 CEO’s—but the crypto industry hasn’t achieved that yet.
What Happens to the $72 Million?
Zack Guzman: How will the recovered $72 million be handled? Is that also decided by vote?
Griff Green: Yes—and this will be fascinating. Users of Aave and the Kelp DAO ecosystem will benefit, but determining the precise distribution path is challenging. Coordination within DAOs is notoriously difficult—similar to governments and large institutions—especially when no single entity holds final decision-making authority.
Previously, Aave and Kelp DAO pointed fingers at each other. Now, with Arbitrum involved, three DAOs must collaborate. The upside is that actual funds are now on the table—so Aave and Kelp DAO can’t just deflect blame. They’ll need to publicly co-develop a plan. Ultimately, how the $72 million is returned to users will be decided by a vote among Arbitrum DAO token holders.
My personal stance is that Arbitrum DAO should not release these funds unless they are returned 100% directly to users.
Note that the Security Council acts only in emergencies. We deliberately sent the funds to an address ending in “0x0000DAO”—the “DAO” suffix was intentional, signaling that these funds now belong to the DAO community. I’m also a delegate for the Arbitrum DAO—but with roughly 10 million votes out of ~200 million total, I hold only about 5% voting weight. Many others hold greater influence.
Current Projects
Zack Guzman: Tell us about your current projects—they’re highly relevant to security.
Griff Green: Since The DAO incident, I’ve remained active building in this space. I helped build Giveth—a decentralized donation platform enabling numerous nonprofits to raise funds on Ethereum. I’ve watched these organizations lose money in every conceivable way: sending funds to correct addresses on wrong chains, falling for phishing scams, smart contract vulnerabilities, exchange hacks, and more.
With today’s technology, we can absolutely build something safer than PayPal or banks. The tech is ready. Yet in reality, I don’t know anyone whose bank account was emptied after a phishing scam—but I know many who lost crypto the same way.
So we launched the DAO Security Fund—to make Ethereum safer than banks. We hold roughly $170 million in staked assets, using staking yields as a sustainable long-term funding source for security initiatives.
Our first major round of grants launches tomorrow. At qf.giveth.io, you can contribute to security projects. Based on your contribution patterns, a $1 million grant pool will be proportionally allocated across participating security projects.
But more important than funding is project discovery. Hundreds of free, open-source security tools exist—but many people don’t even know they exist. This round’s core goal is to aggregate these tools in one place so users can find them. Funding helps projects survive—but the real impact comes from market signals: which projects are most needed, and which directions warrant greater investment.
Circle vs. Tether Revisited
Zack Guzman: When mechanisms like the Security Council don’t exist, centralized stablecoin issuers—like Circle—are forced to decide whether or not to freeze assets. How do you view these two models?
Griff Green: If you have the ability to solve a problem, you bear responsibility to solve it. As the old saying goes: “All that is necessary for evil to triumph is that good men do nothing.”
Let me be unequivocal: There are clearly no “good people” at Circle—they’ve consistently chosen inaction. By contrast, Tether has repeatedly frozen North Korean funds, recovering far more than $72 million.
You might expect the opposite—but I believe it stems from Tether’s founding team being DeFi-native and crypto-native, retaining old-school crypto values. Circle’s roots lie in Goldman Sachs, so its decision logic reduces to one question: “Does this look good on our balance sheet?” If freezing North Korean funds could boost profits, they’d do it instantly.
I’m no Tether extremist—I lean strongly toward decentralization. But Circle’s conduct here is genuinely baffling. I wonder whether we’ll need collective USDC dumping to send them a strong enough market signal. North Korea’s attacks don’t just erode our portfolios—they threaten real-world security. Everyone suffers from failing to stop North Korea.
Zack Guzman: The political complexity of the blockchain world exceeds what many realize.
Griff Green: Exactly. You might assume it’s purely financial or deeply technical—but it involves extensive political discourse: self-regulation, building society atop new foundational frameworks—it’s profoundly deep. Yet every time I try bringing these ideas into the real world, I hit the same wall: security.
Attacks on major protocols by North Korea represent one dimension. But countless lower-level issues persist: impersonation scams mimicking Coinbase customer support, UX improvements waiting to be made—many problems aren’t nation-state attacks, but simply reflect that our own technology isn’t yet polished.
I entered crypto in 2013 and earned the first master’s degree in cryptocurrency in 2016. I’ve spent my career building for the public good—attempting to create something better than government—but I keep colliding with the same obstacle: this technology still isn’t safe enough for ordinary people to use. Yet now, we have a tremendous opportunity to change that.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
深潮TechFlow
