Web3Nova

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

🚨Arbitrum just recovered $71 MILLION from the Kelp DAO exploiter… But HOW does a “decentralized” L2 have the raw power to freeze and seize hacker funds like that?! Was Arbitrum EVER actually decentralized?! Arbitrum was NEVER fully decentralized. It launched with “training wheels” on purpose and still runs on progressive decentralization (currently Stage 1 on L2Beat). The Security Council used its emergency multisig powers to trace, freeze, and move the funds to a governance-locked wallet - with law enforcement input and zero impact on normal users. This exact power is why it could act. Arbitrum Stopped Being Decentralized Since Aug 2021 (Mainnet Launch) 1. Aug 2021 (Mainnet launch): Fully team-controlled by Offchain Labs. Centralized sequencer + upgrade keys. 2. March 2023 (ARB airdrop + DAO launch): Governance handed to ARB token holders + Arbitrum DAO. Security Council (12-member elected multisig) created for emergency actions. This is when it officially became “progressively decentralized.” 3. 2023–2025: BoLD (permissionless fraud proofs) rolled out → stronger validation. But the Security Council + single sequencer remained in full control. This is the period where real momentum toward full decentralization stalled. 4. Today (2026): Still Stage 1 on L2Beat. Arbitrum stopped short of Stage 2 (no single-entity control). DAO governs day-to-day, but Security Council can upgrade with no delay in emergencies (9/12 signatures), and the sequencer is still operated by the team/foundation. Full Stage 2 remains a distant roadmap goal. Why It’s Not (Fully) Decentralized Security Council: 12 elected members (DAO votes every 6 months) with emergency override powers. They can pause, upgrade, or freeze in crises. Centralized Sequencer: Still run by Offchain Labs/Arbitrum Foundation (single operator risk). Upgrade Control: Council can bypass DAO delays for emergencies. Stage 1 Status (L2Beat): Has “limited training wheels” not fully trustless like Stage 2. Pros of this setup (why it’s actually smart right now): ✅ Real security in crises - $71M recovered instead of lost forever. Hackers get rekt. ✅ User protection - Safety net prevents contagion, dumps, and total loss. ✅ Faster adoption - Institutions & big money prefer chains with accountability. ✅ Progressive path - DAO + elected council + permissionless fraud proofs = measured move to decentralization. ✅ Proven model — Council acted transparently and ethically here. Builds long-term trust. Cons (the real risks): ❌ Centralization risk - Council could be captured or abuse power (censorship, bad upgrades). ❌ Not “code is law” - Some purists hate any human override. ❌ Trust assumptions - You’re trusting 9/12 council members stay honest. ❌ Slower to full decentralization - Still depends on people instead of pure code. ❌ Sequencer centralization - Single point of failure/liveness risk (though not funds risk).

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

🚨Arbitrum just recovered $71 MILLION from the Kelp DAO exploiter… But HOW does a “decentralized” L2 have the raw power to freeze and seize hacker funds like that?! Was Arbitrum EVER actually decentralized?! Arbitrum was NEVER fully decentralized. It launched with “training wheels” on purpose and still runs on progressive decentralization (currently Stage 1 on L2Beat). The Security Council used its emergency multisig powers to trace, freeze, and move the funds to a governance-locked wallet - with law enforcement input and zero impact on normal users. This exact power is why it could act. Arbitrum Stopped Being Decentralized Since Aug 2021 (Mainnet Launch) 1. Aug 2021 (Mainnet launch): Fully team-controlled by Offchain Labs. Centralized sequencer + upgrade keys. 2. March 2023 (ARB airdrop + DAO launch): Governance handed to ARB token holders + Arbitrum DAO. Security Council (12-member elected multisig) created for emergency actions. This is when it officially became “progressively decentralized.” 3. 2023–2025: BoLD (permissionless fraud proofs) rolled out → stronger validation. But the Security Council + single sequencer remained in full control. This is the period where real momentum toward full decentralization stalled. 4. Today (2026): Still Stage 1 on L2Beat. Arbitrum stopped short of Stage 2 (no single-entity control). DAO governs day-to-day, but Security Council can upgrade with no delay in emergencies (9/12 signatures), and the sequencer is still operated by the team/foundation. Full Stage 2 remains a distant roadmap goal. Why It’s Not (Fully) Decentralized Security Council: 12 elected members (DAO votes every 6 months) with emergency override powers. They can pause, upgrade, or freeze in crises. Centralized Sequencer: Still run by Offchain Labs/Arbitrum Foundation (single operator risk). Upgrade Control: Council can bypass DAO delays for emergencies. Stage 1 Status (L2Beat): Has “limited training wheels” not fully trustless like Stage 2. Pros of this setup (why it’s actually smart right now): ✅ Real security in crises - $71M recovered instead of lost forever. Hackers get rekt. ✅ User protection - Safety net prevents contagion, dumps, and total loss. ✅ Faster adoption - Institutions & big money prefer chains with accountability. ✅ Progressive path - DAO + elected council + permissionless fraud proofs = measured move to decentralization. ✅ Proven model — Council acted transparently and ethically here. Builds long-term trust. Cons (the real risks): ❌ Centralization risk - Council could be captured or abuse power (censorship, bad upgrades). ❌ Not “code is law” - Some purists hate any human override. ❌ Trust assumptions - You’re trusting 9/12 council members stay honest. ❌ Slower to full decentralization - Still depends on people instead of pure code. ❌ Sequencer centralization - Single point of failure/liveness risk (though not funds risk).

🚨 LOVABLE HACKED!! Lovable just admitted public projects were showing everyone's private chat messages and code and they called it “unclear documentation.” How to Stay Safe on Lovable (Do This Today): 1. Change ALL your projects from Public Go to Project Settings → Visibility → Switch to Workspace or Restricted. Public = the whole internet can see your chats, code, and history. 2. Never paste real API keys or secrets in the chat Use the Secrets / Environment Variables feature only. Anything in chat history on public (or old vulnerable) projects can be seen. 3. Audit every single project immediately Especially anything created before November 2025 treat them as potentially exposed. Rotate any keys/tokens that might have been in chats or code. 4. Live app is separate danger Even if your Lovable project is now private, add real authentication (login) if it handles user data, payments, or anything sensitive. 5. Run a security review Ask Lovable AI directly: “Review my entire project for security issues” — then fix what it flags (especially Supabase RLS policies). 6. Pro move for serious apps Use Workspace visibility + proper auth + never rely on “it’s just a vibe-coded app” for real user data.