Arbitrum published an April 21 Security Council emergency action tied to the KelpDAO exploit, turning the recovery process into a protocol-ops item for Radar readers.
The important discovery angle is not only the frozen funds. It is how the emergency action, later governance process and chain-level trust assumptions are now part of the protocol research trail.
What Happened
The Arbitrum forum post says the Security Council executed an emergency action to freeze 30,765.667501709008927568 ETH held by the KelpDAO exploiter on Arbitrum One. The funds were moved to a designated address, and any release requires a subsequent Arbitrum Governance action coordinated with relevant parties.
The post also describes the technical route: an atomic action upgraded the inbox contract, added a temporary function for the action, moved the funds, then returned the contract to its original implementation. Decrypt also reported the freeze and framed it as an emergency response that prompted debate around decentralization and recovery powers.
Why It Matters
For protocol discovery, this is a major chain-ops signal. Emergency powers can reduce loss during a live incident, but they also define what users and protocols are trusting when assets move across an L2 ecosystem.
Radar should treat this as separate from the original KelpDAO exploit coverage because the event has shifted from exploit attribution to governance, signer authority and recovery process. Those are different operational questions for dapps and treasury teams.
What To Watch Next
Watch for a formal governance proposal, any statement from KelpDAO or affected lending protocols, and whether the frozen funds are routed through a recovery process or legal coordination path.
The second watch item is precedent. Future protocol assessments on Arbitrum should note how emergency action works, how transparent the post-action reporting is, and whether governance gets a clear vote before funds move again.
Continue this cluster
The April 21 DeFi incident-response cluster tracks how chains, councils and protocols handle recovery after cross-chain security events.
