Crypto faces backlash both for freezing stolen funds and for doing nothing, with expectations pulling in opposite directions.
Decentralized finance (DeFi) protocols are increasingly stepping in to freeze stolen assets, while centralized issuers face criticism for slower or more limited responses. The tension is exposing deep disagreements about who should have the power to act — and when.
A recent intervention on Arbitrum saw attacker-linked assets frozen following a major exploit, while some stablecoin issuers, including Circle, have faced public backlash for their more cautious approach in similar situations.
Connor Howe, CEO and co-founder of cross-chain infrastructure project Enso, argued that crypto protocols are not fundamentally different from centralized platforms or banks if a small group of people can freeze funds. The debate, he suggested, is not the usual clash between decentralization and centralization, but about who gets to intervene and how quickly they can act — a distinction that, in practice, can determine whether stolen funds are stopped or slip through.
The Limits of Decentralization in DeFi
The industry is split on whether protocols that describe themselves as decentralized should be able to freeze funds during exploits. Protocols like THORChain have stated they cannot freeze funds by design, even in the event of an exploit — though security researchers have questioned that claim, pointing to past cases where intervention did occur.
Bernardo Bilotta, CEO of stablecoin infrastructure platform Stables, said the freeze function is necessary but must operate within clear constraints. "A protocol shouldn't be making up the rules while the house is on fire," he said, characterizing the choice of "philosophical purity" over user protection as "negligence."
The recent $293 million Kelp DAO exploit brought those discussions back into the spotlight when Arbitrum froze some of the stolen funds linked to suspected North Korean hackers. Some in the industry said the decision cut against DeFi's core principles. The Ethereum layer-2 network has a 12-member security council with the ability to carry out certain changes to the protocol. In emergency situations, it can act through nine of the 12 members in its multisig wallet. Security council members are voted on by the network's decentralized autonomous organization.
Howe said that transparency in how such security councils operate can still distinguish DeFi platforms from traditional finance or centralized counterparts. "There should be transparency in every protocol around who holds the keys, and the safeguards in place to prevent them from going rogue. If there's no clear distinction, then it's a vague claim of decentralization," he said.
Centralized Issuers Face Different Constraints
Centralized stablecoins are among the most-traded cryptocurrencies in the world. Tether's USDt and Circle's USDC are the largest, accounting for more than $266 billion in combined market capitalization. Both issuers have the ability to freeze their stablecoins, but they approach that function differently.
While Tether tends to freeze funds more quickly in most security breaches, Circle emphasizes legal process and jurisdiction before intervening. Dante Disparte, the company's head of global policy, addressed the issue directly in a recent blog post.
"Let me be clear about something that is frequently misunderstood: when Circle freezes USDC, it is not because we have decided, unilaterally or arbitrarily, that someone's assets should be taken from them," Disparte wrote. "Our ability to freeze funds is a compliance obligation — exercised only when we are legally compelled by an appropriate authority, through lawful process," he continued.
Circle was pushed to explain its stance after the recent $280 million exploit on Solana-based Drift protocol, also attributed to North Korea. The explanation did not satisfy security experts demanding answers. Bilotta said that waiting for formal legal orders in cases with clear, on-chain evidence of an exploit represents a "failure of responsibility."
Who Decides What Counts as 'Extreme'?
Large-scale exploits, including those linked to North Korean actors, have pushed the industry into situations most would consider extreme — scenarios where hundreds of millions of dollars can be drained and laundered in real time. Such cases raise the question of who defines what qualifies as "extreme" and when intervention is justified.
"This is the question the industry has been ducking the longest," said Wish Wu, CEO of institution-focused layer-1 network Pharos. "In practice, 'extreme' is too often defined after the fact by whoever holds the keys, which is exactly the failure mode decentralization was meant to avoid," he added.
Wu said the more credible approach is to define those conditions in advance and encode them into governance, even if that means accepting that some edge cases fall outside the established rules. "Can a small, identifiable group move user funds before users have a fair chance to exit?" Wu asked. "If the answer is yes, then whatever the marketing says, the system is custodial in substance. If the answer is no, only then are we in an honest conversation about which governance and safety tradeoffs make sense for different use cases."
Below that line, Wu added, decentralization loses its substantive meaning.
Why it matters
The Arbitrum security council's structure — 12 members, nine required for emergency action, elected by a DAO — illustrates how governance design directly shapes whether a freeze is possible at all, and how quickly it can happen during a live exploit.
Circle's stated policy of requiring legal compulsion before freezing USDC means that jurisdiction and legal process become practical variables in whether stolen funds can be stopped, regardless of how clear the on-chain evidence is.
The distinction between a protocol that can freeze funds and one that discloses who holds that power and under what conditions is the operative line several experts in the article draw between substantive and nominal decentralization.
