Dragonfly Managing Partner Haseeb Qureshi has analyzed the recent action by the Arbitrum Security Council to transfer 30,765 ETH held by Kelp DAO attackers to a secure address and freeze it. According to Foresight News, this transaction was executed using the ArbitrumUnsignedTxType (EIP-2718 type 0x65/101), a system-level transaction that cannot be signed by a regular externally owned account (EOA) and can only be injected by the Arbitrum Security Council through ArbOS.

This operation did not involve a chain rollback or historical rewrite, functioning instead as a state-level recovery. While the attacker's private key can still sign transactions, the ETH in question was transferred by the chain itself. This action also demonstrates the powers of the Security Council as described in Arbitrum's progressive decentralization documentation, specifically in scenarios deemed as 'catastrophic emergencies.'