Patrick McCorry (core contributor to the Arbitrum ecosystem and former employee of the Arbitrum Foundation) provided a high-level technical overview of the freeze of 30,766 ETH: A temporary upgrade of the L1 Inbox contract was used to insert a forged cross-chain message impersonating the attacker, followed by an atomic execution and rollback of the upgrade. The process essentially unfolded as follows: • The L1 Inbox contract was temporarily upgraded to insert a “forced inclusion” message pretending to originate from the attacker. • This message was parsed by ArbOS on L2 as a Type 101 system transaction → triggering the fund transfer. • The entire operation—upgrade, execution, and rollback—was completed atomically within a single L1 transaction, leaving all other state unchanged. Arbitrum reserves this capability exclusively for “catastrophic emergency events,” requiring approval from at least nine of twelve members of its Security Council. Such measures are rarely invoked. This marks the first public, large-scale use. This action is certain to spark significant debate across the broader crypto industry. Arbitrum’s use of a Type 101 system transaction to freeze approximately $7,100 worth of ETH belonging to the hacker is technically efficient. However, it directly crosses a core ideological红线 of DeFi: “Not your keys, not your coins.” This is no minor incident—it represents a public stress test of L2’s commitment to decentralization. The event reignites crypto’s classic dilemma: pragmatic security versus fully decentralized security.