Unchained - Arbitrum Froze $70M From North Korea? Griff Green on the Decision + Miguel Morel on the Hack
Episode Date: April 26, 2026KelpDAO’s hackers left telltale signs pointing to one culprit, North Korea. Then, in a surprise move, the Arbitrum Security Council decided to fight back. =========================================...=============== Thank you to our sponsors! As Bitcoin's application layer, Citrea gives you access to the first trust-minimized BTC on a fully programmable platform and a native stablecoin for Bitcoin, ctUSD. You can now participate in Bitcoin capital markets with lending, privacy, payments, Bitcoin yield, trading and predictions. You get expanded Bitcoin utility without sacrificing its security. Citrea mainnet is live. Put your BTC to work at citrea.xyz/unchained. Ether.fi is giving Unchained listeners 15% cashback on food and ride apps — and that's on top of the 3% you get on everything else. Your bank is charging you to use your own money. Laura switched and loves her card! Go to ether.fi/unchained to claim your offer. Nexo is the premier digital wealth platform. Receive interest on your crypto, borrow against it without selling, and trade a range of assets. Now available in the U.S with 30 days of exclusive privileges. Get started at http://nexo.com/unchained ======================================================== In this episode about the hack on KelpDAO that had a broad impact across all of DeFi, Miguel Morel of Arkham, explains what digital fingerprints made it clear North Korea was the likely hacker, plus how it is that Arkham’s users are using the platform to figure out how to get their bad debt out of Aave and when. Then Griff Green, a member of the Arbitrum Security Council, explains some of the reasoning that went into the decision to freeze $71 million of the funds stolen by DPRK, how the surprise move worked technically, and why blockchains are immutable only by social consensus — and how even Bitcoin could be changed by social consensus. Host: Laura Shin, Host / Unchained Guests: Miguel Morel, CEO of Arkham Intelligence Griff Green, Arbitrum Security Council Member, Leader of the DAO Security Fund, Co-founder of Giveth Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi everyone, welcome to Unchained, your no-haped resource for all things crypto.
I'm your host, Laura Shin.
Thanks for joining this live stream.
Before we get started, a quick reminder.
Nothing you hear on Unchained is investment advice.
This show is for informational and entertainment purposes only,
and my guest and I may hold assets discussed in the show.
From my disclosures, visit Unchained Crypto.com.
Bitcoin changed how money works.
Citrae changes how Bitcoin scales.
With a trust minimized BTC and a native staple coin, CtUSD,
you can finally access Bitcoin capital markets with lending, privacy, Bitcoin yield, and more.
Put your BTC to work at Citraia.xia.x.com slash unchain.
Introducing Nexo, the premier digital wealth platform.
Receive interest on your digital assets.
Borrow against them without selling.
Trade a variety of cryptocurrencies, all-in-one platform.
Now available in the U.S.
Get started today at nexo.com slash unchained.
Etherfi is giving Unchained listeners 15% cash back on food and ride apps.
And that's on top of the 3% you get on everything else.
Your bank is charging you to use your own money.
I switched.
Go to Ether.fI. slash Unchained to claim your discount.
Today's topic is how the Kelpdao hack unfolded.
Here to discuss is Miguel Morrell, CEO of Arkham.
Welcome, Miguel.
Thank you for having me on the show.
This week we saw what is in some ways the biggest hack to date in terms of collateral
damage in defy. Northrea exploited Kelpdow's layer zero powered RS Heathbridge and created 116,500 restaked
eath tokens. And then it used some of these tokens that were minted out of thin air to borrow on
Ave. This kind of spurred a sort of bank run incident on Ave and now there's that on
Ave. Miguel, obviously, Arkham is so well known for, you know, its intelligence and analytics
platform for blockchains and crypto, how did you initially, you know, see this exploit and where
did you track the funds to? Yeah, so naturally when you're running a blockchain analytics platform,
you have different types of ways of monitoring. We at Arkham have automated monitoring techniques.
Obviously, we take in on-chain information as much as we can from different sources
and try to produce automated alerts for very large or anomalous movements.
But then additionally, we also have analysts at the company whose job it is to monitor what's
going on on chain for various purposes, including providing the information to our customers
or in some cases even posting about it online as breaking news, for example.
So in this case, of course, it's extremely abnormal to have hundreds of millions of dollars
of restaked ETH moving in a way that is not typical, right?
It's not every single day that you get these types of nine-figure movements of this token.
That's kind of part number one.
And the number two is after this was actually withdrawn and it started getting moved by
what we later discovered was the Lazarus Group, all of those tokens then moved onto Thorchain,
or at least a significant portion of it, once it was actually
taken out from Avey. It was then taken and sort of laundered using Thorchain. And so when you get
very large Thor chain deposits like that, it's very typical that these are proceeds of a crime, right?
Thorchain in general has been seen as a chain of choice, especially for North Korean groups
that are interested in essentially laundering the funds of their proceeds or making them kind of
untraceable, right? And so they basically use that chain in order to convert it into Bitcoin.
And then in some cases, you know, split it up into many tiny transactions, split across thousands
of wallets, then using other types of mixer-like services. So we monitor it in an automated
and manual fashion. And of course, all of those kinds of very large transfers are extremely
anomalous. And then tell us a little bit more about how the bad debt got created on AVE and how the
protocol users reacted. Yes, of course. So on a very high level, just to explain to users here who may be
somewhat unfamiliar, within DFI, you have these different protocols that utilize smart contracts
that have a built-in logic to them regarding what actions they're supposed to take based on the inputs of
their users, right? Ninety-nine percent of the time, those contracts behave as expected,
the users behave as expected, and all of the logic works. However, on occasion, such as this
one, for example, you get a situation where somebody figures out how to trick or in this case
exploit the logic such that it produces an outcome that you want, but that was unintended by
the creator of the smart contract and might be unwanted by the rest of the
other users actually utilizing the protocol. In this case, using the restaked ETH token via KelpDal,
essentially, Layer Zero accused the Lazarus group of exploiting their decentralized verifier
network with the way of essentially faking withdrawals of restaked ETH on Ethereum, which then caused
restate ETH to become under collateralized. Obviously, then, you have to be a
have a bunch of this token that doesn't actually necessarily even exist.
But according to this bridge, it does.
The smart contract authorizes that those types of tokens from those bridges to make
deposits to interact with the rest of the network.
And now you have an enormous deposit of restaked EF on AVEA that looks completely
legit to the contract.
At first glance, the protocol operates as intended.
And in this case, the Lazarus Group.
deposited $2,000,000, or sorry, $270 million worth of this wrapped, restaked ETH onto the Ave protocol,
they get to withdraw $228 million of wrapped ETH.
And now all of a sudden, you have a bunch of bad debt because there's a bunch of tokens
that don't actually exist that have been deposited and a bunch of real money that does exist,
which has been taken out by a bad actor, right?
At that point, it's essentially a race to the bottom where the only thing the Lazarus group is focused on is how to take all of that real money and get rid of it as fast as possible in a way that isn't going to be detected or frozen by the authorities.
This essentially leaves a bunch of the real value from the users that have been deposited onto the network.
Now in the hands of a bad actor, they're trying to make that money disappear so that nobody can track them and freeze them.
And that leaves Abe in a kind of difficult position where now they hold a bunch of this kind of worthless token, but they need to pay back their users real money.
And this, in essence, is what produces the bad debt.
Thankfully, we have at least one freeze.
I think actually one of the people who was part of that will be on here later in the show, which is arbitram, who managed to freeze in a sort of, I guess, somewhat controversial, centralized manner, $70 million of the funds that were.
taken from the Lazarus group, and that will be recoverable, right? But it sort of also exposes
some of the sort of tricky things about decentralized finance, which is what are the levels
of decentralization versus centralization such that users feel comfortable interacting with the
protocol, both from a perspective of my funds are safe, but also from a perspective of, you know,
I'm using this for a reason. I don't want D-FIRE protocols to turn into a bank.
how come, you know, this group of people can freeze money at will, right?
So it sort of opens up a bunch of philosophical questions about what it,
what decentralized finance actually means and the kinds of products we should be building
and how we're going to run them.
Yeah, I mean, as you alluded to my next guest, Griff Green, he's on the Arbitrum Security Hensel.
He was also highly involved in the Dow back in the day.
So it's just so interesting that, you know, he kind of reappears in these, you know,
is code law or is it something else moments.
But, you know, I alluded to before about how this really had a contagion impact throughout
Defi, you know, obviously one of the kind of like selling points of defy is that it's money
Legos, it's composable and, you know, all these things.
But obviously when you have this moment where hundreds of millions of dollars of worth
has been stolen because, you know, fake assets or, you know, you know,
just assets that didn't actually exist were used to borrow these funds.
Obviously, then it spreads out.
And AVE being, I think up until the hack, it was the number one biggest DFI protocol.
So just talk a little bit about how it spread throughout DFI.
So in essence, the way I like to think about this is very similar to the sorts of things
that you see in the crises of traditional financial markets, right?
In general, you start with a kind of pure and raw, real money value of an asset.
And kind of in traditional finance, you can imagine this as a gold bar.
There is a physical gold bar, which is somewhere, you know, in your possession or in a vault with your name on it and you own it.
And that is in its way, kind of the purest form of money.
where these crises evolve and where the failure modes happen is then essentially when we produce
financial products on top of the pure form of money.
And this is often sort of discussed in Tradfai as kind of derivatives, for example, or in
the case of Defi, essentially attempting to earn yield on an asset or wrapping an asset and
so forth. In this particular case, where a bunch of the failure modes and contagion happens is
you're taking, in this case, what we would describe as your gold bar or real money, an actual
Ethereum that is sort of physically held in your possession. And you're depositing it onto a
series of protocols, in this case, smart contracts, which then are holding that asset. And then on top
of it, they're creating a new token, right? But this new token is not the same thing as holding
the sort of native token, but it might have a bunch of purposes, right? There could be,
in its simplest form, a protocol that says, hey, you can deposit your Ethereum onto my protocol.
We will wrap it and issue you a new token. And then in exchange for holding that new token over
time, we might offer you points, for example, right? And there's a certain incentive to the
user where you have a yield associated with that or some kind of benefit for using that protocol,
right? Because at the end of the day, the protocol can say, hey, you accumulate a certain number
of points or we'll give you a certain amount of yield. And over time, you might make significantly
more money than if you hadn't done this because we're going to drop a new token and you might
get an air drop, for example, or, you know, we might give you yield from some other token, right?
So there are all of these incentives for people to deposit their funds onto these different protocols.
And that is kind of what has built the decentralized financial ecosystem up.
It's giving people the ability to, without a centralized middleman, just relying on smart contracts,
take all of this money that they have and actually do something with it.
A large problem of crypto that people sort of found very negative for a long time was that
you had all of your money locked up in these coins.
And there was no way to generate yield off of it much in the same way you would generate
money from holding a stock or treasuries or some other kind of asset beyond just the original
appreciation. But these protocols, they need to decide which protocols are real, which are the ones
that seem audited, not audited, which are the smart contract logics, like which of these
actually make sense. Of the newly minted tokens, restate, ETH, wrapped ETH, other types of liquid
forms of ETH from these different protocols, you have to make decisions about which protocols
to trust what pieces of technology to trust, which projects you trust, and therefore decide,
okay, these are legit tokens versus not. These are the protocols that, according to our logic,
we're going to accept deposits from them and offer other types of assets of equivalent value
in exchange for it, right? But sometimes this breaks, right? In this case, we have a situation
where, at least according to the KelpDout, you know, layer zero was exploited on their verifier network.
And that meant that there was an ability to essentially fake a withdrawal of restate ETH on Ethereum.
And then because the AVE protocol trusted that R.S.E.
It was able to offer a different type of asset that it believed was in kind to the user who was depositing.
In this case, the Lazarus group.
But when that ends up being wrong and your points of kind of decentralized trust fail,
this is when you get these enormous types of exploits essentially, right?
When something happens that, you know, the protocol is operating as intended,
however, its logic was wrong because there was something wrong on a different type of protocol.
These are the types of things that you need to be able to predict and foresee, for example, with audits.
Sometimes it doesn't get caught and then you end up with an enormous exploit like this.
Yeah, yeah.
I mean, we saw a number of different protocols.
pause their own layer zero bridge. I think some of those were Athena, Lombard finance,
Curve Finance. Some of the other lending protocols, you know, also saw a direct impact with,
you know, their own TVL dropping. Like it just kind of caused a scare. So clearly, you know,
this like, I think like, frankly, because Avey was so dominant, it had this sense of like, it was
kind of safe. Clearly, it's been through just a number of up peoples over the last several months.
And this, you know, we'll have to see really what happens. There is a situation, though,
you know, right now where there are AVE users who are trapped in some of the stable coin markets.
I actually saw Gordon Leow, the chief economist and head of research at Circle, made a proposal
on the AVE Forum for how to address that. You know, very briefly, like some of these markets, you know,
some of the factors that they look at to figure out what their rates are have to do with like the
optimal utilization rate and then of course the interest rate. But the interest rate actually has
what they call two slopes. And the second slope kind of kicks in when they're trying to, you know,
bring new capital into into that lending market. So basically he proposed that slope two, which is that
more, you know, aggressive interest rate goes from 10% to 50%. And that's, and that's,
the optimal utilization is dropped from 92% to 85%. I don't know if you had a chance to look at that
proposal and, you know, what you thought about it or just generally if you have thoughts on how
to resolve this current situation. So there are two things. One is kind of how people resolve
them in practice and then the other one is sort of in theory. In practice, the types of anecdotes
that I can describe from other kind of Arkham users is even utilizing our own platform,
people right now are just trying to understand when money is coming into the protocol.
That is the simplest, most important thing for any user right now who is trying to get funds out.
It's when new money comes in, I need to be the first one at the bank to take it out.
If you kind of sort of take a step back and analyze this as a bank run,
the whole kind of concept is a certain number of dollars,
or of ETH, et cetera, are deposited into this bank.
There's a certain number of people in line in order to withdraw.
The amount of dollars in the bank right now do not match the number of people in line.
And so whenever somebody comes in to make a deposit, somebody who's at the front of the line to withdraw, they get to take that money out.
People right now are actually utilizing ARCA monitoring these contracts on these different platforms, such as Ave, in order to then withdraw as soon as they receive an alert.
on chain that somebody's looking to deposit or has deposited, which I think is a pretty
interesting way of figuring out how to get your money out, right? If you have no clue and you just
go to click withdraw and there's no money, you might say, hey, let me just check back on 24 hours
and hope that things are better. If you want to mechanistically try to get your money out,
you set an alert for any time a single dollar comes into the protocol so that you can be
first in line to try to withdraw it, right? So this is, I think, practically speaking, how people
are trying to get it out right now. In terms of the Dow and the different types of proposals,
being made in theory economically what needs to happen in a true sort of free market sense is
you sort of take the lid off of the types of yields. You say, look, we're in an emergency here.
If a single person is not going to come and essentially bail out the entire protocol with some
kind of cash injection, much in the same way the Federal Reserve or central banks, for example,
might do with an actual bank where they essentially just provide a stimulus in order to bail them out.
I'm not sure that that's going to happen in this case, given it's decentralized finance and
there's not necessarily a central bank or federal reserve behind these protocols.
You need the market to do it.
How do you incentivize the market to do it?
You offer them more reward.
You offer them more yield.
I think that this proposal of increasing the slope and increasing the amount of yield being given to
depositors and lowering the utilization rate, that makes a lot of sense to me.
The question is, how do you know at what point?
point, people are actually going to be willing to deposit. Why? There's a certain game theory and
expected value to that yield. If you're deposited money onto a protocol that you just saw lost
$250 million plus dollars, you're taking a huge gamble, right? You're looking at it and saying,
hey, I might lose my entire principle by depositing onto this protocol if things aren't patched or if there's
something worse. So, you know, if somebody's increasing yield, just hypothetically, let's say from
10 to 20%. There's no way of knowing if that's enough. Maybe the actual market price that people are
willing to deposit new tokens onto AVE might be closer to 50%, 60%, maybe more. I have no idea, right?
So I think in a lot of cases, sort of purely theoretically, the correct thing to do would just
be to allow it to be variable, let this sort of yield float, right? And essentially based on the amount
of bad debt that you have, the number of people who are looking to withdraw, offer yield to
people actually putting money in in order for you to get as much of those dollars back as possible,
no matter what the prices until the market actually stabilizes itself. Naturally, there's going to be
a bunch of extraneous conditions that need to be accounted for as well. You don't want anybody
getting drained or the protocol being abused because the yield goes to one billion percent interest
or something like this. But you do need to sort of let the demand curve and the supply
curve float and price themselves, given that this extreme kind of situation will require an extreme
solution. Okay. So no you have to run, but I just want to ask one quick question. If you don't have
time, just say so. But obviously, you know, people think it's North Korea. And I wondered on your
platform, on the analytics side, like what makes you think that that is either likely or perhaps
not? I would say that the most likely pieces of evidence are the way in which this exploit was
conducted in the way in which the money was laundered afterwards. It is extremely common,
as I mentioned before, for the Lazarus Group to essentially run small tests on a protocol
prior to them actually making an exploit, right? They run small tests, they conduct the actual
exploit, they move an enormous amount of money, and then they immediately hit Thorchain. That is the
most common pattern of the Lazarus Group. It's basically, it's extremely classic, right? So when
we look at all of the information that we have available to us for the likely candidate for having
gotten this done, all of the breadcrumbs point to the Lazarus Group, part of a large North Korean
organized criminal organization. So that's essentially what we've been looking at to try to assess
who caused this ex-what to happen. Okay. So thank you so much, Miguel, for that look inside
to how Arkham has been tracking these funds. Everyone, stick around after this short break. We're going to go
straight into a conversation with Griff Green about why Arbitram Security Council chose to freeze
$71 million that were stolen from this hack. It's the other part of the story you will definitely
want to hear. It's pretty controversial. But first, we're going to take a quick word from our loved
sponsors. Bitcoin changed how money works. Satrea changes how Bitcoin scales. Satrea uses Bitcoin as
both the settlement and data availability layer. As Bitcoin's application layer,
Satrea gives you access to the first trust-minimized BTC on a fully programmable platform
and a native stablecoin for Bitcoin, CTUSD.
You can now participate in Bitcoin capital markets with lending, privacy, payments,
Bitcoin yield, trading, and predictions.
You get expanded Bitcoin utility without sacrificing its security.
Citraia Mainet is live.
Put your BTC to work at Satrea.
Unchained. Step into a new era of wealth. Discover Nexo, the Premier Digital Wealth Platform.
Manage your crypto portfolio with confidence and control. Receive interest on your digital assets.
Borrow against them without selling. Trade a wide range of cryptocurrencies, all in one platform.
Now available in the U.S. with 30 days of exclusive privileges for new clients.
Experience Wealth Club Premier. Access enhanced interest rates.
reduced borrowing costs, and crypto cashback on swaps.
Get started today at nexo.com slash unchained.
Etherfi is giving unchained listeners 15% cash back on ride shares, groceries, and restaurants
right now, which honestly is kind of wild for a card like this.
On top of that, I'm getting 3% cashback on every single transaction, using my actual crypto,
no conversion fees, no nonsense.
My bank never once did that.
beyond just spending. You can borrow against your holdings at 4% or less, which is super useful
if you don't want to sell your assets. You can also earn on all major assets, up to 8% APY,
just by holding. And moving money is just easy. No hidden transfer fees, no friction. It just
works globally. If you want to check it out, go to ether.fi slash unchanged to claim your offer.
That's ether.fi.fi. slash unchained. I'm here now with Griff Green, Arbidtram Security Council
member, leader of the Dow Security Fund, and co-founder of Giveth. Welcome, Griff.
Hey, good to see you, Laura. All right. So for any audience members who don't know Griff,
he was very closely involved in the Dow, which created Ethereum's first existential crisis
and led to the Ethereum hard work that created Ethereum Classic. I got to know super well
working on my book. So that was a major incident in that. And now we are going to talk
about him being involved in another similar code is law situation.
So, Griff, before we get into all these details around the Arbitram Security Council's decision,
why don't you just set the scene a little bit more about how North Korea came to this point
where some of its funds were vulnerable to arbitrage from being able to freeze them?
If you haven't been paying attention, there was this crazy hack where on layer zero,
where Kelpdow, who created a staked ether called RS-Eath,
this token that is collateralized by Ether on MainNet,
they had a bunch of those RS-Eth tokens in the Layer Zero Bridge.
And North Korea hackers were able to effectively find a way
to take all the RS-Eth that was in bridges
that has a tokenized representation on a bunch of L-2s.
Take it and bring it all to MainNet in their hands.
And to extract value out of it, they quickly borrowed, used it as collateral in Ave to borrow a bunch of Weath on Mainnet and also bridged a bunch to Arbitrum to also borrow ETH on Arbitrum.
So then and then my understanding from sources that I know in Seal 9-1-1, that they actually then continue to,
to try to exploit layer zero.
They worked for another day or so just or some hours after that just trying to do it.
And then for some reason, they left their ether there for about like 48 hours.
They just left it in the addresses and took a couple days off.
In that time, the Arboretum Security Council was notified by Seal 911.
And just so, you know, like, if you ever get fished, if you ever get hacked, if your telegram gets taken over,
If like you know of a security vulnerability in any way, just DM seal 911.
These guys are the heroes behind the scenes.
It's Batman, Robin, and the whole Justice League.
They're all back there.
Taylor Monaghan is usually my interface.
And she hosts the show on this podcast.
So, you know, DM, CLE 911.
It's at S-E-A-L-1-1-U-S-1-1-B-O-T on Telegram.
If you have any issues, that's what I do.
That's what you should do.
Okay.
But anyway, these heroes behind the scenes,
they're messaging me, mostly Taylor,
and she's like, hey,
like, I think maybe we could use the Arvish from Security Council
to steal these funds back from North Korea.
This was possible for a couple of reasons.
The big one being they just left the money in one address,
even if they were just moving it,
like that would have been challenging, you know?
The other thing was that there's an incredible technical team
that was able to create an ingenious solution
that didn't require upgrading the Arbitrum Node software.
Instead, we were able to use a transaction on layer one
to actually make this happen.
So those were the two main things that allowed for this.
In most circumstances, the Security Council
does not have the power to just freeze people's funds.
that's not feasible.
It's not really possible in most scenarios.
So this is like a very unique situation.
Like what I say most scenarios, I mean, all these other hacks that happen, there are lots of hacks that happen on Arbitrum.
We've never had the opportunity to this.
Never before, as anyone said, hey, security counsel, should we freeze these funds?
Like, not once.
This is a very unique situation.
Okay.
So I was going to ask that how the idea came up, but it was literally Taylor, who,
just saw, like they stopped moving the funds. We have this opportunity and she suggested it.
I don't know if it was Taylor's mind, but I interfaced with Taylor. But also, I'm good friends
with Taylor from back of the day. Right. Right. Yeah, yeah. She was also very involved in the Dow.
And you can read all about it in my book. I'm not trying to promote it. I'm just literally telling you.
It really is the best source of information if you want to know what happened in the Dow.
The 100 pages of the Cryptopians is like the reference material.
So, okay.
So one other thing that you said there was you said something about how you were only able to do it because you were able to make a transaction on Mainnet on layer one.
So I didn't actually either see that or like follow that.
So can you just explain that part?
Absolutely.
So Arbitrum is a stage one roll up.
That means that it has a security council with emergency powers.
But it also has what they call, oh my God, how am I blanking on what it's called?
Forced inclusion, also has forced inclusion, which means that let's say, because there are centralized points, in every roll-up, there's a sequencer.
And in almost all roll-ups, the sequencer is centralized.
So there is a piece of software somewhere that someone could just say, hey, if this address says move money here, don't listen to them.
Just ignore it because it's one sequencer, right?
and that is possible.
But in a stage one roll-up, like arbitram,
or at least I shouldn't speak for all stage-one roll-ups,
I'm not L-2-Bets.
You can go look all this information up on L-2-Bet.
If you want to know how every roll-up is,
I shouldn't know that this is for sure,
but now I'm like second-guessing myself.
Either way, if you want to move your money on L2, on Arbitrum,
you can actually make a transaction on Ethereum,
and it will move money on Arbitrum.
And that's how roll-ups actually have the same security guarantees as Ethereum, right?
And this is the magic of Rolps.
This is what makes Rolups so interesting because you can have a centralized sequencer
and be censorship-resistant, right?
So we were able to use that same tactic.
And because if we wanted to give ourselves new rules or upgrade the,
the software of the Archeram node, we could do that and we could do other things, have other
strategies to take the hackers' funds.
I mean, this is like, you know, blockchains are open source code run on servers and social
consensus.
So like it's open source code, you can change anything in Bitcoin, Ethereum, anywhere.
It's the reality.
So like, you know, but I'm tangenting pretty hard.
Basically, if we wanted to do that, these other simple solutions,
we would need to go coordinate with a bunch of other people running the nodes.
Otherwise, they would break everything, just like in Bitcoin or Ethereum.
But because we have this forced inclusion tool, we can actually make a transaction on Ethereum.
We have to wait 15 minutes.
And since the hacker wasn't able to move their funds in that 15 minutes,
that transaction went in and actually was able to send their funds from the address they control
to an address that no one controls zero X DOSO DAO.
And now it is up to the arbitram DAO governance to decide what to do with those funds.
Okay. Okay.
So now let's talk about this security council.
Just explain, you know, what it is, how the arbitram DAW is set up.
and a little bit more like on yeah what what each entity can do um and when so there's arbitram
Dow is like a very decentralized governance so like tool like there's actually five what they call
arbitram aligned entities the the I mean they're the ones that aren't worth talking about so much
but I do love them and they're great guys it's like entropy and the the um opco right uh
But then there's also, and then there's like a gaming commission.
And so those three don't have anything to play with this right now.
They will later.
But for now, the main entities, they're players within the arbitram governance system to think about are the security council, the foundation, OCL.
And yeah, I guess that's it.
Just those three, right?
And Dow token holders, that was the other one, right?
The actual Dow itself.
So the security council is elected.
by Arbishop Dow. So this is Arbishop Dow token holders who delegate there are to delegates.
Delegates vote and they elects people like me. And in fact, there's an election happening right now,
which is kind of funny. You can go vote for the Security Council members. The Security Council
itself is made up of 12 people. Six are elected. It used to be every six months. We're transitioning to
every year now.
So terms are moving towards being two years long.
And six new people come every year.
And those six people are independent entities.
Security Council itself is not a legal entity per se.
It is made up of six independent entities.
People, I'm just a person.
I know I have a company.
Some people do have companies, though, in there.
And we each are tasked with a couple of things.
there's some explicit guidelines about upgrading for technical reasons.
And there's more of a general purpose guideline of you can, you know, uphold the arbitram
constitution.
And, you know, there's a long story short, obviously.
And how did you get appointed or elected or even nominated?
Well, there's, it's a two-stage process.
First, I said, hey, actually, a few people within Arbitrum suggested I do it.
And so I was like, okay, sure, let's go.
And do you think that was because you have a long history of doing this kind of Dow governance types?
Okay.
Dow governance and also White Hat security.
So after the Dow was hacked, I led the White Hat group, which is basically Seal 911, but not as good.
Between 2016 and 2019, we rescued lots of ICOs.
We rescued $200 million in the parody multi-stake hacks.
So, you know, while I'm more of a non, I mean, I'm a chemical engineer.
I have a master's screen digital currencies.
I'm not a developer.
I'm not the guy who's going to read the code,
but I do have a lot of experience in fund recovery,
incident response more than almost anyone.
So, like, that was probably not.
And I also am very active in the Arbituram Dow governance.
I'm a high-ranking delegate.
So I have, like, a mix of, you know, incident response experience
plus, like, context of what's going on in Arbitrum.
So that's why they've suggested me.
And then there's a nomination
phase or arbitram you have to receive at least some percentage.
Lately, it's been like 9 million tokens of ARB tokens to be able to run.
So there's like a nomination phase with ARB tokens.
And then there's the actual election.
And so we already passed the nomination phase in the current election.
And now we're voting on the real election.
Okay.
So Taylor or somebody suggests this.
And who, like, I don't know if it's okay.
for you to name who all the 12 people are, but I'd be curious to know.
Or if you can't name them, can you give a sense of like what the states they occupy in crypto or defy?
I can't name them.
I'm not going to, but it is all in the documentation because we're all publicly elected.
Oh, okay, okay.
Unlike the Security Council of Base, where it's secret.
And a lot of L2s, they have secret security council, which is also a fine strategy for OPSEC and like, you know, reasons.
that's good, but in Arbitram, it's all public and all the documentation.
And they're all rock stars.
Dude, the Arbitrum Security Council, pretty sure the by far, I mean, I don't know the
secret ones, but these are heads of, heads of, you know, auditing companies.
I'm just going to name some of them because I found the list.
So Gauntlet is one.
Somebody at off-chain labs, which is the, you know, the labs entity for Arbitrum.
Immunify, which is a security firm and bug bounty platform.
Zach XBT, who's very well known, Griff, Michael O'Ellen, who was just on the show.
Also talking about, I think it was a different hack.
I think he was talking about drift.
And then let's see, Open Zeppelin, which I think they used to be an auditor,
but I think they do a little bit more like additional things to that.
So that's just a sampling.
So, okay, so this suggestion gets me.
made, then what are the conversations like at that point? Like, was it controversial right away and
there was a lot of argument or what, you know, were you all kind of leaning one way or the other
from the start? Or, yeah, just describe, you know, how contentious it was and then what the arguments
were back and forth. So I can tell you from my perspective, but the actual conversations within
the Security Council are confidential. And so I can't really give that that thing. But I can't say from my
perspective and and what we were what we were thinking and and I can tell you what I was talking about
with Taylor who's also in the show right okay because really her and I were going back and forth on
whether or not this is feasible and and like I said that the the technical solution uh was
ingenious I'm telling you this was not in you know the best technical solutions end up very elegant
and that's what this was it ended up very elegant because the the other ways that
at least I thought that we could freeze the funds weren't feasible.
And I reached, I talked to as many people as I could because I, I don't know, for me,
if you can stop North Korea, you do it.
You know, if you can recover users' funds, you do it.
If it's in your power, you take the power to do what's right.
And so I was probably, I mean, I can't speak for other people, but I was very gung-ho on this
on this action.
And I was pushing it from different angles, mostly because Taylor was also being like,
come on, Griffin, I stopped working and be like, okay, you know, I'll go talk to other people
and kind of coordinate this because also this is my role in incidence response.
I'm more of a coordinator, you know.
So, yeah, that's, that's, that's the only thing I can do.
I can't remember.
But can you, so can you at least reveal what any of the objections were?
No, but what I can say is why I rejected it at first as well.
Because at first with the technical solutions we had that I could come up with, at least,
it required upgrading the Arbitrum node.
And if we do that, there's two problems.
Number one, if we just do it unilaterally without talking to anyone,
it'll break the whole Arbitrm network.
Users, funds would have problems.
Oracles might go off.
Like, it would cause a lot of problems in the crypto defy space.
So just that and upgrading the node is the most obvious way to do this.
Like, we can just like change the state of the node.
And it's not, but it's not, it's not, it's not, it's actually less elegant than a normal transaction.
And it would cause a lot of issues.
So, you know, I personally was not like a fan of.
of trying to take North Korea's money,
but then causing who knows how much existential risk to other platforms
and other things.
And we're like,
yes,
maybe we end up stopping North Korea,
but then we have a lot of other people lose money because of liquidations or something.
So like,
but then for me personally,
when we found a technical solution that didn't involve upgrading the node,
then it was
yeah I was
stoked you know
there was no real reason in my mind
not to do this
I think there is fear
I think there are legitimate risks
to doing an action like this
but most of it is philosophical
I mean really
the legal risk from my standpoint
in my opinion is like so small
like really I mean I've done crazy things
in Christo this is the third
largest recovery effort
had been majorly active in, you know, not just like passively, like active in.
So, and even though I've gotten legal letters about these things, no one's ever sued me.
No one's even tried.
So, like, I have a firm belief if you do what you know is right, like things will work out.
And but there, the risk is the story, the narrative risk, right?
It's like, oh, no, if they can freeze North Korea's funds, they can freeze anybody.
buddies. And I know I personally just have a different perspective on how those dynamics work than I think most people do.
Yeah. I mean, I think one of them, though, is frankly that, and this was what the argument was back in the day right when the Dow hack happened, like in that initial Skype chat, where the exchange operators were super mad because some of the Ethereum people were suggesting that they stopped trading.
of Eath. And, you know, at that point, like people were saying, basically, there's going to be a, quote, unquote, rollback, which really is more like of a Bitcoin term technically. You know, ultimately what you guys did was something very similar to what you just described here, where it was more surgical and it only affected, yeah, the Dow token holders. And so there was a way to kind of conduct the operation where it didn't affect other people and the appearing ecosystem.
But I think like basically one of the arguments that could be made is that potentially once a government realizes that they can, there's a, you know, some entity or group of people that they can pressure to do something that potentially that is a risk.
But yeah.
For me, that's like security through obscurity.
I mean, the fact of the matter is this is possible in Bitcoin.
And I know a lot of people are going to get mad at me.
And already the Bitcoin trolls have been coming after me on Twitter.
The Dragon's Den is activated if you know what I'm talking about.
But like the fact is there's this is a core tenant of blockchain technology that we just don't talk about.
Blockchain technology is open, modifiable.
It's it's just code, right?
Running on servers and social consensus.
And that social consensus piece is the thing.
that destroys the idea of immutability.
It destroys the idea of like, you know, complete agency.
I mean, it is, it does have agency, but it's like it can be persuaded.
If the Bitcoin miners, the heads of the biggest Bitcoin mining rings,
had guns to their head.
And with three Bitcoin miner pools, you can control 51% of the network.
They can, you know, do basically anything.
They're talking in Bitcoin about stealing Satoshi's fun coins right now.
I didn't even think it's a good idea.
Freezing them, not stealing them.
That's exactly what we did, though.
We didn't steal them.
Right, right.
So this is, this is by definition part of the blockchain underpinning, like how this technology works.
And it's difficult because the actual accountability for this, it's not in the multi-sig or even in the Dow.
it's really in the price of the token.
If Bitcoin wants to freeze Satoshi's tokens,
like, what are the incentives?
You know, like eventually I think the incentives
will be big enough that it should happen.
But what really matters is all the people who are holding
or will might want to hold Bitcoin and those reasons,
those market dynamics are what provide the accountability
for these systems.
And so with arbitram, it's the same.
It's like, I've only, from people that I know are real and exist in this world that aren't
like crazy monkeys tied to a computer just saying horrible things, like in Superman.
That's what I'm referring to you.
Anyway, everyone agrees with this move.
And I think that's the accountability layer that these social consensus engines really live
behind.
It's possible to do in Bitcoin.
I've done it.
I've been part of doing it in Ethereum.
we just did it in arbitram and it's a little bit, a little bit more shaky because not so many
people knew these things were possible in L2s. But yeah, it's just the reality.
Okay. So let's talk a little bit about like what lessons North Korea took from this.
Because to my mind, if I'm them, I'm thinking, well, I'm never going to use another L2 that has
that kind of capability that Arbitrum has. So, you know, do you feel like now,
we're just going to see them as quickly as possible get into ether and Bitcoin or like,
like, you know, like to my mind, it sets some kind of precedent and it sets, it kind of like almost
gives them a warning of like if you try this again, we're going to fight back. But I don't,
I don't know. What do you think? I mean, I think that's the best precedent we can set against
these people. It's like, you know, there's a reason that you don't negotiate with like people doing
ransom because if you're
except except
like we're going to fight back but only on
L2s right because like
I mean what are we going to
or what will crypto
people do in Ethereum or Bitcoin
if this happens? I mean
in general that that's even though
it's possible it is possible to do it
in the theory of in Bitcoin. It's
more difficult than this
but
it's still possible
so well yeah.
And I think L2s with security councils, they will probably feel emboldened by the response of the community in the situation where they can do it.
But the fact of the matter is, it was lightning striking.
North Korea never sits, let's that money just sit for two days.
That's what I was going to say.
This basically is like a replay of the Dow because the only reason it worked was because there was like this moment where they weren't moving the funds.
Exactly.
So it's just like the Dow where the money, well, in the Dow, the money was stuck here for whatever we,
just didn't move it for 48 hours or however long.
Yeah, I know.
It's crazy.
They're idiots.
But then now, I feel like their lesson is going to be to launder it as fast as possible.
Of course.
I mean, I think that I don't really understand how this was possible.
It's crazy because they always laundering as fast as possible.
It always do.
And I think actually this goes to show like C.O.911 is just an incredible organization.
Because the second this hack happened, behind the scenes, they're coordinating with law enforcement.
They're coordinating with all the bridges, all the people that they could.
They're blocking UIs, this address from UIs.
They're putting this address on all these lists.
And like the infrastructure of CL 911 is really the hero here.
Like I feel like the Security Council is getting a lot of credit for executing.
But the real execution happened to layer up.
And it's seal 9-1-1.
It's just incredible what they've done.
And this was years of work to be able to have all the connections where it wasn't
possible for North Korea to just like bridge off of Arbitrum.
The native bridge has a seven-day delay.
And I will say that I thought they would end up using it.
And that's how we would freeze them.
When I was first taking this action, it's like, you know, I felt like, okay, all the bridges are frozen.
They'll probably have to use the native bridge.
And now I need to convince the security council that we can freeze it there, you know?
And I don't know.
Like I said, I can't talk about the deliberations during that.
But that was the first conversation.
So, or that, yeah, you know, that was the first, my first thought of what we could do.
And that was where it sat.
And because there was, because CLE 911 did such a good job at just blocking all the exits besides the native bridge, which doesn't have the ability to be censored like that.
Okay.
Well, it does, of course, if you're the security.
Okay.
Okay.
Last question.
I'm just curious.
I'm sure your social media is blowing up with criticism.
of the auction. So what are some of the main criticisms you're seeing?
You know, what's amazing is like, I think it's more like disappointment in the narrative of
blockchain tech than its criticism on our action. It really is across the board. Everyone's
like, oh, man, you know, after billions of dollars being stolen by North Korea, at least we got
a little bit of a punch in, you know, and got 70 million back. So like pretty much everyone who's
real person is like down for this, except for people who already hate Ethereum and their Bitcoin
Maximilist or some other chain. Or like there's a lot of people also that just are
contrarians and want to take the social media thing. I think the best argument came from Gabe Shapiro,
which is just like, hey, security councils need more underpinning than what they have.
He also agrees and is on security councils and would sign this transaction.
Right. So pretty much everyone says that it was signed the transaction.
But like there are ways that we could improve things.
And he, his argument is the best, I would say.
And it's, you should have more legal underpinning and you should have more rules about when you will act and when you won't act.
And, you know, I don't agree with the legal underpinning.
I actually think that our structure is really beautiful with 12 independent entities that have to come to an agreement on a multi-sig.
but I do think that we could probably have more, you know, understanding of what each member's
guidelines are.
And I think in future elections, we will.
Like every member is going to be asked, hey, would you have signed this transaction?
What are your rules?
And I think that's actually the better thing with the Security Council.
It's very difficult for the Security Council to agree on anything.
And I think that's how you want it.
You don't want it so that there's clear guidelines.
Oh, we're supposed to act.
We're not even going to think because of these guidelines tell us what to do.
You know, I actually think that it's better that there's like independent people with independent positions
and that the Security Council is like this really rarely used Supreme Court of Ethereum that hopefully
we can get rid of them eventually and have a fully, you know, permissionist stage two roll up.
Okay.
So at this moment, you have these.
funds that you've rescued, now what happens in terms of arbitrarine governance, which entity decides
what happens to those funds and what are the main options that are being discussed at the moment?
So right now those funds are in basically a debt address, zero X, zero, DAO, right?
D-A-Zero.
And it's like arbitram Dow has, so the Security Council is here for emergency action.
And we had, of course, options of what we could have done.
We decided to put it in this address so that the Dow is to decide.
And so that means arbitrage from Dow token holders will eventually have a vote on where these funds go.
And this is actually kind of similar to what happened to the White Hat group in 2016.
So we rescued, you know, so when that's...
hacker in the Dow stole money from the Dow.
He only stole about a third of it.
We took the last two-thirds of it.
And then the hard fork took the money from us,
and it took the money from the bad hacker, right?
But then Ether Classic emerged as a parallel dimension
where the hack still happened.
And so we had 10% of all Ether Classic in existence.
And in 2016, we didn't know what would happen.
So we thought the ETC tokens were just going to go to zero.
and my personal opinion was that we should sell it for ether
and then give people ether back
because this ETC chain is unlikely to exist.
Everyone in Ethereum was airdropped ETC.
So how the market kept it alive blows my mind.
To me, it would be like Bitcoin Diamond or Bitcoin Gold.
It's not going to have any value compared to Bitcoin.
But it ended up surviving.
and but when we took that action to sell the ETC for Ether,
we had to use centralized exchanges.
Defi didn't exist.
And the exchanges actually froze our ETC.
As a long story, you can read about it in Laura's book,
but when they froze it, they weren't going to give the ETC back to us, right?
Who are we?
And so we had to all work together on a solution to get the money to the right
individuals, right? And so we built a contract, a smart contract that we could deposit into
and anyone could deposit Ether Classic into. And then the token holders could, the Dow token holders
at the time of the Hard Fork could come and claim the equivalent ETC of what we had that was in
the Dow, which is very interesting because it made the Dow hack the only hack where everyone made
money. All the Dow tokens holders got all their ether back and ETC.
The hacker got ETC.
Really, it's like Slocut, my company, who did the Dow,
we're probably the only people who got screwed in the whole Dow.
The Ethereum Foundation was selling ETC for like over a year.
And they didn't have to sell their ether.
So just incredible situation there.
But the part that I wanted to illustrate was that by having these three parties
that all had to agree on the distribution method,
I think it actually made for a stronger solution.
And in this case,
now Kelp Dow and AVE have 70 million reasons to coordinate better than they were, I think,
and actually have a good public distribution of what funds are left over from the Kelp Dow exploit.
So, you know, I think and probably layer zero will come in and we'll probably come up with a good
proposal, and that proposal will actually have to go to Arvisham Dow token holders.
So our abholders are going to be the ones who decide, because we have 70 million dollars,
and they have to go through public governance to decide what the final outcome is,
which I think will lead to a much better outcome than what would have happened,
not only because of the $70 million, but also because of the public discourse.
Yeah, yeah, hopefully.
I mean, the challenge is, you know, it's hard enough for one Dow to coordinate.
We needed two two Dow's to coordinate, and now we need three.
I mean, that's the opposite side of it.
Yeah, yeah.
I'm going to be very interested in watching this conversation unfolds because, yeah, we'll see what happens.
Okay.
I'll tell you, rescuing funds is way easier than redistributing them.
Yes.
The hardest part.
Yeah, like even just, you know, the little bit of the story that you told about the Dow, like there was so much more to all that.
You know, the exchanges didn't agree with you about returning it an ether.
but then on top of that, like just setting up the withdrawal contract you had to figure out, like, at what point in time were you going to honor the, you know, the amount of doubt tokens that you had.
Yeah, there were just like so many considerations about how to redistribute it.
So it feels like that's probably going to happen again because, you know, the devil's really in the details of these things.
But all right.
I mean, so last time you were in the show, you talked about this new security fund that you said.
And oh my God, wow.
Like the timing on that compared to, you know, just the sheer number of security incidents we've had since then.
Obviously, this is coinciding with AI, you know, becoming much more readily available and improving just at such a quick rate.
So talk a little bit about, you know, what you, like just all the lessons that you learned from this and how you think security should be handled going forward.
You know, I've been disappointed in our status, our state of Ethereum security.
for a long time.
I will say I do believe Ethereum is by far the most secure blockchain.
We're way more decentralized than any other blockchain by a long shot,
including Bitcoin.
Because Bitcoin mining pools are such a centralization point,
and the staking is way better distributed.
So I really believe Ethereum is the most secure blockchain in the world.
However, we have the technology to be better than PayPal.
I don't know any way.
We have the technology to be better than banks, and yet I don't know anyone who has their bank account fished.
I don't know.
I don't know anyone who accidentally sends money to the right person on the wrong chain.
You know, like, that doesn't happen, right?
So, like, we have a long way to go for user experience for just making it safe.
Like, Ethereum is extremely secure.
It's not safe.
It's not safe to use.
And I really want to change that.
I've made lots of efforts in the past.
has to change that.
And this is by far the best dance I have to actually make an impact in that direction.
So we need better wallets and better wallet tooling.
We need better use your experience.
We need better bridging.
We need better Oracle security risk analysis.
Like really, there's a lot of reasons for this recent Kelp Dow exploit.
One of the biggest things that made it as bad as it is is, but maybe it allowed us to actually rescue
some of the money, but it's the risk analysis of the AVE, you know, lending pools.
They probably should have done more. They did great economic research on the volatility of the
markets, but they didn't do enough technical research on the points of centralization in each
of the things. And we learned that, you know. I really believe that the goal of blockchain
technology for me, what gets me excited about it is building something.
better than governments. And, you know, the only thing that gives me hope is in 27 BC,
democracy died for like, you know, 1,500 years or something. So, like, you know, I don't think,
it just takes time. We're learning with every problem we get stronger and more robust,
is we're super anti-fragile. And so we just, you know, it took 1500 years for democracy to come
back. I think crypto and blockchain technology, maybe it takes 10, 20 years.
years for us to get it stronger and better and safer than the banks, but it will be.
You know, so that's, that's, that's, that's what the goal is of the Dow Security Fund.
It's, it's to get us there. It's to make Ethereum the financial backbone, the financial backbone
of the world, but also the backbone of civil society is what I'd like to see on top of it.
Okay. And surprise, surprise. You guys are actually launching one of your QF round, remind me,
QF is, what does that stand for?
Quadratic funding.
Right, right, right.
Quadratic funding is one of my favorite tools that has come out of the crypto space.
I think it can distribute funds better than governments do.
And most Dow voting, even in Arbitrum, most Dow voting and Dow tools keep the numbers of
decision makers well below Dunbar number, 150 people.
And quadratic funding is one of the best ones that actually well exceeds the number of
decision makers of 150, it's going to be thousands, maybe tens of thousands of donors that are going
to donate to security projects and decide how a million dollars gets distributed amongst them.
So quadratic funding is like, you know, a lot of these donation and like tools, they'll have a
matching pool. And if you, it's like, you donate $5, we'll match it with like 20% extra.
It will give you another dollar, right? What quadratic funding does is it does that too, but then it says,
Also, if you're a unique person, you get more points, right?
So it still has a plutocratic angle, but it's like if someone donates $100,
that's just as powerful as 10 people donating $1.
And so there's this like square root formula.
And of course, the algorithm is a little more complex than that.
But there's a square root formula that says the more people you get to donate to,
the more of the matching pool you get.
And so I'm really excited.
I mean, it's been such a stressful week.
I can't tell you because the Dow Security Fund is we're like onboarding security experts to participate in the round.
So this week yesterday, I announced the final 100 security experts that joined the round.
I was supposed to do it on Tuesday, the day before, but things got held up with this hack, right?
And then give it just like a couple hours ago, launched the million dollar quadratic funding round for the security fund.
So I think what's really interesting about this,
it's not even donating to the projects,
but it's about getting all of these awesome security projects all in one spot.
I think we did like an excellent job of making sure that it's only projects that are really focused on security and not just random projects.
Like I think a lot of these rounds in the past were like, you know, people come in with ideas and they apply and they get in and they raise.
money and don't do anything. We actually had really strict rules. You had to have evidence of
public benefit in the past. You have to be an actual security project that's forwarding,
advancing security. Like there were lots of amazing applicants that were privacy tools or
newsletters and they do some security stuff without security projects. Right now we have about almost
100 projects that are rock star projects that no one knows about so many people don't know about
all in one place, if you just go through and actually peruse,
you're going to be a safer crypto user.
Because there's all these tools you can use yourself.
You can learn about security, what's going on.
It's going to be really incredible.
So yeah, and that just started today.
It goes on for three weeks.
Applications to join the round are still open.
And this is our first big effort from the Dow
to actually advance Ethereum security.
There's going to be around.
around every quarter-ish.
Depends on the price of ETH a little bit.
We want to make the rounds big,
and we get our money from staking.
So it depends on the price of Eith,
but our target is quarterly to run rounds
that advance the Ethereum security.
But beyond that, beyond the funding layer,
we're also going to be a coordination layer
for working together.
Because I hope you don't mind if I keep this rant,
but there's like security is a public good,
and it's one of these things that also benefits from economics of scale.
Right now in the theorem space,
it's kind of like everybody is securing their own house,
but they're in a war zone, you know?
And it's great that Uniswap and all these guys have bars on their window
and great security alarms,
but that's a lot of work just for their house.
And actually, we spend a lot of money on security,
not just from the hacks, but actually up front,
make things secure. If we can build tools that make everyone secure, I think all Uniswap and everybody else
will spend less money securing their house and they'll actually benefit. And so it's really a
coordination issue at its heart. And we can have better security for less cost if we just
coordinate and secure the Ethereum space as opposed to securing each Ethereum project, which is
what we're doing now. And so that's really the goal of for me, like beyond the funding gets us
in the door. My real strategy, and I think the curators would agree, I haven't asked them
blankantly this, but my real strategy is if we can coordinate and bring everybody together,
we can secure the whole Ethereum zone and actually save a lot of money on security.
Huh. Interesting. I like that philosophy. All right, Greg.
As usual, it's been such a pleasure chatting with you.
Thank you so much for breaking down what happened with this freeze
and giving us some insight into how this surprise move
managed to steal some of the funds back from North Korea.
Yes.
And thanks to everyone who joined the live stream.
It was a mega show on all things that happened with this hack.
I hope you found it informative, and we will catch you next week.
Thank you, Laura.