ARB Arbitrum

+1.01% $0.13

WLFI World Liberty Financial

+0.37% $0.08

Billionaire Justin Sun officially announces Tron as most decentralized

By TheStreet Roundtable

1 day ago

AAVE

ARB

DEFI

SECURITY

WLFI

Send

Tron founder Justin Sun said on Monday night that Tron is the most decentralized blockchain in the world.

“Ok. I’m officially announcing: the most decentralized blockchain in the world is Tron,” Sun wrote on X.

The post landed within hours of a different blockchain, Arbitrum, using a centralized emergency button to freeze $71 million worth of ETH stolen in one of the worst hacks crypto has seen this year.

Sun has been personally involved in the Kelp response from the start.

On Sunday, he posted directly to the hacker on X, writing: “Kelp DAO hacker, how much you want? Let’s talk. With Kelp DAO’s help, of course. It’s simply not worth it to sacrifice both Aave and Kelp DAO and let the go down over this hack. You can’t spend $300 million anyway.”

That was Sunday. By Monday night, with the Arbitrum freeze in the headlines, the tone had shifted from negotiation to trolling.

What actually happened over the weekend

For readers catching up, here is the short version.

On Saturday, April 18, a hacker stole roughly $292 million from a DeFi project called Kelp DAO. Kelp is what the industry calls a liquid restaking protocol. In simpler words, you give Kelp your ETH, Kelp puts it to work earning extra rewards, and you get a token called rsETH back as a receipt proving you own that ETH.

You can then take that rsETH and use it elsewhere, like on a lending platform, while still earning rewards on the original ETH.

The hack did not break Kelp’s main vaults. It broke the bridge Kelp uses to move rsETH between different blockchains. Think of that bridge like a warehouse that holds gold bars, with paper certificates circulating in different cities that say “good for one gold bar.”

More news:

The hacker tricked the warehouse into handing out gold bars without canceling the certificates. Suddenly, billions of dollars in paper claims existed with no gold to back them up.

The hacker did not stop there. They took the stolen rsETH, walked it over to Aave, the biggest lending platform in DeFi, and used it as collateral to borrow around $266 million worth of real ETH. By the time anyone realized what was happening, the hacker had the real ETH. Aave was stuck holding fake receipts.

On Monday, LayerZero, the cross-chain messaging company whose infrastructure Kelp used, attributed the attack to North Korea’s Lazarus Group. The same hacking unit was tied to a $285 million exploit of Drift Protocol on April 1. Combined, that is $575 million stolen from DeFi by suspected North Korean hackers in 18 days.

That is the mess sitting on the table when Arbitrum acted.

What Arbitrum actually froze

On April 20 at 11:26 p.m. ET, Arbitrum’s Security Council announced it had moved 30,766 ETH, worth roughly $71 million, out of a wallet tied to the hacker and into a locked wallet that only Arbitrum governance can unlock. The council said it acted with input from law enforcement about the hacker’s identity.

For readers new to Arbitrum, it is what the industry calls a Layer 2, a network that sits on top of Ethereum to make transactions faster and cheaper.

Layer 2s have spent years pitching themselves as trust-minimized extensions of Ethereum, which is another way of saying nobody should be able to unilaterally touch user funds.

The Security Council is a small group of signers with emergency powers over the Arbitrum network, created specifically for situations like this. The freeze was the first high-profile time the council has used those powers to seize funds.

Frozen, locked, and at-risk funds by protocol

The Kelp hack has triggered one of the most coordinated multi-protocol responses in DeFi history. Here is where the money stands as of April 21:

Arbitrum Security Council — Froze 30,766 ETH (about $71 million) from a hacker wallet on Arbitrum. The ETH has been moved to a locked wallet that only Arbitrum governance can unlock.

Aave V3 on Ethereum — 53,400 stolen rsETH is sitting on Aave as collateral against borrowed ETH. The collateral is contractually stuck there until the debt is repaid, which it will not be. Aave service provider LlamaRisk estimates up to $91.8 million in bad debt on this market alone.

Aave V3 on Arbitrum — Another 36,167 stolen rsETH is locked as collateral against roughly $58 million in borrowed ETH and wstETH. Could face a 26.67% shortfall depending on how losses get distributed.

Kelp DAO itself — Recovered 40,373 rsETH when its emergency team froze the protocol 46 minutes into the attack, blocking a follow-up attempt to steal another $100 million. Kelp has not yet said how it plans to use this recovered amount.

SparkLend and Fluid — Both lending platforms froze their rsETH markets within hours to stop the bleeding. No confirmed losses yet.

Lido Finance — Paused its earnETH product, which had exposure to rsETH. Its main stETH and wstETH tokens are unaffected.

Ethena — Paused its LayerZero bridges from Ethereum as a precaution. The stablecoin has no rsETH exposure and remains over 101% backed.

Upshift — Paused deposits and withdrawals to two vaults with rsETH exposure. Its USDC vaults are untouched.

Compound V3 and Euler — Smaller hacker positions opened on both. Exact losses have not been disclosed, but total bad debt across all lending platforms is estimated above $236 million.

Of the hacker’s total stolen pile, roughly $266 million is now sitting as borrowed ETH across Ethereum and Arbitrum hubs. Arbitrum’s freeze locks up $71 million of that, leaving about $195 million still under hacker control at the time of publication, according to on-chain tracking from security firm Innora.ai.

So, is Tron actually the most decentralized blockchain?

Tron runs on a system called Delegated Proof-of-Stake, where 27 elected validators produce blocks.

That is a small number compared to Ethereum, which has over a million validators, or Solana, which has over 1,000. Fewer validators generally means fewer checks on power.

Token ownership tells a similar story.

Research outlet Protos published a piece in March noting that while Tron markets itself as decentralized, one person owns more than half of every TRX token in existence, which makes the decentralization claim hard to defend.

There is also personal history at play here. In September 2025, Trump-backed World Liberty Financial froze 545 million of Sun’s own WLFI tokens, worth around $100 million at the time. Sun publicly argued that freeze violated the core principles of blockchain. Now, seven months later, he is declaring Tron the world’s most decentralized chain on the same night a different platform froze someone else’s funds.

The two freezes are not morally equivalent. Arbitrum was targeting a suspected North Korean hacker with law enforcement input. WLFI was targeting a legitimate holder over suspicious trading. But the mechanical point Sun is making, that these Layer 2s can freeze wallets, is the same point that applied to his own situation last year, and his own network has even fewer checks on that kind of power than the ones he is implicitly criticizing.

The Aave situation

On Monday, Aave published a full incident report on its governance forum laying out two possible outcomes, depending on how Kelp handles the mess.

If losses are shared across every rsETH holder on every chain, Aave expects around $123.7 million in bad debt, with Ethereum taking the biggest absolute hit.

If losses stay isolated to rsETH on Layer 2 networks, Aave expects up to $230.1 million in bad debt, concentrated on smaller chains. Mantle’s ETH pool could face a 71% shortfall. Arbitrum’s could face 27%.

Aave’s own treasury holds $181 million. It generated $145 million in revenue last year. The report also mentioned that other projects have already committed to helping cover any shortfall, which suggests a coordinated industry rescue is likely.

In the meantime, depositors trying to withdraw ETH from Aave are hitting a wall. The ETH pools are at 100% utilization, meaning every dollar that was deposited has been lent out. Until borrowers pay back or new money comes in, existing depositors cannot withdraw.

TheStreet Roundtable has been covering this from the start. The April 18 exploit is now the biggest DeFi attack of 2026, and $9 billion in withdrawals followed as panic spread. Some depositors chose to leave rather than wait, a decision I walked through in a separate op-ed.