On October 20, 2025, blockful purchased 14.4 million votes through LobbyFi during the Arbitrum Security Council election, bringing to light scenarios that most delegates and DAO participants don’t even imagine.

“LobbyFi allows users to delegate their voting power in a DAO, which can then be bought by others in auctions or at a fixed price to influence voting decisions.”

LobbyFi, only weeks or months earlier, had publicly stated that they would not activate their protocol for Security Council elections. A controversial point, they had been active participants in governance and, even when not seen as entirely non-malicious, many believed they would at least be aware of LobbyFi’s moves through their ongoing communication with the Arbitrum DAO, and likely with both the OpCo and the Foundation.

The issue, however, does not lie in communication, in the vote-buying protocol itself, or in any assumptions the DAO may make. The real problem is that we seem to have forgotten the trustless core of the ecosystem. As cliché as it may sound, we should not rely on assumptions (for example, “Delegates are honest, so it’s safe to reduce the delegate voting power (DVP) quorum,” or “It’s fine, we talked with LobbyFi and they won’t participate” - which we heard from different stakeholders).

I personally appreciate when the normalcy bias is challenged. There have been numerous comments, suggestions, forum posts, and improvement attempts from various delegates over time. With the normalcy bias now broken, we must address the motivations behind this action, understand its implications, and, most importantly, discuss what must be discussed: the issue exists at the mechanism-design level. Let us take it step by step.

In practice, wallets holding large voting power can determine who enters the Council. Entities like Entropy Advisors and L2BEAT together held (as of October 20) over 39.13 million votes. If either used their full voting power toward a single candidate, that would be enough to guarantee a seat. – Today, unfortunately, L2BEAT has lost part of its voting power, standing at 9.68 million votes. Still, let us analyze the snapshot from the moment of the event.

These delegates have consistently chosen to distribute their votes and not fully utilize their power, demonstrating responsible governance behavior. Unfortunately, this good practice is not enforceable. A malicious actor could accumulate $ARB or form alliances with large holders to influence outcomes, potentially gaining privileged access to Arbitrum’s most critical defense mechanism: the Security Council.

It is also worth noting that Entropy could, in this situation, almost single-handedly reverse the outcome. Many might think, “Excellent, they would protect us,” while others would recognize that, in practice, for almost every scenario, they hold almost the final power of decision over what happens — or does not happen — within the Arbitrum DAO.

We are not, in any way, questioning the integrity of the major voters and players, who are mostly builders and active contributors to the Arbitrum DAO. However, our position is that the ecosystem’s trustless foundation must be preserved to ensure the DAO’s long-term security and independence. Regardless of how responsible or reputable large delegates may be, the DAO’s resilience should never rely on individual behavior or discretion.

After conversations with several stakeholders within Arbitrum, it became clear that using LobbyFi in the Security Council election was perceived as a potential risk that had been largely overlooked.

blockful purchased votes in the Security Council election through LobbyFi — something offered by the LobbyFi team itself. LobbyFi’s existence forces the Arbitrum DAO to think more deeply about its governance security and to raise its standards. Fortunately, their team is well-intentioned. But that is a matter of luck, and the ecosystem cannot depend on luck. Any other actor (whether on LobbyFi’s side or the vote buyer’s side) could act maliciously.

​​This post is accompanied by an extensive discussion within the Arbitrum DAO forum addressing vote-buying services, where community members debate their implications, transparency, and governance risk. For direct reference, see the thread:

DAO Discussion: Vote Buying Services

Last weekend, hitmonlee.eth paid 5 ETH (~$10k) on LobbyFi for 19.3M ARB votes (~$6.5m) and all votes were cast for CupOJoseph. The purchase to 'vote for option 8' can be found here: LobbyFi has been active in the ArbitrumDAO for several months, but this is the first material example of someone willing to pay a significant amount (i.e., 5 ETH) to influence the outcome of an election.

https://forum.arbitrum.foundation

DAO Discussion: Vote Buying Services

I've written extensively on the issue pertaining to the economics of DAO vote buying. While it predates the existence of LobbyFi It may offer some useful insights into the ongoing debate.

https://forum.arbitrum.foundation

As we stated in our forum post: we care deeply about the governance layer of the Ethereum ecosystem, and our goal is to protect DAOs... preferably with their cooperation.

[DAO Discussion] Governance Security: blockful's stress test Using LobbyFi in the Security Council Election

DAO Discussion] Governance Security: blockful's Stress Test Using LobbyFi in the Security Council Election Summary We are all aware of some possible governance risks, but they seem quite theoretical until someone takes action. Today we are taking action to show how feasible it is.

https://forum.arbitrum.foundation

The Security Council is the most critical component of Arbitrum governance:

• It protects users and the protocol through emergency upgrades.

• It can veto DAO proposals, defending the ecosystem from governance attacks.

But this raises an essential question: Who secures the Security Council?

“But despite all of these important issues, there have been much fewer examples of outright voter bribing, including obfuscated forms such as using financial markets, that simple economic reasoning would suggest. The natural question to ask is: why haven't more outright attacks happened yet?

My answer is that the "why not yet" relies on three contingent factors that are true today, but are likely to get less true over time:

1. Community spirit from having a tightly-knit community, where everyone feels a sense of camaraderie in a common tribe and mission..

2. High wealth concentration and coordination of token holders; large holders have higher ability to affect the outcome and have investments in long-term relationships with each other (both the "old boys clubs" of VCs, but also many other equally powerful but lower-profile groups of wealthy token holders), and this makes them much more difficult to bribe.

3. Immature financial markets in governance tokens: ready-made tools for making wrapper tokens exist in proof-of-concept forms but are not widely used, bribing contracts exist but are similarly immature, and liquidity in lending markets is low.” – DAOs are not corporations: where decentralization in autonomous organizations matters. (2022, September 20). https://vitalik.eth.limo/general/2022/09/20/daos.html

"The fool looks at a finger that points to the sky.”

During the event, we monitored the main Arbitrum DAO channels closely. Below I address several points that were raised and present a clearer structure for the conversation.

As I noted above, difficult actions are often the price of necessary change. Regrettably, I did not see any other way to convene over 40 people in a Twitter Space, including qualified delegates, to reflect and deliberate on Arbitrum governance vulnerabilities. Despite numerous proposals and suggestions for improvement, no effective remedy had been implemented. With the normalcy bias broken, we must now address motivations, interpret what this action meant, and focus on the real issue: mechanism design.

It is worth highlighting the DVP quorum proposal, which pushes in the opposite direction of fixing present vulnerabilities. That proposal rests on the assumption that large delegates will always vote. That assumption is problematic in two ways. First, it presumes behavior without a mechanism to enforce it. Second, it effectively relies on the voting power of OpCo, which is also not a reliable safeguard for governance security.

We, at this point, are not “messing around to prove a point”.

The purpose was not to interfere, but to reveal how inexpensive and accessible it would be for a malicious actor to do so. Ignoring such a risk because it was exposed by a white-hat initiative would be short-sighted. Governance security must be tested as rigorously as smart contracts are audited.

Mainnet is not a playground, but it is also not a place where critical governance flaws should remain hypothetical until exploited. Understanding and addressing these risks is part of building a safer, more resilient DAO.

Because blockful’s core is security oriented, we approach this matter from a governance security perspective. Currently, the quorum for proposals is 3 percent for non-constitutional items and 5 percent for constitutional items. Given the votable supply, that equates to roughly 141 million and 212 million $ARB respectively. In value terms, reaching quorum for a proposal in the Arbitrum Treasury can cost tens of millions of dollars. With the Treasury holding significant liquid assets and over a billion dollars in $ARB, the cost to reach quorum is comparatively low. In 2025 the number of votes cast in Arbitrum proposals rarely exceeded 240 million, and in many instances did not reach 200 million.

Under the current proposal to consider roughly 50 percent of Delegate Voting Power as the quorum, we set the quorum to approximately 100 million and 150 million ARB. If we set the parameter to a value below the current suggestion, Arbitrum makes it even cheaper to reach quorum, potentially lowering the cost by around 30 percent. If it costs about 40 million dollars to reach quorum while the DAO holds more than 50 million dollars in liquid assets not denominated in ARB, then a financially rational attacker can profit from influencing governance.

We respect and admire the large delegates and acknowledge the work of OpCo and the Foundation to improve governance processes. However, if this conversation was not brought to light earlier, it is because the structural problem had not been sufficiently addressed.

It is encouraging that the DAO mobilized quickly and that delegates coordinated a rapid response. Nevertheless, the event occurred and our focus remains on security. Social pressure is part of our remit. Some delegates, OpCo members, and Foundation representatives have every right to feel upset. I still believe it would be far more dangerous if a truly malicious actor had executed a similar operation. The most professional course of action now is to understand the core point. Whether one agrees with the approach or not, exposing the risk is something several actors have attempted over time.

As someone who has been part of this DAO for years, I do not consider reaching this point to be positive for the community. Upset or not, blockful stands ready to assist. Our objective is to fix the game, to stress test the system and observe how the DAO responds. This does not reduce our recognition of the delegates, the Foundation, or OpCo. Our goal is and will remain the protection of the Ethereum ecosystem.

Do not hate the player. Hate the game.

We are attempting to improve the game.

We understand that blockful is now not seated on the Security Council. We will not attempt to solicit votes to reclaim a position. That said, if we were to obtain an additional 1.3 million votes, the situation could change quickly. Pantera Capital acted promptly and we appreciate that responsiveness.

This matter is not about the seat, nor about our conduct, nor about the individual work of contributors. It is about vulnerability at the level of mechanism design and incentives. The right discussion is not whether the seat is legitimate. The right question is how long it will remain extremely cheap to purchase votes and thereby challenge the legitimacy of DAO mechanisms.

Even when the code has been audited, we still need to test the social, economic, and governance layers. This action presents negligible downside in itself, given that emergency actions are protected by a 9 of 12 multisig. A damaging attack on the election would require control of multiple keys. However, there are many other scenarios to consider for the DAO as a whole.

• What if the governance front end is compromised? Currently, only one front end is being used.

• What if an exchange holding a significant amount of ARB is hacked? How many tokens could flow into malicious hands and would the DAO remain resilient?

• What if a set of new wallets holding substantial delegated power emerges immediately before an election?

This is not the moment to concentrate on the workload generated by the response, on how service providers may be upset, on alternative ways the action could have been executed, or on the narrow legitimacy of the seat. The issue before us is far broader.

We must move the conversation from rhetoric to concrete mechanism design reform. Proposals and discussions must be translated into enforceable changes that preserve the trustless character of the ecosystem. That requires thinking in terms of incentives, coordination, redundancy, and timeliness.

To the delegates and contributors who have supported this constructive pressure, thank you. To those who disagree, I understand and share some of the frustration that incremental discussion has not yet produced practical outcomes. To those who reacted with personal attacks, professionalism and a focus on the central problem would better serve the community.

Finally, we present these reflections not to "score points" but to catalyze reform. If we are serious about resilient decentralized governance, we must address mechanism-level weaknesses proactively and collaboratively.

Our goal is simple: raise awareness, initiate reform, and protect the DAO and its users from governance risks.

We are not acting against Arbitrum DAO; our purpose is to work with the DAO to strengthen its structures and improve governance security at the mechanism-design level.

We remain open to discussion, improvements, and continued collaboration.