Michael Lewellen - Security Council Reelection Mar 2026

Introduction

gm Arbitrum DAO. I am excited to announce my candidacy for reelection to the Arbitrum Security Council as an individual member.

I’ve served on the Council over the past year, which has been a pivotal time for the ecosystem. Between major governance shifts and the constant evolution of the L2 landscape, the threat of technical issues or governance capture remains as present as ever. We need a council that is both vigilant and technically deep. With over a decade of experience in security and smart contract development, I remain committed to ensuring Arbitrum stays the most resilient ecosystem in Web3. For more context on my history with the DAO, you can review my prior candidacy post from March 2025.

Professional Background

My career is dedicated to the technical and operational security of decentralized protocols:

• Head of Solutions Engineering at Turnkey (Aug 2025 – Present): Leading secure wallet infrastructure and private key management integrations for major web3 protocols, dapps and financial institutions.
• Security Advisor for the Compound Foundation: I advise the Foundation on governance security and serve on the Community Multi-sig (Security Council equivalent). I recently managed a $2M security RFP to restructure their security service provider framework. This role is highly relevant to Arbitrum, as Compound currently has ~$90M in TVL deployed on the network.
• Former Head of Solutions Engineering at Blockaid: Led security solutions for onchain monitoring used by teams like Coinbase, MetaMask, and Uniswap.
• Head of Solutions Architecture at OpenZeppelin (~4 years): Designed security frameworks for major DAOs and co-authored industry standards for Security Council best practices.

Involvement in the Arbitrum Ecosystem

In addition to my duties as a council member, I stay active in the technical and governing evolution of the network:

• Security Council Member: I previously served on the Council on behalf of OpenZeppelin for part of their March 2024 cohort before moving into my current service as an individual member.
• ARDC Leadership: I ran OpenZeppelin’s early ARDC work, shaping the security strategy for the first version of the Arbitrum Research & Development Collective.
• Governance Contributions: I provided direct feedback on the forums regarding the Security Council Election Process Improvements back in August 2025 to help refine the potential process for future cohorts.
• Stylus Sprint Grants Committee: I served on this committee over the past year (concluding in Jan 2026), evaluating projects to ensure the technical expansion of the Arbitrum stack remains safe and high quality.

Incident Response Experience

I’ve led or contributed to post-mortems and emergency responses for multiple complex incidents in DeFi:

• Compound TUSD Integration ($80M impact mitigation): Post-mortem analysis
• ThirdWeb Arbitrary Address Spoofing Disclosure: Vulnerability disclosure
• Compound cETH Price Feed Incident Response: Incident post-mortem

Motivation for Reelection

Security councils must be highly responsive, technically elite, and governance-aware. As the DAO moves toward more sophisticated governance structures, the Council needs members who understand the nuances of both the code and the constitutional framework. I am acutely aware of the challenges in balancing technical risk with governance capture incentives and the legal concerns surrounding DAOs and decentralized protocols. I offer an independent, technical voice with experience working across multiple leading security firms and DAOs. My goal is to ensure transparent, security-first decision-making while being a collaborative participant who can contribute to independent decision-making in high-stress situations.

Conflict of Interest Statement

I am currently the Head of Solutions Engineering at Turnkey. We provide wallet infrastructure, which does not conflict with the duties of the Security Council. I also serve on the Compound Community Multi-sig and the Story Protocol Security Council. Neither of these roles conflict with my responsibilities to Arbitrum. My primary duty in this context is to the Arbitrum DAO and the safety of its users.

Conclusion

With my history in the Arbitrum ecosystem and continued leadership in the security industry, I am eager to serve another term. I appreciate the trust the DAO has placed in me thus far and look forward to keeping Arbitrum secure.

image1024×1024 296 KB

Twitter: @LewellenMichael
Tally Profile: 0xbbd…9392

Subject: Incident Response Playbooks for Economic Logic Failures

"GM Michael,

Your experience with the Compound TUSD mitigation and the cETH price feed response is exactly the kind of ‘battle-tested’ leadership the Council needs.

I have a question regarding Incident Response (IR) for Non-Code Exploits:

In your post-mortem work, you’ve handled many technical bugs, but as the Arbitrum ecosystem grows more complex, we see risks that aren’t ‘bugs’ but ‘Economic Logic Collisions’—specifically Liquidation Deadlocks (Whale Chokes). These occur when the protocol logic is technically ‘correct’ but mathematically trapped under high-leverage volatility, freezing the system’s ability to clear bad debt.

As a Council member, how would you prioritize the creation of ‘Economic IR Playbooks’?

Do you believe the Security Council should have the authority to trigger emergency pauses or ‘forced liquidations’ when a systemic logic deadlock threatens the USDS or USDC peg on Arbitrum, even if the smart contract code itself is performing exactly as written?

I’d value your perspective on how we move from ‘Bug Hunting’ to ‘Systemic Risk Hunting.’

Eklavya (Independent Risk Researcher)

GM @Eklavya,

It’s a good question that touches on the critical boundaries of what the Security Council is designed to protect. My perspective on the Council’s responsibilities is guided by this core intent of Section 3 of the Arbitrum Constitution:

The Security Council must not use its power to perform Emergency Actions except in a true security emergency, such as a critical vulnerability that could significantly compromise the integrity, confidentiality, or availability of a chain governed by the ArbitrumDAO.

Because the L2 core protocol does not operationally rely on non-ETH assets like USDC, my interpretation is that application-layer economic deadlocks do not meet this constitutional threshold. In my view, the Council does not have the authority to trigger pauses or forced liquidations on third-party dApps to resolve DeFi mechanics that don’t impact the core Arbitrum chain.

The closest L2 equivalent to an economic attack is a gas mispricing issue that enables a network DDOS. We resolved exactly this during one of my prior Security Council terms via an emergency protocol upgrade, which you can read more about here: Arbitrum Security Council Emergency Action - ArbOS 32

That being said, there can absolutely a role for Council members to assist with community projects in an informal capacity, without invoking any emergency actions. If the DAO or another community entity wishes to explore economic IR playbooks, I would be happy to support the effort. This could also be an excellent initiative for the SEAL Wargames group to explore further as they’ve done an excellent job simulating these types of economic incidents on Compound.

GM Michael,
Thank you for the detailed clarification on the Constitutional boundaries. It makes sense that the Council’s mandate is restricted to the core L2 integrity rather than application-layer DeFi mechanics.
I appreciate the lead on the SEAL Wargames group and the ArbOS 32 post-mortem. Your point about ‘Economic IR Playbooks’ is exactly where I see a gap in the current ecosystem.
Since the Council must remain neutral, I will look into framing this as a community-led initiative within the DAO to create standardized responses for these ‘Logic Collisions.’ I’d value your informal guidance as I map out a few ‘Whale Choke’ scenarios that could threaten systemic liquidity.
I’ll be following the SEAL group’s progress closely. Thanks again for the support for this initiative

GM Michael,

I hope you’re having a productive week.

I’m writing to follow up on our recent discussion regarding the gap in Economic Incident Response (IR) for application-layer deadlocks on Arbitrum.

Taking your advice to heart, I have officially submitted a $25,000 grant proposal via Questbook (DDA 3.0) under the title “Project Sentinel: Economic IR Playbooks & Liquidity Deadlock Simulations”.

The project focuses on three core pillars:

Threat Mapping: Identifying specific “Whale Choke” logic collisions in major Arbitrum lending protocols.

Response Playbooks: Creating standardized emergency frameworks for DAO delegates.

Live Simulations: Coordinating with groups like SEAL Wargames to stress-test these scenarios.

I’ve structured this as a focused 3-month sprint to provide the DAO with the tools it needs to protect systemic liquidity during extreme volatility. I would value any further informal guidance you might have as the proposal moves through the review phase.

Thank you again for the “excellent initiative” spark that moved this from an idea to a formal submission.

Best regards,

Eklavya

Lead Researcher, Project Sentinel

I have worked with Michael many times and then can highly recommend him for this position.

Hope we can work together here too

Thank you @pablito.eth! Same goes to you!

You can find my reelection candidate profile here: Michael Lewellen | Arbitrum Security Council Candidate