Fake Arbitrum BoLD / Optimism fault-proof L2 force-exit / force-inclusion drainer — "Sequencer censoring your withdrawal — submit force-exit before the 7-day challenge window expires" → fake L1 inbox harvests withdrawal-proof signatures + Permit2 approvals. Arbitrum BoLD + Optimism fault-proofs 2025-26 created legitimate force-exit primitives through the L1 delayed inbox over a 7-day challenge window, lending the lure narrative credibility. Real Arbitrum / Optimism force-exit + force-inclusion flows go through the protocol's native UI on arbiscan.io / bridge.arbitrum.io / app.optimism.io, never via inbound email link. Distinct from `base-superchain-l3-sequencer-fee-refund-claim-lure` (R8 C5, Base superchain L3 refund) — this signal is specifically the Arbitrum / Optimism / force-exit / 7-day-challenge-window framing. Bridge-drainer + crypto-permit2 cluster. Source: GC1 R9 multiagent council top-5 P0 (S4 crypto specialist).

Fake Arbitrum BoLD / Optimism fault-proof L2 force-exit / force-inclusion drainer lure targeting Arbitrum and Optimism users with active L2 deposits. The phish narrative arrives as: "Sequencer is censoring your withdrawal — submit a force-exit through the L1 delayed inbox before the 7-day challenge window expires, sign the withdrawal proof urgently or your funds will drain to the fault-proof bond," or "Optimism sequencer down — submit a force-inclusion through the L1 inbox during the 7-day challenge window, connect wallet to recover and claim your withdrawal proof." Arbitrum BoLD (BOLD = Bounded Liquidity Delay; the Arbitrum fault-proof system that went live across 2025) plus the Optimism fault-proof system (cannon / op-program; live across the OP Stack 2025-2026) created legitimate force-exit / force-inclusion primitives through the L1 delayed inbox over a 7-day challenge window — these are real and necessary trust-minimization mechanisms that retail users have heard of via Arbitrum / Optimism community communications, lending the phish narrative immediate credibility. Lookalike L1-inbox portals prompt the user to sign a withdrawal-proof signature and a Permit2-style approval at a fake `bridge.arbitrum.io` / `app.optimism.io` lookalike; the signed Permit2 approval gives the attacker blank-check token-spend authority for the duration of the Permit2 deadline (typically maximum-uint256 nonce + far-future expiry), draining every approved ERC-20 token from the wallet on the next attacker-initiated transfer. Real Arbitrum / Optimism force-exit + force-inclusion flows go through the protocol's native UI on arbiscan.io / bridge.arbitrum.io / app.optimism.io / offchainlabs.com, with no Permit2 prompt; legitimate force-exit transactions require a direct L1 RPC interaction with the delayed-inbox contract and a withdrawal-proof root that the user can verify on a block explorer. Distinct from `base-superchain-l3-sequencer-fee-refund-claim-lure` (R8 C5, Base superchain L3 sequencer-downtime refund) — this signal is specifically the Arbitrum / Optimism / force-exit / 7-day-challenge-window framing. Bridge-drainer + crypto-permit2 cluster. Fires when body references force-exit / force-inclusion / sequencer-censoring-down-fail / L1 inbox / delayed inbox / fault proof / BoLD / challenge window / 7-day / withdrawal proof / arbitrum / optimism AND contains claim / recover / submit / expir / urgent / drain / connect-wallet / sign-withdrawal-proof / action-required urgency. Excludes arbitrum.io, arbiscan.io, optimism.io, optimistic.etherscan.io, offchainlabs.com, bridge.arbitrum.io, app.optimism.io. Auto-classified as danger via the `-drainer` suffix. Source: GC1 R9 multi-agent council top-5 P0 (S4 crypto specialist).