"When stolen, assets rarely simply sit in one place. The attacker often moves it hot-potato-style from one account to another. In this case, the attacker could even monitor the mempool and move the assets in a front-running transaction if they see a freeze request incoming. Our solution to avoid this scenario is by conducting the entire freeze (and its calculations) on-chain in one single transaction, so that the attacker can’t “outrun” the freeze."