#What Happened in the KelpDAO Attack?
The recent report from LayerZero reveals that the Lazarus Group, a North Korea-affiliated cybercrime organization, executed a significant attack on KelpDAO's restaking protocol. This incident occurred over the past weekend and led to an alarming loss of $292 million, with the exploitation focused specifically on KelpDAO's rsETH token. Importantly, no other assets or applications utilizing LayerZero experienced any adverse impacts from this breach.
#How Did the Attack Occur?
The attack leveraged LayerZero’s cross-chain messaging platform, which is essential for authenticating transactions across various networks. The attackers forged a legitimate transfer request that facilitated the unauthorized movement of approximately 116,500 rsETH, a sum representing roughly 18% of the token's total supply of about 630,000.
In their findings, LayerZero emphasized that the attackers pinpointed vulnerabilities within the RPC infrastructure that supports LayerZero Labs' Decentralized Verifier Network, or DVN. By compromising two RPC nodes, they manipulated the operational software, simultaneously executing distributed denial-of-service attacks against remaining nodes to redirect traffic to the compromised ones. This deceitful setup provided falsified data exclusively to the DVN while appearing genuine to other observers, effectively circumventing security protocols. Astoundingly, the malicious nodes erased all traces of their activities after the attack concluded.
#What Went Wrong for KelpDAO?
The vulnerability exploited was further compounded by KelpDAO’s choice to maintain a single-DVN configuration, which LayerZero had recommended against. Prior communications highlighted the importance of employing a multi-DVN structure for added security. Despite these cautions, KelpDAO opted for a more streamlined approach and has since faced the consequences of that decision.
In response to this serious security breach, LayerZero has taken immediate action. They have restored their DVN infrastructure and are reaching out to other applications still utilizing a single-DVN configuration, mandating their migration to a more secure setup. Furthermore, LayerZero will cease signing transactions from any applications adhering to a 1/1 verifier framework.
#What Are the Aftereffects?
In the aftermath of the breach, KelpDAO has temporarily suspended all rsETH contracts across its mainnet and various layer 2 networks, and they are collaborating with security experts to conduct a thorough investigation. LayerZero Labs is also cooperating with law enforcement agencies worldwide and has enlisted the help of Seal911 and other partners to track down the stolen funds. This incident has now become the largest hack in the decentralized finance realm in 2023, narrowly surpassing a previous exploit of $285 million involving Drift Protocol.
#Is There a Broader Impact on DeFi?
The hack has initiated ripple effects throughout the decentralized finance sector, with other protocols feeling the strain. Aave, for instance, has reported a drop in total value locked (TVL) to $17.5 billion, representing a decline of $8.8 billion over just two days, as data compiled by DeFiLlama indicates. The overall DeFi landscape is also experiencing significant outflows, with total value locked falling from over $99 billion to around $86 billion. Investors should monitor these developments closely, as the ramifications could affect market stability and investment strategies moving forward.