short
- Kelp says LayerZero approved the setup associated with the $292 million exploit, which LayerZero disputes.
- The protocol is redesigning its cross-chain system after the hack.
- A US court battle over $71 million in frozen funds could shape DeFi recovery rules.
KelpDAO blames LayerZero for the occurrence $292 million Exploit and plan to relaunch with a redesigned cross-chain system Chain linkthe group announced Day X on Tuesday.
“From the April 18 incident, it is clear that LayerZero’s infrastructure was exploited, resulting in $300 million in losses across DeFi,” Kelp DAO said. books On X. “Independent reports by SEAL 911, Chainasis and other leading security researchers point to the same source.”
In April, the attack was exhausted 116,500 rsETH – an Ethereum-based token – comes from a cross-chain bridge used by Kelp, a protocol that allows users to stake Ethereum and transfer tokens between blockchains. This exploit has been linked to North Korea’s Lazarus Group.
In separate mail On X, Kelp said LayerZero employees approved the configuration associated with the exploit and did not warn that it posed a security risk. The setup, known as a 1-on-1 validator, relies on a single entity to validate transactions across the chain.
Kelp said the attack stemmed from a compromise of LayerZero’s infrastructure, where attackers compromised the verification network’s RPC nodes and forced the system to rely on manipulated data, allowing fake transactions to be approved.
“Following the exploit, LayerZero announced that it will no longer sign or authenticate messages for any application that uses a 1-1 DVN configuration,” Kelp wrote. “This policy shift, made after hundreds of millions of dollars were exploited, confirms that this was a widely used LayerZero configuration that LayerZero Labs only changed after it failed.”
In the month of April statementLayerZero disputed this account, saying that the exploit was isolated to Kelp’s rsETH implementation and resulted from its use of a single verification setting that conflicts with the company’s recommended multiple verification model.
“This framing does not match the facts,” Caleb Dow wrote. “It is a general matter that this 1-1 setup was not unique to Kelp.”
According to Kelp, I followed the LayerZero documentation and default configurations. The company also said the setup was widely used across the ecosystem, pointing to data showing that a large percentage of apps rely on similar configurations.
Kelp said he was moving rsETH The system refers to Chainlink’s cross-chain interoperability protocol, where transactions must be approved by multiple independent validators instead of a single validator.
“We are committed to working with the KelpDAO team on improving cross-chain security for rsETH and supporting their migration to Chainlink CCIP,” said Johan Eid, Chief Business Officer at Chainlink. Decryption. “We have long believed that for DeFi to reach its full potential to bring trillions on-chain, the ecosystem must be supported by highly secure infrastructure.”
The impact of Kelp’s exploitation has extended far beyond the artistic dispute. About $71 million in cryptocurrencies linked to the exploit were frozen on the Arbitrum network, triggering the attack Legal battle In federal court in New York.
“There are questions the ecosystem deserves to answer,” Kelp DAO wrote. “We ensure rsETH is secured through infrastructure that does not leave these questions open.”
LayerZero did not immediately respond to a request for comment Decryption.
Daily debriefing Newsletter
Start each day with the latest news, plus original features, podcasts, videos and more.
