LayerZero’s Decentralized Verifier Network (DVN) relies on multiple RPCs (Remote Procedure Calls) to check the integrity of cross-chain instructions, and the hackers managed to compromise and poison two of them.“They used this pivot point to execute an RPC-spoofing attack. Their malicious node used a custom payload designed explicitly to forge a message to the DVN with minimal warnings,” LayerZero says.The attackers then launched a distributed denial-of-service (DDoS) attack against the remaining RPCs, triggering a failover to the poisoned ones and allowing the hackers’ malicious instructions to pass as valid.LayerZero saysthe heist was the result of a highly sophisticated attack likely mounted byTraderTraitor, a subgroup within the infamous North Korean APT Lazarus Group that has been blamed for multiple cryptocurrency heists over the past several years.According to LayerZero, the heist could have been prevented had Kelp DAO implemented a multi-DVN setup, which is industry best practice.“This means no single DVN should represent a unilateral point of trust or failure,” LayerZero says, noting it has previously recommended Kelp DAO migrate from its single-DVN configuration.“LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration,” it says.Kelp DAO, on the other hand, blames LayerZero for the snafu, saying its systems were not operating the targeted infrastructure and pointing out that the single-DVN setup is the configuration documented by LayerZero.“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes.Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
“They used this pivot point to execute an RPC-spoofing attack. Their malicious node used a custom payload designed explicitly to forge a message to the DVN with minimal warnings,” LayerZero says.The attackers then launched a distributed denial-of-service (DDoS) attack against the remaining RPCs, triggering a failover to the poisoned ones and allowing the hackers’ malicious instructions to pass as valid.LayerZero saysthe heist was the result of a highly sophisticated attack likely mounted byTraderTraitor, a subgroup within the infamous North Korean APT Lazarus Group that has been blamed for multiple cryptocurrency heists over the past several years.According to LayerZero, the heist could have been prevented had Kelp DAO implemented a multi-DVN setup, which is industry best practice.“This means no single DVN should represent a unilateral point of trust or failure,” LayerZero says, noting it has previously recommended Kelp DAO migrate from its single-DVN configuration.“LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration,” it says.Kelp DAO, on the other hand, blames LayerZero for the snafu, saying its systems were not operating the targeted infrastructure and pointing out that the single-DVN setup is the configuration documented by LayerZero.“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes.Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
The attackers then launched a distributed denial-of-service (DDoS) attack against the remaining RPCs, triggering a failover to the poisoned ones and allowing the hackers’ malicious instructions to pass as valid.LayerZero saysthe heist was the result of a highly sophisticated attack likely mounted byTraderTraitor, a subgroup within the infamous North Korean APT Lazarus Group that has been blamed for multiple cryptocurrency heists over the past several years.According to LayerZero, the heist could have been prevented had Kelp DAO implemented a multi-DVN setup, which is industry best practice.“This means no single DVN should represent a unilateral point of trust or failure,” LayerZero says, noting it has previously recommended Kelp DAO migrate from its single-DVN configuration.“LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration,” it says.Kelp DAO, on the other hand, blames LayerZero for the snafu, saying its systems were not operating the targeted infrastructure and pointing out that the single-DVN setup is the configuration documented by LayerZero.“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes.Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
LayerZero saysthe heist was the result of a highly sophisticated attack likely mounted byTraderTraitor, a subgroup within the infamous North Korean APT Lazarus Group that has been blamed for multiple cryptocurrency heists over the past several years.According to LayerZero, the heist could have been prevented had Kelp DAO implemented a multi-DVN setup, which is industry best practice.“This means no single DVN should represent a unilateral point of trust or failure,” LayerZero says, noting it has previously recommended Kelp DAO migrate from its single-DVN configuration.“LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration,” it says.Kelp DAO, on the other hand, blames LayerZero for the snafu, saying its systems were not operating the targeted infrastructure and pointing out that the single-DVN setup is the configuration documented by LayerZero.“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes.Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
According to LayerZero, the heist could have been prevented had Kelp DAO implemented a multi-DVN setup, which is industry best practice.“This means no single DVN should represent a unilateral point of trust or failure,” LayerZero says, noting it has previously recommended Kelp DAO migrate from its single-DVN configuration.“LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration,” it says.Kelp DAO, on the other hand, blames LayerZero for the snafu, saying its systems were not operating the targeted infrastructure and pointing out that the single-DVN setup is the configuration documented by LayerZero.“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes.Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
“This means no single DVN should represent a unilateral point of trust or failure,” LayerZero says, noting it has previously recommended Kelp DAO migrate from its single-DVN configuration.“LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration,” it says.Kelp DAO, on the other hand, blames LayerZero for the snafu, saying its systems were not operating the targeted infrastructure and pointing out that the single-DVN setup is the configuration documented by LayerZero.“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes.Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
“LayerZero and other external parties previously communicated best practices around DVN diversification to KelpDAO. Despite these recommendations, KelpDAO chose to utilize a 1/1 DVN configuration,” it says.Kelp DAO, on the other hand, blames LayerZero for the snafu, saying its systems were not operating the targeted infrastructure and pointing out that the single-DVN setup is the configuration documented by LayerZero.“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes.Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
Kelp DAO, on the other hand, blames LayerZero for the snafu, saying its systems were not operating the targeted infrastructure and pointing out that the single-DVN setup is the configuration documented by LayerZero.“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes.Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
“Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout. The question of DVN configuration came up during Kelp’s L2 expansion, and defaults were affirmatively confirmed as appropriate at that time,” it notes.Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
Kelp saysit is currently prioritizing preventing contagion across DeFi. Several partners, such as Arbitrum Security Council, immediately froze assets in addresses connected to the heist.Despite that, the impact of the incident appears to be broad. In the fallout, decentralized non-custodial liquidity protocol Aave registered a nearly $8 billion drop in total value.According toBinance, the hackers deposited the stolen funds into Aave v3 as collateral and borrowed wrapped Ether, thus creating $195 million in debt on Aave. As users rushed to withdraw assets, Aave v3 lending pools reached full utilization, blocking over $5.1 billion in stablecoins.Related:North Korean Hackers Drain $285 Million From Drift in 10 SecondsRelated:International Operation Targets Multimillion-Dollar Crypto Theft SchemesRelated:US Charges Uranium Crypto Exchange HackerRelated:Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
Source: SecurityWeek
