TL;DR:
- KelpDAO held LayerZero liable for the April 18 exploit that prompted losses of over $300 million.
- Impartial researchers from SEAL 911 confirmed the breach occurred inside LayerZero’s infrastructure perimeter, not as a result of a Kelp configuration error.
- The protocol will migrate rsETH to Chainlink CCIP, whose oracle community dealt with over $30 trillion in worth throughout greater than seven years of operation.
KelpDAO publicly challenged LayerZero‘s account of the April 18 exploit that generated losses exceeding $300 million throughout the DeFi ecosystem.
By means of an in depth report exhibiting inside communications, on-chain information and unbiased safety analysis, the protocol maintained that the flaw resided in LayerZero’s personal infrastructure and never in a configuration error on Kelp’s half. As a direct response to the incident, the crew introduced a full migration to the Chainlink CCIP protocol to safe rsETH.
The Breach LayerZero May Not Comprise
The attackers compromised LayerZero‘s DVN infrastructure, breached two RPC nodes and executed a denial-of-service assault on the remaining nodes. This compelled DVN signers to validate a non-existent transaction.
KelpDAO detected two further fraudulent transactions totaling $100 million and paused its contracts earlier than the injury might unfold. LayerZero’s public response got here greater than 34 hours after the incident and attributed the assault to an RPC-spoofing scheme. Nevertheless, SEAL 911 researchers concluded that the issue originated inside LayerZero’s personal belief perimeter.
The group linked the attackers to North Korea with a excessive diploma of confidence and specified that they fraudulently triggered an attestation from LayerZero’s DVN. LayerZero’s personal postmortem acknowledged that the attackers accessed its DVN’s RPC listing and changed node binaries. Information from Dune Analytics confirmed that roughly 47% of LayerZero OApp contracts operated with a 1-1 DVN configuration, and that greater than 90% of messages over the previous 90 days relied solely on the LayerZero Labs DVN.
Kelp’s Configuration Had Been Accredited
KelpDAO famous that its 1-1 DVN configuration was explicitly authorised by a member of the LayerZero Labs crew by way of Telegram, with no danger warning issued throughout greater than two years and eight documented integration discussions. Researchers additionally discovered that LayerZero’s AWS deployment uncovered a public gateway with no IAM authentication, no WAF and no IP allowlists. The quorum configured at 1 meant that backup RPCs operated as failover somewhat than as a multi-provider consensus mechanism.
Kelp initiated the migration of rsETH to Chainlink’s Cross-Chain Token normal, whose community dealt with over $30 trillion in worth throughout seven years of steady operation via a number of disruptions. KelpDAO additionally famous that ten addresses shared the ADMIN_ROLE in each the LayerZero Labs and Nethermind DVNs as of April 8, which calls into query the true independence between each operators. A full forensic report will probably be printed as soon as the assessment is full.
