Rewards Hub Kelp DAO's rsETH cross-chain bridge suffered a nearly $300 million attack due to a private key leak on the source chain, according to analysis by D2 Finance. The incident was not caused by a protocol-level vulnerability in LayerZero, but rather a trust issue with OApp nodes. The mainnet's rsETH OFT Adapter trusted messages from a node marked as a legitimate Kelp DAO deployment by LayerZero Scan, leading to the release of 116,500 rsETH in a single lzReceive call. This indicates the attack stemmed from the project's own source chain private key theft, not a setPeer injection.
Kelp DAO's rsETH Bridge Attack Traced to Private Key Leak
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.