The KelpDAO bridge hack, linked to North Korea's Lazarus Group, exploited a vulnerability in the Omnichain Fungible Token bridge, resulting in the theft of approximately 116,500 rsETH, valued at nearly $292 million. The attack highlighted a critical flaw in LayerZero's single-validator architecture, which critics argue poses a significant risk as a single point of failure. LayerZero has since acknowledged communication lapses and confirmed it will no longer offer 1-to-1 Data Verification Network (DVN) configurations, transitioning to more robust settings.
Following the breach, KelpDAO migrated to Chainlink's Cross-Chain Interoperability Protocol (CCIP), addressing the architectural vulnerability. This move has prompted other protocols, with a total locked value of around $2 billion, to follow suit. Meanwhile, DeFi United, formed by Aave, KelpDAO, and LayerZero, is working to restore collateral backing for rsETH, raising over $300 million in cryptocurrency. LayerZero has also enhanced its security measures, including a custom multi-signature system and increased signature thresholds.
KelpDAO Bridge Hack Exposes LayerZero's Single Validator Flaw
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.