A significant security breach involving the minting of 116,500 rsETH, valued at approximately $292 million, has exposed vulnerabilities in Kelp DAO's cross-chain bridge. The attack, attributed to the Lazarus Group, saw the hacker exploit a configuration flaw in LayerZero's Decentralized Verifier Network (DVN), allowing them to withdraw $236 million in ETH from major lending protocols like Aave. This incident has reignited debates over accountability in the DeFi ecosystem, particularly concerning the intersection of protocol infrastructure and application layers.
Initially, public criticism targeted Kelp DAO for using a 1-of-1 verifier setup, deemed a "paper lock." However, the focus shifted to LayerZero after Kelp presented documentation suggesting the default configurations were inherently risky. LayerZero CEO Bryan Pellegrino has since taken responsibility, acknowledging the systemic issues in their default settings. The controversy highlights a broader clash between the "geek ethic" of user responsibility and the "security-by-default" principle, emphasizing the need for secure default configurations in blockchain products.
LayerZero CEO Accepts Responsibility for rsETH Hack Exploiting Cross-Chain Bridge
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.