"The attackers targeted LayerZero, the cross-chain messaging infrastructure, to poison the verification process and drain funds. They executed an RPC-spoofing attack using a custom payload designed to forge a message to the Decentralized Verifier Network with minimal warnings."
"Following the heist, Kelp paused relevant contracts and blacklisted the attackers' wallet, which resulted in a second attack targeting an additional 40,000 rsETH being blocked."
"LayerZero stated that the heist was the result of a highly sophisticated attack likely mounted by TraderTraitor, a subgroup within the infamous North Korean APT Lazarus Group."
"According to LayerZero, the heist could have been prevented had Kelp DAO implemented a multi-DVN setup, which is considered an industry best practice."
The Lazarus Group, linked to North Korea, executed a $290 million cryptocurrency heist from Kelp DAO. The attack involved draining 116,500 rsETH through a malicious instruction. Kelp DAO paused contracts and blacklisted the attackers' wallet, preventing a second attack on an additional 40,000 rsETH. The attackers exploited a vulnerability in Kelp's verification process and targeted LayerZero's infrastructure. They executed an RPC-spoofing attack and launched a DDoS attack against remaining RPCs, allowing their malicious instructions to pass as valid. LayerZero indicated that a multi-DVN setup could have prevented the heist.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]