Home
News
Details

SlowMist Analysis: KelpDAO Hack Involves Targeted RPC Poisoning and LayerZero DVN Forgery

iconTechFlow
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
SlowMist founder Yuxian analyzed the KelpDAO hack, demonstrating how attackers used targeted RPC poisoning and LayerZero DVN forgery. By replacing the op-geth binary in two clusters, they fed malicious data to the DVN while remaining hidden from others. A DDoS attack redirected traffic to the poisoned nodes, enabling forged transactions to be signed before logs were erased. Traders monitoring altcoins may observe ripple effects as the Fear & Greed Index responds to such exploits.

According to analysis by Yu Xian (@evilcos), founder of SlowMist, the core of the $290 million theft incident involving KelpDAO was a targeted poisoning attack against the downstream RPC infrastructure of LayerZero’s DVN (Decentralized Verifier Network). The specific attack steps were as follows: First, the attackers obtained the list of RPC nodes used by LayerZero DVN, then compromised two independent clusters and replaced the op-geth binary files; using selective deception techniques, they returned forged malicious payloads only to the DVN while providing legitimate data to all other IPs; simultaneously, they launched DDoS attacks against uncompromised RPC nodes, forcing the DVN to failover to the poisoned nodes. After successfully validating the forged messages, the malicious binary self-destructed and erased logs. This ultimately caused LayerZero DVN to issue validation for transactions that never occurred.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.