Home
News
Details

SlowMist Analysis Reveals KelpDAO Attack Methodology Involving LayerZero DVN

icon MarsBit
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
SlowMist founder Yuxian analyzed the KelpDAO attack, revealing how $290 million was stolen via LayerZero's DVN. Attackers poisoned the RPC infrastructure, compromised two clusters, and replaced the op-geth binary. Selective deception allowed forged payloads to be sent to the DVN while legitimate data was served to other IPs. DDoS attacks forced a failover to the compromised nodes, enabling validation before logs were erased. Market analysis shows such exploits highlight risks inherent in cross-chain systems. Traders should monitor altcoins closely amid rising security threats.

Huo Xing Finance reports that, according to analysis by Yu Xian (@evilcos), founder of SlowMist, the core of the $290 million theft incident involving KelpDAO was a targeted poisoning attack on the downstream RPC infrastructure of LayerZero’s DVN (Decentralized Verifier Network). The specific attack steps were as follows: first, obtain the list of RPC nodes used by LayerZero DVN; then compromise two independent clusters and replace the op-geth binary files; employ selective deception techniques to return forged malicious payloads only to the DVN, while providing legitimate data to other IPs; simultaneously launch DDoS attacks against unaffected RPC nodes, forcing the DVN to failover to the compromised nodes. After successfully validating the forged messages, the malicious binary self-destructs and erases logs. This ultimately caused LayerZero DVN to issue validation for transactions that never occurred.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.