Home
News
Details

SlowMist's Yuxian Analyzes the KelpDAO Attack Process

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
According to ChainCatcher, SlowMist founder Yuxian analyzed the KelpDAO attack that resulted in a $290 million theft. The attack targeted LayerZero’s DVN by poisoning RPC endpoints. The attackers obtained the RPC node list, compromised two clusters, and replaced the op-geth binaries. They sent forged data to validator nodes while providing legitimate data to others. DDoS attacks on unaffected nodes forced the DVN to switch to the compromised ones. After fake validation, the malicious binaries self-destructed, erasing logs and enabling a fraudulent transaction to be signed.

ChainCatcher report: According to analysis by Yu Xian (@evilcos), founder of SlowMist, the core of the $290 million theft from KelpDAO was a targeted poisoning attack against the downstream RPC infrastructure of LayerZero’s DVN (Decentralized Verifier Network). The specific attack steps were as follows: First, obtain the list of RPC nodes used by LayerZero DVN, then compromise two independent clusters and replace the op-geth binary files; employ selective deception to return forged malicious payloads only to the DVN, while providing legitimate data to other IPs; simultaneously launch DDoS attacks against uncompromised RPC nodes, forcing the DVN to failover to the compromised nodes. After validating the forged messages, the malicious binary self-destructs and erases logs. This ultimately caused LayerZero DVN to issue validation for transactions that never occurred.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.