According to @D2_Finance’s analysis, the root cause of the $300 million attack on Kelp DAO’s rsETH cross-chain bridge has been confirmed on-chain: this incident was not due to a protocol-level vulnerability in LayerZero, but rather a trust issue with OApp nodes caused by private key compromise on the source chain. The analysis reveals that the rsETH OFT Adapter on mainnet trusted messages originating from legitimate deployment nodes labeled by LayerZero Scan as “Kelp DAO,” resulting in a single lzReceive call directly releasing 116,500 rsETH from the custodial contract. This indicates the attack was not caused by setPeer injection, but by the project’s own source chain private key being stolen. https://t.co/ZXVaqFXJab
Share
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.