In short
- Kelp says LayerZero has agreed to a settlement that is linked to $292 million, which LayerZero denies.
- The protocol is revamping its communication system after the hack.
- A US court fight for $71 million in frozen funds could create DeFi recovery rules.
KelpDAO is accusing LayerZero of a $292 million take advantage of and prepare to re-install with a re-engineered cross system A link in the chainthe group announced on X Tuesday.
“As of April 18, it is clear that LayerZero’s tools were used, resulting in $300M in damage to DeFi,” Kelp DAO. he wrote at X. “Independent reports from SEAL 911, Chainalysis, and other major security researchers all point to the same origin.”
In April, the attack ended 116,500 rsETH – a token from Ethereum – from the bridge used by Kelp, a protocol that allows Ethereum users to move tokens between blockchains. This was linked to North Korea’s Lazarus movement.
Specially post on X, Kelp said LayerZero staff accepted the configuration associated with the project and did not warn that it could pose a security risk. The implementation, known as a 1-of-1 verifier, relies on a single party to verify the actions of different parties.
Kelp said the attack was caused by a breach in LayerZero’s infrastructure, where the attackers tampered with the authentication network’s RPCs and forced the system to rely on compromised data, allowing false claims to be accepted.
“After implementation, LayerZero announced that it will no longer sign or verify messages for any application using a 1-1 DVN configuration,” Kelp said. “These policy changes, made after hundreds of millions of dollars were spent, confirm that this was a LayerZero update that LayerZero Labs only changed after it failed.”
In April wordsLayerZero disputed this account, saying that the exploit was unique to Kelp’s rsETH application and resulted from the use of a single authentication method that contradicted the company’s accepted multi-authentication policy.
Kelp DAO wrote: “This production does not match the facts. It is a matter of public knowledge that the establishment of 1-1 was not exclusive to Kelp.”
According to Kelp, it followed the LayerZero script with default layouts. The company also said that the implementation is widely used around the world, pointing to data that shows a large share of applications that rely on similar layouts.
Kelp said it was moving rsETH The system for Chainlink is a cross-chain interoperability protocol, where the sender must be approved by several independent verifiers instead of one verifier.
“We are committed to working with the KelpDAO team to improve the security of rsETH and support their migration to the Chainlink CCIP,” said Chainlink’s chief business officer Johann Eid. Decrypt. “We have always believed that for DeFi to reach its potential to bring in billions, the ecosystem must be supported by highly secure infrastructure.”
The effects of Kelp use have continued to be a technical debate. About $71 million in crypto linked to the incident was frozen on the Arbitrum network, which led to legal battle in a New York court.
“There are questions that nature needs to be answered,” said Kelp DAO. “And we’re making sure that rsETH is protected by an infrastructure that doesn’t leave these questions open.”
LayerZero did not immediately respond to a request for comment Decrypt.
Daily Debrief A letter
Start each day with top stories right here, including originals, podcasts, videos and more.
