On Saturday the KelpDAO protocol suffered a $292 million hack by actors linked to the DPRK, with the vulnerability involving a cross chain exploit and around 77% of the unbacked tokens deposited as collateral with lending pool Aave. The hackers withdrew a different token from lending pools, leaving some lending pool participants facing potential losses. Total value locked on Aave has dropped by more than $10 billion according to DeFiLlama to just under $16 billion. In this article we will briefly explore what happened, how TradFi differs, what went right and wrong, and practical steps going forward.
The attack related to the cross chain bridge LayerZero, with the exploiters taking advantage of KelpDAO only using a single validator for cross chain transactions, creating a single point of failure, a topic that has some unexpected lessons for TradFi (outlined later). Since this hack, LayerZero no longer allows the use of single validators for cross chain bridges. The exploit resulted in the issuance of $292 million in unbacked rsETH which are receipts for staked ethereum tokens.
Cross chain bridges have long been a weak link in the crypto world with DeFiLlama measuring the total losses at just under $3 billion out of a total of $16.5 billion in hacks. By far the biggest source of losses are compromised private keys (44.5%), the ByBit theft last year involving a compromise in a multi signature wallet (9%) and access control exploits (4.6%).
Some TradFi approaches acknowledge the bridge vulnerabilities and take a more centralized approach. For example, the DTC’s upcoming tokenized securities require tokens on one chain to be burned and minted on another via DTC infrastructure rather than using bridges for cross chain transfers. Stablecoin issuer Circle’s cross chain protocol is similar, whereas Tether’s USDT0 is powered by LayerZero. Swift has trialed Chainlink’s cross chain interoperability protocol (CCIP) which has a very different design to LayerZero, but may receive additional scrutiny.
Article continues …
Want the full story? Pro subscribers get complete articles, exclusive industry analysis, and early access to legislative updates that keep you ahead of the competition. Join the professionals who are choosing deeper insights over surface level news.
