Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
Hackers exploited Kelp DAO's cross-chain bridge on Saturday, a move that saw millions of dollars being drained, resulting in a ripple effect across multiple crypto platforms.
The attacker stole about 116,500 rsETH, a token issued by Kelp DAO that represents "restaked" Ethereum by targeting a bridge built using LayerZero, a system that allows different blockchains to communicate.
Kelp DAO is a restaking protocol that lets users deposit staking tokens like stETH and cbETH and get rsETH in return. They can then use rsETH in other crypto apps.
The exploit sparked a broad liquidity crunch across DeFi, sparking heavy withdrawals from major lending platforms, including Aave. Developers claim the hack stemmed from a misconfigured cross-chain verification setup in LayerZero-based infrastructure.
The incident affected about 18% of the rsETH supply and follows a string of large DeFi hacks this month (including a $285 million hack of Solana's Drift protocol, smaller protocols such as CoW Swap, Zerion, Rhea Finance and Silo Finance), prompting protocols to freeze markets and urgently review their cross-chain configurations.
Where are the funds?
In a recent tweet, Arkham provided an analysis of where the funds might have gone.
According to Arkham, KelpDAO had $293.7 million stolen in an attack by an entity believed to be the Lazarus Group. The attacker forged a cross-chain message by exploiting LayerZero’s DVN (Decentralized Verified Network) to fake a withdrawal of rsETH to Ethereum.
Arkham tracks the path of the funds since the incident happened on Saturday. It was observed that the attacker deposited the majority of the stolen rsETH to AAVE and Compound.
A total of $269.74 million RSETH were deposited to AAVE and Compound, Arkham noted, with the attacker withdrawing a total of $228.21 million of WETH and wstETH from these DeFi protocols. He also swapped a total of $15.34 million rsETH to $14.51 million ETH using Kyberswap, Euler Finance and Wintermute. The attacker now holds $242.18 million in ETH.
Dan Burgin
U.Today Editorial Team
