DeFi, the most dangerous prisoner in history
Author: ChainCatcher
After more than 40 hours of theft, the chain reaction triggered by Kelp DAO continues to ferment, not only to the extent that more and more well-known projects such as Aave, Layer Zero and Arbitrum are involved, but even to the point where some hot narratives are being tried for death。
The famous KOL wind has no direction on X platform, indicating that only ETH is safe and that ARB has authorized the freezing of assets that have been transferred to customers. None of the L2 is really L2 anymore. L2 in Arbitrum, also died in Arbitrum。
Another well-known KOL Blue Fox said that the biggest loss in this Kelp accident was not Aave, nor Kelp, but Layerzero, but it was too short-sighted to see what the whole thing was. The essence of the incident was not false L2 (false L2 even) but false cross-link。
The growing number of views in the public arena, where the parties to the incident used various terms and argued against each other, has made the Kelp DAO theft a typical window of observation of the division of responsibility for security incidents, pragmatism and technological fundamentalism。
ONE, L0 IS PERJURED? THE BRIDGE IS THE BIGGEST LOSER
The key node of the incident was the detailed report of the hacker attack released yesterday by LayerZero, which preliminarily identified the attackers as Lazarus Group from a Korean background. The attack was carried out through the downstream RPC infrastructure on which the DVN had relied by poisoning the attacker ' s control segment of the RPC node and in conjunction with the DDoS attack, leading to the diversion of the induction system to the malicious node, thus forging cross-chain transactions。
“The use of the invasion nodes to carry out a poison attack on the RPC infrastructure, combined with the launching of the DDoS attack on the unaffected RPC to force a failure to move, is complex. This is essentially an infrastructure war.” Animoca Brands, Director of Investment and Cooperation, Samuel Tse, evaluates that。
At the end of the report, Layer Zero stated that the agreement was fully in line with expectations throughout the incident. No loopholes were found in the agreement. The core feature of the LayerZero architecture is modular security, and in this case it has perfectly achieved its intended objective of isolating the entire attack from a single application — the system-wide zero-transmission risk — without any other OFT or OApp being affected。
This complete removal of responsibility for itself has become a trigger for a huge backlash in public opinion, and many well-known professionals are dissatisfied with the performance of Layer Zero in this case。
"L0 cleans itself up, throws the pan to KelpDAO, and it's not a problem. Awesome. Excuse me, why allow 1/1 configuration to exist? Why does the internal RPC list get picked up by the attacker? Why does the failover logic directly trust contaminated RCCs after DDoS, without simply stopping authentication, or even doing a little thing? CM Distinguished Industry Researcher。
“This deliberate evasive attitude makes me uncomfortable. The statement clearly states that “the agreement works in full compliance with expectations”. The attack was described as the attack on the RPC node and the poisoning of the RPC. This was not the case with the poisoning of the RPC, whose own infrastructure was invaded and destroyed. As the statement does not explain how the invasion occurred, I will not be anxious to restart the bridge.” The well-known DeFi developer Banteg indicated。
The official Kelp DAO also spoke out that the single certifier (1/1) configuration that led to the attack was not an option that ignored the recommendation, but rather a default set in the official LayerZero guide, and that the network of certifiers (DVN) used by the attackers was Layer Zero's own infrastructure。
According to the Dune analysis, 47% of the 2665 OApp contracts based on LayerZero use 1/1 DVD configurations, i.e. a single certification mechanism, resulting in a sharp increase in industry risk。
Worse than the problem, the parties do not recognize mistakes and avoid mistakes. LayerZero, the number one player in cross-link communications and Layer0 narratives, is using hundreds of encryption projects using its cross-chain infrastructure to bridge different chains of tokens and assets, which, if arrogantly maintained, will further undermine industry's confidence in them。
Public opinion is generally of the view that Layer Zero, although not directly blacked, has the greatest reputation damage — it must pay the price of “allowing weak configurations”, otherwise the cross-chain narrative will collapse。
In other words, LayerZero needs not only to propose clear technical improvements, but also to assume greater responsibility for asset compensation programmes。
Two, Layer2 dead? Superconventional freeze for Arbitrum
The discussion on Layer2 came from the Arbitrum freeze. At noon today, the Arbitrum Security Committee issued a bulletin stating that urgent action had been taken to rescue 30,766 ETHs stored in the address of Arbitrum One, currently worth $71 million。
Arbitrum also indicated that, after extensive technical investigations and deliberations, the Security Committee had identified and implemented a technical programme to transfer funds to a secure location without affecting any other chain state or Arbitrum user. The address of the original funds held was no longer available to access the funds and only the Arbitrum administration could take further action to transfer the funds, which would be carried out in coordination with the parties concerned。
According to industry sources, the Arbitrum Security Committee used a privileged status to cover the type of transaction (which was part of ArbOS but was essentially never used), allowing the aggressor ' s private key to still sign the transaction, but the ETH of the address was transferred from the chain itself。
This particular type of transaction completely bypasses the attacker ' s private key and can only be injected by the chain itself (controlled by the Arbitrum Security Committee through the chain/ ArbOS upgrade path)。
According to the information received, the Arbitrum Security Council consists of 12 individuals elected by Arbitrum DAO, of whom 9/12 are required for any decision-making。
One stone stirs a thousand waves. Previously, Arbitrum, as a representative Layer2, did not have the ability or the authority to process user ETH assets, which was contrary to the decentrization of the block chain。
In past hacker incidents, hacking USDT, USDC can often be frozen at first instance by Tech, Circle to reduce user losses. ETH, as a primary asset of the chain, has never historically been frozen and transferred by the chain itself and has exceeded the expectations of the vast majority of users。
Many views support the approach of Arbitrum, such as “all companies, banks and formal financial institutions will eventually adopt a secondary structure. Operating as a centralized entity at a critical time is not a flaw, but an advantage.” This is not true for more technocrats。
“No private key, no authorization, direct transfers.” From many points of view, Arbitrum's operation is a redefinition of the decentrization of Layer2, which makes them insecure on Layer2。
The Blue Fox states that the incident has touched the red line of DeFi's core ideology: “Not Your Keys, not your coins”. The event returned to the classic problem of encryption: the security of utilitarian vs is completely decentralised security。
Concluding remarks
When LayerZero said that “the protocol worked exactly as expected”, it preserved its technical correctness and lost public opinion and trust; and when Arbitrum moved $71 million ETH with a privileged deal, it saved user funds, and hit the central narrative of Layer2。
Kelp's Stolen Winds put two of the hottest narratives on the stand: infrastructure or risk amplifiers? Sayer2, is it a reliable expansion of the Taifung, or is it a second-tier bank wearing a central coat
LayerZero recovered damages by using a centralized special voting mechanism for LayerZero and Kelp DAO as a result of the breakdown of the single validation node mechanism. This constitutes an extremely ironic closure: a self-decented agreement that collapses because of its “single weakness” and ultimately has to rely on the “centreized privilege” of another agreement。
It forces the whole industry to confront a question that has never been answered positively: Which side are we willing to sacrifice when the security costs of going to the center of the ideal come into play
The discussion of grand narratives was a focus of opinion, and the user compensation programme was another focus of opinion in reality. Even though Arbitrum recovered more than $70 million by technical means, Aave still had nearly $200 million in bad debts, and how should the interests of users be duly preserved and safeguarded
In the vast majority of hacking incidents, tens of millions of dollars of class losses were extinguished in terms of agreements, and user recovery usually ended without problems. The incident, however, involved the head-star project, Aave, Layerzero and so on, with a high profile of bad debts disposal。
Aave presented two possible bad debt treatment options today, the first being the socialization of losses among all rsETH holders (whole chain sharing), the second being the unified value reduction (about 15% decoupling) for all rsETH (home network + L2)Only the owners of rsETH on L2 bear all the losses, and the main web rsETH maintains its original value。
However, Kelp DAO and LayerZero have not yet talked about their role in the reparations programme. It is easy to see from LayerZero ' s attempt in his report to set aside liability that the project considers that there is no obligation to compensate without liability。
HOWEVER, AN AGREEMENT, VALUED AT BILLIONS OF DOLLARS AND CONSIDERED BY HUNDREDS OF PROJECTS TO BE BOTTOM-DEPENDENT, CHOOSING “TECHNICAL EXEMPTION” IN THE FACE OF THE HUGE LOSSES CAUSED BY THE DEFAULT CONFIGURATION OF THE DVD, IS IN ITSELF A GREAT IRONY FOR THE DEFINITION OF “BOTTOM INFRASTRUCTURE”。
This is a typical prisoner dilemma, where parties in crisis are trying to minimize their losses through “benefit cutting”, rather than repairing the deficit of trust in the industry through shared responsibility。
In the light of the negative impact of the incident on all sectors of the industry, this will be the most dangerous prisoner dilemma in the DeFi field。
