Depth Retrospect Kelp DAO serial robbery: DeFi's risk is highly mismatched with the proceeds, and where is the breakdown of the encryption pipeline
DeFi's sword of Damocles of the Dark Forest fell again in the few weeks following the $285 million hacking in the early months。
In recent days, Kelp DAO was subjected to a catastrophic hacking of assets amounting to $292 million. Not only did the storm drain Kelp DAO's treasury, but DeFi's portfolio was quickly transmitted to the lending giant, Aave, which directly carried over $200 million in bad luck。
When the smoke spreads, the projecters fall into the door of each other. As a long-term deep-tilled agency-level digital asset compliance teamCactus CustodyIT IS ARGUED THAT THE TECHNOLOGY FOG OF “RPC POISONS” HAS THROWN AN EXTREMELY SERIOUS SOUL TORTURE AT THE WHOLE INDUSTRY:Are the current very low returns of DeFi and the very high risks seriously mismatched? In a future-oriented wave of institutional management, has the complete “de-centreization” become a cover for security loopholes
I. Recovery of the robbery: Bottom poisoning, single-signing naked and hacking
The combination of official information and security experts was repeated, and the attack was a well-planned “downside strike”。
1. Attack method: RPC node (RPC Poisoning)
According to official LayerZero statements and analysis by experts such as slow fog cosine, the entry point for the attack was not a code gap in the smart contract itself, but the bottom RPC node was hijacked or contaminated by hackers. This led Layer Zero to receive and process forged malicious data during cross-chain transmissions。
2. Deadly defensive black holes: 1/1 single signature mechanism
However, mere nodal pollution is not enough to roll close to $300 million in an instant. As encrypted by KOL Richard Heart, blood points out:There is a 1/1 (single) permission set at the heart of the matter。This means that the vault gate, which controls hundreds of millions of dollars of liquidity, is simply locked in an ordinary lock. Without locks and double checks and balances, when bottom data are contaminated, hackers get “invincible passes” and single-point breakthroughs complete a major transfer of epic funds。
3. Money tracing: the money-laundering network of Lazarus Group
The tracking analysis of the chain by the well-known data agency Chainalysis and Wu further confirms the identity of the attackers:It is suspected that the Korean state-level hacker organization Lazarus Group。The data from Chainalysis show that stolen funds have been systematized at a very high level in a very short period of time and have been quickly transferred to the ITA host network through typical Korean hacker money-laundering routes such as the Trans-chain Bridge and the Mixer. The entry of this state-level APT organization makes the already fragile DeFi line of defense as a piece of paper。
II. The sit-in effect and the Roma Gate: the systemic vulnerability of DeFi Lego
After the accident, a farce about “who is responsible” began。
-
Kelp DAO and LayerZero tore each other:Kelp DAO pointed at LayerZero as having caused a disaster because of a breach in its cross-chain infrastructure, while LayerZero insisted that the cross-chain agreement was sound and wrongly placed on the project ' s blind trust in the RPC node data。
-
Ave:The most dramatic and thought-provoking is the situation of Aave. As Kelp DAO assets (e.g. rsETH) were widely used as collateral in Aave, the theft of Kelp DAO immediately resulted in the value of the collateral being zero. As many industry observers have said, “It's not weird, Aave”. Aave's line of defense was “discovered” from the outside by the eco-partners, and although aave will use the Umbrella protection fund to make up for the damage, this has exposed DeFi Lego's “continue” crisis。
This also confirms the warnings of the Chainlink community, Zach Rynes, that Restaking is adding too much leverage to the Etherwood, and that the systemic damage will be immeasurable if the bottom collapses。
III. Soul torture: Have the gains and risks of DeFi been seriously mismatched
In this wave, OneKey’s Yishi has put forward a critical point:The market will soon recalculate the risks。
For a long time, the diaspora and institutions have been chasing single-digit APYs (annualized rates of return) or non-existent points of "Points" in DeFi, with 100 per cent of the principal at zero risk. This risk and the serious mismatch of returns are masked in the zeal of the cattle market, but are exposed to the machete of hackers。
The deeper reason is that the DeFi agreement generally uses a “low rate” model in order to compete for TVL (total lock volume). The modest amount of agreement revenue simply does not support the high level of security investment needed to resist national hackers. The project is managing hundreds of millions of dollars of assets with a very simple “grass table”-type structure, essentially an unsustainable model of “privatization of proceeds, socialization of risks”。
IV. The future of institutionalized management: the imperative of compliance
When smart contracts and decentralised governance do not protect our principal, the industry must face a real problem:Is there a need for a renewed embrace of independent, professional, centralized compliance hosting for future-oriented institutionalized mass funding
In the context of Web3, it would appear that the introduction of “centralized trusteeship” is politically incorrect. But the tragedy of Drift Protocol and Kelp DAO tells us that it is extremely dangerous to mix business logic (smart contract) with money custody (private key control)。
For DeFi projectors, public-chain foundations and institutional investors who manage large amounts of money, introductionQualified Custody is not a historical setback, but a necessity for the financial infrastructure to mature:
-
Dissociation of authority and responsibility by breaking single point failure:
The protocol developers should focus on innovation in business logic, leaving the custody of the treasury and core assets to an independent compliance custodian. Compliance trusts have well-developed corporate-level wind control structures and approval streams that completely eliminate 1/1 of this absurd “naked run” act。 -
It's an attempt to control it independently of chain logic:
HACKERS CAN CHEAT ON THE RPC NODE, TAKE ADVANTAGE OF CODE LOOPHOLES, BUT CANNOT CROSS THE INDEPENDENT WIND CONTROL ENGINE OF THE COMPLIANCE TRUST. WHEN THE SYSTEM DETECTS AN ABNORMAL TRANSFER ORDER INVOLVING $292 MILLION, THE COMPLIANCE CUSTODIAN ' S WIND STRATEGY IS TO FORCIBLY INTERCEPT ON THE BASIS OF THE INTENT OF THE TRANSACTION, TO FORCE CUSTOMER CONFIRMATION, COMPLIANCE REVIEW AND MULTI-CHANNEL VERIFICATION, AND TO KEEP THE FUNDS AT THE LAST GATE。 -
Insolvency isolation and fiduciary protection:
As a licensed compliance trustee, Cactus Custody is subject to strict regulation, with the customer ' s assets physically and legally isolated from those of the company operating (insolvency). This type of fiduciary protection at the financial level is the trust base that no decentrized code can provide。
Concluding remarks
Kelp DAO's $292 million not only buys a painful lesson, but also breaks the false prosperity of the reincarnation track. DeFi has to move away from the “workshop” model of financial management when the agency's big money comes in。
Security and wind control need to be supported by real money and silver and professional systems. In the future, DeFi agreements that do not have access to compliance custodians and that do not provide institutional asset protection will be abandoned by mainstream capital. The choice of a compliance hosting programme is not only a responsibility for assets but also a cornerstone for the long-term survival of agreements in the dark forest。
