The Kelp DAO Hack Wasn't a Smart Contract Exploit. It Was an RPC Infrastructure Attack.
The Kelp DAO hack on April 18th resulted in a loss of $292 million due to an infrastructure attack rather than a smart contract exploit. The attack was executed by the Lazarus Group, which compromised RPC nodes used for transaction verification. This incident highlights vulnerabilities in the RPC layer that are often overlooked in security audits.
- ▪The Kelp DAO hack drained $292 million in just 46 minutes.
- ▪The attack involved compromising RPC nodes and launching a DDoS attack on clean nodes.
- ▪Aave froze rsETH markets due to potential bad debt risks after the exploit.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 860824) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } GetBlock Posted on Apr 28 The Kelp DAO Hack Wasn't a Smart Contract Exploit. It Was an RPC Infrastructure Attack. #blockchain #ethereum #security #web3 The Kelp DAO Hack Wasn't a Smart Contract Exploit. It Was an RPC Infrastructure Attack. On April 18th, $292 million was drained from Kelp DAO's bridge in 46 minutes. Every post-mortem you've read focused on the 1-of-1 DVN configuration on LayerZero. That's the right conversation — but it's not where the attack actually executed.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV Community.
Discussion
0 commentsMore from DEV Community
