coin-img-ETHETH+0.57%coin-img-BTCBTC+0.35%coin-img-HYPEHYPE-2.17%coin-img-SOLSOL-0.25%coin-img-USDCUSDC-0.02%coin-img-XRPXRP-0.03%coin-img-NEARNEAR+14.80%coin-img-TONCOINTONCOIN+10.09%coin-img-ETHETH+0.57%coin-img-BTCBTC+0.35%coin-img-HYPEHYPE-2.17%coin-img-SOLSOL-0.25%coin-img-USDCUSDC-0.02%coin-img-XRPXRP-0.03%coin-img-NEARNEAR+14.80%coin-img-TONCOINTONCOIN+10.09%coin-img-ETHETH+0.57%coin-img-BTCBTC+0.35%coin-img-HYPEHYPE-2.17%coin-img-SOLSOL-0.25%coin-img-USDCUSDC-0.02%coin-img-XRPXRP-0.03%coin-img-NEARNEAR+14.80%coin-img-TONCOINTONCOIN+10.09%coin-img-ETHETH+0.57%coin-img-BTCBTC+0.35%coin-img-HYPEHYPE-2.17%coin-img-SOLSOL-0.25%coin-img-USDCUSDC-0.02%coin-img-XRPXRP-0.03%coin-img-NEARNEAR+14.80%coin-img-TONCOINTONCOIN+10.09%

SlowMist: KelpDAO's $290M Hack Linked to LayerZero DVN RPC Poisoning

Huo Xing Finance cited findings from Yu Xian (@evilcos), founder of blockchain security firm SlowMist, on the $290 million KelpDAO theft. SlowMist said the incident centered on a targeted poisoning attack against the downstream RPC infrastructure used by LayerZero's DVN (Decentralized Verifier Network). According to the analysis, the attackers first identified the RPC nodes used by the LayerZero DVN, then breached two separate clusters and replaced the opgeth binaries. They used selective deception to serve forged, malicious payloads only to the DVN while returning normal data to other IP addresses. At the same time, they launched DDoS attacks on unaffected RPC nodes, pushing the DVN to fail over to the compromised endpoints. After the DVN validated the forged messages, the malicious binaries self-destructed and wiped logs. SlowMist said this led the LayerZero DVN to validate transactions that never actually occurred.
Selected
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.