What to know:
- Arbitrum seized 30,766 ETH and moved funds to an escrow wallet, no user or app impact.
- The Kelp DAO exploit drained 116,500 rsETH after an RPC node compromise and DDoS attack.
- Attack funds moved via Aave V3 as a dispute grows over the LayerZero bridge design.
Arbitrum reported that its Security Council seized 30,766 ETH linked to an exploiter address on Arbitrum One. The funds were moved into a frozen intermediary wallet to stop further transfers and secure assets after the incident.
The network said the action did not disrupt operations or impact users and applications. It added that the funds will remain locked until governance determines the next steps. The council worked with law enforcement on identifying the exploiter.
Also Read: Arbitrum (ARB) Shows Signals of an Explosive Rally to $10 After 96% Decline
Arbitrum Secures Network After Exploit
The Arbitrum team said that the move struck a balance between security and continuity for the entire ecosystem. They emphasized that maintaining network integrity is crucial during the process. User balances and running applications were not impacted by the intervention.
This comes after the recent Kelp DAO bridge exploit. Hackers had managed to steal 116,500 rsETH, which was equivalent to around $292 million. The scope of the attack has sparked concerns among DeFi protocols.
Initial findings from LayerZero suggested that the hack linked to the North Korean hacking group known as Lazarus Group. The team revealed that the attack is a coordinated effort against RPC nodes.
The attackers managed to poison two nodes. Another node was attacked through a DDoS attack, thus allowing the malicious cross-chain message to validate successfully.
This led to the minting of rsETH tokens without backing. The attacker then transferred pieces of the assets between protocols. Part of the funds were transferred into Aave V3 a little after the exploit.
The exploiter took advantage of the collateral of rsETH to borrow wrapped ETH. This activity raised concerns regarding exposure on interconnected DeFi platforms. The money circulation created a quick tracking throughout the ecosystem.
Kelp DAO Halts Drain, Recovery Efforts Continue
Kelp DAO temporarily halted the relevant contracts and wallets involved in the hack. The developers claimed that such measures prevented further loss of an estimated 40,000 rsETH, which would have been worth approximately $95 million.
According to the team, there are ongoing efforts to recover the stolen assets in collaboration with other participants in the ecosystem. Such cooperation is carried out through various platforms for monitoring the activity of the hacked funds.
The hack raised concerns regarding the safety of bridges’ architecture. LayerZero reported that the technology employed a 1-of-1 decentralized, verified network architecture. The company suggested that it created a vulnerability point.
Kelp DAO denied the accusation and emphasized the role of default deployment settings. Such parameters were outlined in the protocol documentation and were tested beforehand.
Also Read: Aave TVL Drops $8 Billion After $293M Kelp DAO Hack Exposes DeFi Risk
Be the first to comment