Kelp DAO 放棄 LayerZero，改採 Chainlink 的跨鏈基礎設施，因遭 $292 萬美元攻擊

事件概要

Kelp DAO 的 rsETH 橋接系統遭攻擊，導致約 292 萬美元的資金被盜，此事件被歸因於 LayerZero 的跨鏈基礎設施漏洞。

攻擊細節

攻擊者透過偽造 LayerZero 的跨鏈訊息，成功從 Kelp DAO 的橋接系統中提取了 116,500 個 rsETH，相當於流通供應量的 18%。

攻擊發生後，僅幾分鐘內即出現第二波資金竊取，且攻擊者在離開過程中刻意清除痕跡。

後續反應

• Kelp DAO 認定此事件為對 LayerZero 基礎設施的攻擊，並指出與北韓的 Lazarus Group 有關。
• LayerZero 針對此事件承擔責任，並宣佈向 DeFi United 提供 10,000 ETH（約 2300 萬美元），以支援去中心化金融生態系統。
• 事件引發對跨鏈橋接系統安全性的廣泛關注，導致 Kelp DAO 關閉服務，並引發 Aave 市場的凍結。

相關連結

North Korea’s Lazarus Group likely stole $292 million from Kelp DAO’s rsETH bridge by exploiting a single-verifier configuration that …

An attacker drained 116500 rsETH, roughly 18% of circulating supply, from Kelp’s LayerZero-powered bridge on Saturday, triggering emergency …

Attackers forged a cross-chain message, came within minutes of a second drain, and wiped their tracks on the way out.

M rsETH exploit exposes cross-chain risks, forcing Kelp shutdown and Aave market freeze amid bad debt concerns. A major security breach has …

LayerZero commits 10000 ETH ($23 million): 5000 ETH to DeFi United and 5000 ETH deposited into Aave, plus extra GHO stablecoin liquidity …

Kelp DAO links the $292M rsETH exploit to a LayerZero breach involving the Lazarus Group. Another crypto hack over $100M by December 31 at …

Kelp DAO’s $292M exploit shows how a forged LayerZero message drained rsETH, exposing major risks in DeFi bridges and Aave.

LayerZero attributes $292M KelpDAO rsETH breach to Lazarus Group, exploiting DVN infrastructure flaws in cross-chain messaging systems.

KelpDAO claimed that the $292 million to $294 million heist during the weekend was an attack on LayerZero’s infrastructure.

DeFi is having one of its worst months on record. KelpDAO, a liquid restaking protocol on Ethereum, was exploited for approximately $293 …

來源：https://www.theblock.co/post/400131/kelp-dao-ditches-layerzero-chainlink-cross-chain-infrastructure-292-million-exploit