In a significant development following a $292 million exploit, Kelp DAO has announced its plan to migrate its restaking token, rsETH, to the Chainlink platform. This decision comes amidst ongoing tensions between Kelp DAO and LayerZero, the provider of the cross-chain bridge that was exploited.
The attack, which took place on April 18, resulted in the theft of 116,500 restaked ETH tokens. Hackers reportedly utilized these stolen assets as collateral on Aave v3 to borrow wrapped Ether. In light of these events, Kelp DAO is prioritizing security by shifting to Chainlink's Cross-Chain Interoperability Protocol (CCIP) to fortify its defenses.
“After the recent LayerZero exploit, we are taking steps to ensure rsETH is fully secure, which is why we are migrating to Chainlink CCIP,” Kelp DAO stated in a recent post on X.
The Blame Game: LayerZero vs. Kelp DAO
The hack has sparked widespread discussions about accountability, with both parties exchanging blame over the security vulnerabilities that led to the incident. LayerZero's response included a postmortem indicating that the exploit was facilitated by Kelp DAO's reliance on a single decentralized verifier network (DVN), which they claimed was against best practices.
In contrast, Kelp DAO asserts that its setup was common among various other protocols and that LayerZero had not adequately warned them about potential risks. In their defense, Kelp highlighted statistics indicating that many LayerZero users also operated on a single DVN configuration.
LayerZero's Response and Next Steps
LayerZero's co-founder and CEO Bryan Pellegrino refuted Kelp's narrative, describing many of their claims as “completely untrue.” Pellegrino stated that Kelp had initially used a multi-DVN setup but later altered their configuration to the single verifier model, which is not recommended for production applications.
As the situation unfolds, Pellegrino announced plans to release a comprehensive postmortem conducted by external security firms in the near future. This documentation aims to address concerns and provide clarity surrounding the exploit.
The Broader Implications
Significantly, the Kelp DAO hack is one of the largest security breaches in 2023, casting a shadow over the interconnected crypto lending ecosystem. The fallout from this incident extends beyond Kelp DAO, as it has triggered discussions about security standards and risk management across decentralized finance (DeFi).
Moreover, there are indications that North Korea-linked hackers might be involved in this exploit, raising alarm bells within the crypto community for enhanced vigilance and protection measures against such threats.
While Kelp DAO takes steps to fortify its operations by migrating to Chainlink, the repercussions from this incident will likely reshape security practices for many protocols in the future.
Stay tuned for further updates as this storied conflict develops.
Source: Cointelegraph
