DeFiLlama Co-Founder Suggests 3 Paths to Resolve $293M KelpDAO Hack Fallout
The $293 million KelpDAO hack on April 18 has left Aave, rsETH holders, and the broader DeFi ecosystem gazing a gap no one fairly is aware of how to fill.
But on Sunday, DeFiLlama co-founder 0xngmi laid out three practical choices on the desk and ran the numbers on every.
Three Scenarios, None of Them Clean
0xngmi’s first choice is to spread the ache. According to them, if KelpDAO socializes losses throughout all customers, it will work out to an 18.5% haircut. There are some 666,000 rsETH sitting throughout Aave deployments, and most mainnet positions are looped shut to the utmost loan-to-value ratio (LTV), so 0xngmi’s mannequin assumes they’re basically at liquidation.
Wiping out all fairness in these positions leaves roughly $216 million in unhealthy debt, and Aave’s Umbrella ETH protection would soak up $55 million of that, whereas the protocol’s treasury might cowl one other $85 million, which would go away a spot of about $76 million. To shut it, 0xngmi instructed that Aave might both take out a mortgage or liquidate its AAVE treasury tokens. That stash is at present value round $51 million.
Option two is far uglier, as it will imply “rugging” rsETH holders on layer 2 chains. This would go away Aave with $359 million of rsETH provide, and assuming it was all looped at most LTV, it will create $341 million of unhealthy debt throughout lending markets. But since Umbrella covers none of it, 0xngmi stated Aave would have to choose which markets to salvage and which to abandon, with Arbitrum, Mantle, and Base most probably to endure the largest losses.
The third choice, whereas most technically interesting, might be the toughest to pull off. It entails going again to a pre-hack snapshot and making an attempt to make solely the direct victims entire. This would imply paying again the $124 million the hacker is alleged to have taken from Aave and one other $18 million from Arbitrum. But the issue is that, for the reason that hack, the cash has moved round so much throughout pooled protocols, making it troublesome to cleanly separate one depositor’s funds from one other.
OneKey founder Yishi additionally pushed for a fourth path that sits outdoors 0xngmi’s framework: negotiate with the hacker first, providing them a ten% to 15% bounty, and take a look at to get many of the a reimbursement earlier than any of the tougher choices want to be made. If that fails, Yishi argued that LayerZero’s ecosystem fund ought to carry many of the invoice, given its assets and long-term curiosity in preserving the OFT ecosystem.
How $293M Left in Two Transactions
Cyvers founder Meir Dolev reconstructed the on-chain timeline for the KelpDAO attack, and it strikes quick. The attacker’s pockets was funded by means of Tornado Cash about 10 hours earlier than something occurred. Then, at 17:35 UTC on April 18, two transactions occurred: commitVerification on LayerZero’s ReceiveUIn302, adopted 24 seconds later by IzReceive on EndpointV2. That second transaction drained 116,500 rsETH, valued at about $293.5 million, in a single shot.
KelpDAO’s multisig responded at 18:23 UTC by blacklisting the attacker’s recipient deal with on rsETH, and it labored. A second try, 3 minutes later, which might have taken one other 40,000 rsETH value round $100 million, hit the blacklist and reverted.
According to Dolev, the foundation trigger was fairly easy: KelpDAO’s Unichain-to-Ethereum bridge required just one DVN attestation to launch funds. Forging that one verification allowed the hacker to transfer $293 million.
LayerZero additionally printed its personal assertion attributing the assault to Lazarus Group’s TraderTraitor unit. The firm stated the protocol labored as designed and likewise pointed instantly at KelpDAO’s 1-of-1 DVN configuration because the trigger, noting it had beforehand really helpful multi-DVN setups to all integration companions.
Security researcher Andy was blunter, calling KelpDAO’s resolution to run a single DVN whereas holding $1.5 billion in consumer funds “extraordinarily irresponsible” and warning that dozens of different protocols are operating the very same setup proper now.
The submit DeFiLlama Co-Founder Suggests 3 Paths to Resolve $293M KelpDAO Hack Fallout appeared first on CryptoPotato.
