How Polygon Agglayer Held Through DeFi’s Worst Week Since FTX

A single solid signature drained $292M from KelpDAO on Saturday and triggered a $6.6 billion run on Aave. The bridges that stored operating all had one factor in widespread.

By John Egan, Head of Product, Polygon Labs

Between Saturday night and Sunday morning, a single solid message on a single cross-chain bridge changed into DeFi’s worst week since FTX.

An attacker drained $292 million of rsETH from KelpDAO’s LayerZero bridge, used it as collateral to borrow actual ether on Aave, and caught the protocol with $123 million to $230 million in potential unhealthy debt earlier than markets might freeze.

Within 24 hours, customers pulled $6.6 billion out of Aave. Lido, SparkLend, Fluid, Upshift, and Ethena all paused the related markets or bridges. rsETH on greater than twenty chains turned collateral of unsure backing in a single day.

Polygon escaped the contagion. Agglayer’s unified ZK bridge operated with out incident. No Polygon-connected chain needed to freeze contracts. Polygon PoS & Agglayer bridges processed roughly $200M in quantity put up hack, whereas a lot of DeFi and bridging paused.

That Agglayer held up below that form of stress displays a design selection we made early: math proof-based ZK verification and accounting reside on-chain, so the system doesn’t depend upon a small set of operators getting it proper below strain. Polygon pioneered ZK proving for Agglayer bridging again in July 2024.

One forensic element is value holding onto. The root trigger was a single verifier. One signature, on the LayerZero V2 route between Unichain and Ethereum, waved via a message similar to no actual deposit. The bridge launched 116,500 rsETH to the attacker’s pockets, roughly one in six rsETH tokens ever issued.

This is sadly the predictable final result of an business that secures tens of billions of {dollars} with belief assumptions that held up when bridges moved a number of million {dollars} and no one refined was watching.

Three exploits in three weeks, all traced to the identical damaged assumption: {that a} handful of signers may be trusted with a hundred-billion-dollar business.

Nine out of ten cross-chain apps belief one or two signers with every part

Most cross-chain infrastructure in crypto works like a notary desk. A small committee watches exercise on one chain and attests to it on one other. The committee is likely to be a five-key multisig, a decentralized verifier community, a relayer set, or an oracle committee.
Compromise the committee or the information feeds beneath it, and the bridge will fortunately notarize a lie.

The shorthand making the rounds for that is MultisigFi. The technically exact identify is trusted off-chain attestation. Either label factors on the similar class of design.

A sweep of lively LayerZero functions on Dune discovered 47% operating a 1-of-1 verifier configuration. Another 45% run 2-of-2. Fewer than 5% run 3-of-3 or something stronger. For 9 out of ten cross-chain apps, one or two compromised signers is your complete safety mannequin between person funds and an attacker.

This high threat sample isn’t new. Lazarus has been draining cross-chain bridges since 2022, taking $620M from Ronin and $100M from Harmony earlier than shifting on to Drift and, in all probability, Kelp. What’s modified is the cadence. AI-assisted audits let small groups probe operational infrastructure at a price that used to require years by hand. Misconfigurations that after stayed hidden beneath layers of obfuscation now get discovered by relentless AI-driven automation.

Drift drained $285 million on April 1, attributed to Lazarus. Polkadot’s Hyperbridge minted a billion wrapped DOT on Ethereum on April 13 via a Merkle proof replay, although skinny vacation spot liquidity capped realized losses round $2.5 million per the postmortem. KelpDAO on Saturday made it three strikes.

Agglayer replaces signers with ZK proofs and enforces accounting on the protocol stage

Agglayer validates cross-chain exercise with mathematical proofs quite than a committee of attestors.

The core know-how is a zero-knowledge proof, which is greatest understood as a tiny cryptographic receipt. The receipt proves {that a} complicated computation was carried out accurately, and any machine can confirm it in milliseconds with out redoing the work. Either the mathematics holds and the withdrawal clears, or it doesn’t.

Other designs – like LayerZero, Wormhole or Chainlink – have been described as primarily a multisig of validators who attest to the state of chains. Each of those validators in flip depend on a quorum of RPCs and different offchain infra. In the case of the KelpDAO hack – it seems the validator’s underlying RPCs have been compromised, inflicting it to signal the malicious transaction.

With Agglayer, there’s no validator judgment to control, no RPC feed to poison. The signers that get compromised in each different bridge hack don’t exist on this structure, as a result of the structure doesn’t want them.

Layered on high of that, Agglayer enforces what we name pessimistic proofs. Think of it because the bridge’s accountant who trusts no one and verifies every part.

Every chain related to Agglayer has a operating steadiness of what it has obtained and what it has despatched. Before any withdrawal finalizes, the mathematics has so as to add up. Any different final result, together with if a series tries to withdraw extra of an asset than it truly has, the proof defaults to failure and nothing strikes. Strict firewalls between chains.

This is the design selection that blocks your complete infinite-mint class of assault. The historic file is instructive. Wormhole, February 2022: $325 million, a skipped signature test on the guardian committee. BNB Chain Bridge, October 2022: $570 million, a proof verifier bug. Polkadot’s Hyperbridge final week: a billion unbacked tokens via a proof replay. KelpDAO on Saturday: one DVN approving a solid message for $292 million.

Different bugs, an identical final result. A bridge releasing belongings that have been by no means backed on the opposite aspect.

If we re-run the KelpDAO state of affairs via Agglayer’s accounting the pessimistic proof fails to validate the attacker’s withdrawal of 116,500 rsETH as a result of the accounting reveals no corresponding deposit. So the withdrawal is blocked and no funds depart the system.

Agglayer’s accounting catches the end result on the door. Even if upstream verification has a bug, the infinite mint can’t clear into the remainder of the system.

Agglayer is open supply, works throughout stacks, and settles in minutes

Agglayer is the one ZK bridge that’s totally open supply, with no protocol charge and open to anybody because of no business licensing. It’s stack-agnostic by design, so ZK rollups, optimistic rollups, proof-of-stake chains, EVM, and non-EVM all coordinate via the identical infrastructure with out giving up their very own safety fashions.

On velocity: optimistic bridges connecting Arbitrum and Optimism to Ethereum make customers wait seven days for a fraud problem window to shut. Agglayer makes use of validity proofs that confirm state actively, so transfers settle in minutes as soon as the proof lands on L1. Fast Interop Phase 1 ships May 27 with roughly three-minute cross-chain settlement, dropping to sub-minute later this yr.

$2.4 trillion settled, zero bridge exploits, and one crew on name

Good structure isn’t sufficient by itself. Surviving this menace atmosphere additionally takes having seen the failure modes at scale.

Polygon has processed $2.4 trillion in cumulative stablecoin settlement quantity. 6.4 billion transactions. 159 million distinctive wallets. 99.99% uptime over 5 years. Zero bridge exploits on Agglayer. Revolut, Stripe, Paxos, and Tazapay put manufacturing fee quantity on Polygon after months of vendor threat overview, compliance sign-off, and technical due diligence. That form of integration doesn’t occur on infrastructure establishments have to fret about.

When the KelpDAO exploit began surfacing this weekend, our safety crew paused LayerZero integrations throughout the ecosystem earlier than the basis trigger was publicly disclosed. That name will get made in twenty minutes quite than twenty hours as a result of one crew owns the complete stack.

Polygon’s speedy response didn’t finish there. Its Product, Security and Support groups labored hand in hand via the weekend with our institutional companions, offering white glove assist on find out how to greatest reply to the disaster and entry liquidity.

When a fintech integrates Polygon to deliver belongings on-chain, faucet into yield, or run a cross-chain swap, the rails beneath are cryptographic proofs an adversary can’t forge, run by a crew that has seen each variant of this weekend earlier than.

When an establishment chooses CDK to launch its personal chain, native Agglayer connectivity ships with the deployment. No separate bridge challenge, no third-party integration, no extra vendor negotiation. The similar safety structure that held this weekend arrives with the chain, together with instant entry to the liquidity and cross-chain exercise of each different chain within the community.

That connectivity can also be what separates Polygon’s blockchain-as-a-service from each different enterprise chain possibility. Canton, Tempo, and Hyperledger give establishments privateness however wall them off from world liquidity. Public L2s give liquidity however expose positions, counterparties, and transactions to the world. CDK chains connect with the complete crypto economic system via Agglayer with out broadcasting any of it. This is what institutional-caliber crypto infrastructure seems like.

Polygon’s guess has been that establishments finally need the identical issues from crypto infrastructure they need from each different monetary rail: predictable conduct below stress, accountability when one thing goes mistaken, and safety that doesn’t relaxation on anybody’s good conduct. We’ve been constructing towards that commonplace for 5 years and $2.4 trillion in settlement quantity. Last weekend was a preview of why it issues.

The put up How Polygon Agglayer Held Through DeFi’s Worst Week Since FTX appeared first on BeInCrypto.

How Polygon Agglayer Held Through DeFi’s Worst Week Since FTX

Nine out of ten cross-chain apps belief one or two signers with every part

Agglayer replaces signers with ZK proofs and enforces accounting on the protocol stage

Agglayer is open supply, works throughout stacks, and settles in minutes

$2.4 trillion settled, zero bridge exploits, and one crew on name

SEC Admits Gary Gensler’s Crypto Cases Produced ‘No Investor Benefit’

IMF Alarm: Global Debt Hits World War II Levels

FBI Data Reveals Who Scammers Targeted Most as Crypto Fraud Losses Hit $11.4 Billion

Ex-Olympian Turns Himself In Over Accusations of Running a Crypto Drug Network

Korea’s Crypto Exchange Divide: Upbit and Bithumb Soar While Coinone Sells Assets

$6 Billion BTC Buying Spree Hits Exchanges as Bitcoin Price Races toward $100,000

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!

Nine out of ten cross-chain apps belief one or two signers with every part

Agglayer replaces signers with ZK proofs and enforces accounting on the protocol stage

Agglayer is open supply, works throughout stacks, and settles in minutes

$2.4 trillion settled, zero bridge exploits, and one crew on name

Similar Posts

Curated by experts. Filtered for relevance.

Resources

About

Subscribe & learn more every day!