PANews April 20 news, LayerZero released a security incident statement for KelpDAO on the X platform, stating that KelpDAO was attacked, resulting in a loss of approximately $290 million. Initial signs indicate that the attack may have originated from a highly sophisticated state actor, likely the TraderTraitor group under North Korea's Lazarus. Due to KelpDAO's single DVN setup, this incident is limited to its rsETH configuration and will not affect any other cross-chain assets or applications. The highly complex attack targeted the downstream RPC infrastructure used by LayerZero Labs DVN. The attackers gained access to the RPC list used by LayerZero Labs DVN, compromised two independent nodes, and replaced the op-geth binary, while launching a DDoS attack on the unaffected RPCs to trigger failover, causing DVN to confirm transactions that never occurred. All affected RPC nodes have been deprecated and replaced, and LayerZero Labs DVN is now operational again.

LayerZero emphasizes that the protocol itself is functioning as expected, with no vulnerabilities. The industry best practice is to configure a multi-DVN redundant setup; a single point of failure configuration means that no independent validators can capture and reject forged messages. LayerZero Labs stated that they are contacting all applications using a 1/1 DVN configuration to migrate to a redundant multi-DVN setup, and LayerZero Labs DVN will not sign or authenticate messages sent from any applications using the 1/1 configuration.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。