Author: Blue Fox

The core mechanism of this attack is as follows: the attacker forges cross-chain instructions to directly release 116,500 genuine rsETH (with no corresponding burn record on the source chain) through the LayerZero OFT cross-chain bridge on the mainnet side. Subsequently, these "shell" rsETH are injected into protocols such as Aave as collateral assets, successfully extracting approximately $236 million in genuine WETH/ETH liquidity.

The root of this vulnerability is not the Aave protocol itself, but rather a configuration flaw in Kelp DAO's LayerZero cross-chain bridge.

The rsETH cross-chain solution adopted by Kelp DAO is based on LayerZero V2's OFT (Omnichain Fungible Token) standard for fully interchangeable tokens:

On the Ethereum mainnet side, the OFTAdapter contract undertakes the function of locking up rsETH, serving as the final reserve vault for wrapped rsETH across multiple L2 networks.

On the L2 network side, the standard OFT contract follows a 1:1 pegging mechanism of "debit (burn/deduct) → message passing → credit (mint/release)".

Under normal cross-chain logic, the standard process should be:

L2 users burn rsETH → LayerZero transmits cross-chain message → mainnet OFTAdapter verifies and releases the corresponding rsETH.

However, the attacker's operation path is exceptionally straightforward:

Directly calling the lzReceive function of the LayerZero EndpointV2 contract on the Ethereum mainnet (transaction hash: 0x1ae232da…).

At the same time, the attacker injects a forged cross-chain message packet (origin packet) into the network, claiming it originates from a legitimate source chain.

Once EndpointV2 completes verification, it forwards the message to Kelp's rsETH OFTAdapter.

Upon receiving the message, the OFTAdapter directly instructs the mainnet reserve vault to release 116,500 rsETH to the attacker's address.

During this process, the source chain leaves no burn/debit record, while the mainnet has already completed the credit/release operation.

The omnichain supply conservation mechanism is thus broken, funds from the mainnet reserve vault are extracted, and all rsETH on L2 becomes "worthless paper".

The attacker completed the entire attack with a single transaction.

The subsequent two additional attacks (each involving 40,000 rsETH) both failed because the Kelp team had urgently suspended the system.

Now the question arises:

Why did the LayerZero cross-chain bridge accept this false message?

The answer lies not in a vulnerability in the LayerZero protocol itself, but mainly in Kelp's OApp (application layer) security configuration being too weak.

LayerZero V2's validation strength can be customized by developers, and its message final confirmation mechanism relies on a DVN (Distributed Validator Network).

Kelp's DVN configuration is currently in a 1-of-1 mode (i.e., a single validator signature is sufficient for approval), which is the weakest level in terms of security.

As early as January 2025, the Aave governance forum issued a warning: Kelp needed to expand its DVN configuration to a multi-signature mode (at least 2-of-2 or higher). However, 15 months later, the protocol has still not made adjustments and continues to maintain a "speed first" weakest security structure.

This single point bottleneck is the core attack surface of this hacking incident. Whether through the compromise of DVN nodes leading to signature forgery, or through the packet constructed directly by the attacker passing validation, this configuration flaw has been exploited.

The message handling mechanism of EndpointV2 is designed such that once it receives a "verification successful" signal, it directly calls the target contract's lzReceive. Meanwhile, the OFTAdapter fully trusts the packet from the Endpoint, with no additional secondary verification step.

If there had not been an exclusive pursuit of speed first, and a more balanced configuration between performance and security had been sought, this attack might have been avoided.

In other words, Kelp completely bets the responsibility for verifying the legality of cross-chain messages on a single DVN node.

The reason rsETH could quickly borrow real ETH lies in its special status as a whitelisted collateral in protocols such as Aave.

The attacker successfully borrowed real WETH by depositing forged rsETH during a 46-minute window before the Kelp protocol paused.

By the time Kelp froze the cross-chain bridge and tokens, the bad debt on the Aave side had already formed. The latter immediately froze the rsETH market and activated the Umbrella security module for risk disposal.

In summary,

The core issue of this forgery attack lies in the single-point configuration of the DVN and the direct invocation of lzReceive, as the attacker exploited this path to maliciously implant the false packet.

The risk exposure of a single-point verification mechanism combined with the additive effect of DeFi composability ultimately led to this unprecedented security incident.

The single-point verification mode inherently possesses vulnerabilities. While transaction efficiency is important, security is the uncompromising bottom line.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。