PANews
PANews|Apr 19, 2026 04:06
[SlowMist Cosine: Kelp Attacker Used Single-Signature Configuration, Fees Came from Tornado Cash] Regarding the incident where 116,500 rsETH was stolen from Kelp, preliminary analysis by SlowMist Cosine indicates: the attacker used LayerZero cross-chain with a 1/1 DVN configuration, which is the classic 'single-signature' setup. However, the official LayerZero documentation recommends a default 2/2 configuration. This 'single-signature single point' setup might have been compromised through social engineering methods (just speculation, pending further investigation). The attacker successfully siphoned 116,500 rsETH on Ethereum and even attempted two additional transactions to steal another 40,000 rsETH, but both failed. The attacker's transaction fees originated from Tornado Cash. The stolen 116,500 rsETH was dispersed and laundered, leaving the burden on various staking platforms, especially Aave, which now faces massive bad debt.
+5
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads