Yishi|4月 20, 2026 05:13
After a lot of noise, someone got the RPC list for L0 labs DVN. Whether it's a configuration leak or an insider, it's not a zero day. Then the hacker broke through two op geths. The binary nodes of two independent clusters have been replaced with toxic ones. Lazarus: I am familiar with this problem, don't be fooled. Then use DDoS to clean up RPC and force DVN to automatically switch to the poisoned one. Using L0's own disaster recovery mechanism as an accomplice, blocking the escape route, forcing you to use landmines, and leaving a trail of darkness. Control the poisoning nodes to act as double agents, feeding fake data to DVN IP addresses and real data to monitoring IP addresses. When you scan it, everything is normal, and there are no abnormalities reported. Then you signed $290m like this... Actually, L0 could have been taken in. You have failed at least with cross validation. Before switching to standby mode, perform k-of-n reconciliation on the primary RPC. Secondly, after the binary started running, no one in the team cared if it had been tampered with. In 2026, the signature machine ran op get without going to tee, and no remote attestation was done. I didn't know that the binary was replaced for over an hour. The correct posture for the master node to stop signing immediately after being DDoS attacked is DVN. Any step taken would not result in such a situation.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink