STATE-BACKED hackers are the most likely perpetrators of the year’s largest crypto heist after liquid restaking protocol KelpDAO was struck over the weekend, with the Lazarus Group feature prominently in expert commentary. The DeFi firm said it identified suspicious cross-chain activity involving rsETH, leading to a pause in activity, and it’s reported that 116,500 rsETH was stolen, worth around $293m, before being funneled through Tornado Cash.
KelpDAO is reportedly blaming the LayerZero infrastructure it runs on for the breach, while LayerZero Hit Back, saying the attackers compromised a single DVN configuration by poisoning downstream RPC infrastructure to execute an RPC-spoofing attack. The attack enabled an unauthorized rsETH transfer after a forged cross-chain message was accepted as valid, and around a quarter of the stolen funds, about 30,766 ETH ($71m), has been frozen by Arbitrum’s Security Council.
The article notes LayerZero’s explanation that the DVN architecture lacked multi-DVN diversification, which could have mitigated the impact even if a single DVN was compromised, according to LayerZero.