The $293 million KelpDAO hack on April 18 has left Aave, rsETH holders, and the broader DeFi ecosystem observing a gap no one fairly is aware of methods to fill.
However on Sunday, DeFiLlama co-founder 0xngmi laid out three life like choices on the desk and ran the numbers on every.
Three Situations, None of Them Clear
0xngmi’s first choice is to unfold the ache. In line with them, if KelpDAO socializes losses throughout all customers, it might work out to an 18.5% haircut. There are some 666,000 rsETH sitting throughout Aave deployments, and most mainnet positions are looped near the utmost loan-to-value ratio (LTV), so 0xngmi’s mannequin assumes they’re primarily at liquidation.
Wiping out all fairness in these positions leaves roughly $216 million in unhealthy debt, and Aave’s Umbrella ETH protection would take up $55 million of that, whereas the protocol’s treasury may cowl one other $85 million, which would go away a spot of about $76 million. To shut it, 0xngmi steered that Aave may both take out a mortgage or liquidate its AAVE treasury tokens. That stash is at present price round $51 million.
Possibility two is way uglier, as it might imply “rugging” rsETH holders on layer 2 chains. This would go away Aave with $359 million of rsETH provide, and assuming it was all looped at most LTV, it might create $341 million of unhealthy debt throughout lending markets. However since Umbrella covers none of it, 0xngmi mentioned Aave must decide which markets to salvage and which to desert, with Arbitrum, Mantle, and Base most certainly to endure the most important losses.
The third choice, whereas most technically interesting, may very well be the toughest to drag off. It entails going again to a pre-hack snapshot and attempting to make solely the direct victims complete. This is able to imply paying again the $124 million the hacker is alleged to have taken from Aave and one other $18 million from Arbitrum. However the issue is that, because the hack, the cash has moved round rather a lot throughout pooled protocols, making it tough to cleanly separate one depositor’s funds from one other.
OneKey founder Yishi additionally pushed for a fourth path that sits exterior 0xngmi’s framework: negotiate with the hacker first, providing them a ten% to fifteen% bounty, and attempt to get many of the a refund earlier than any of the tougher choices should be made. If that fails, Yishi argued that LayerZero’s ecosystem fund ought to carry many of the invoice, given its sources and long-term curiosity in preserving the OFT ecosystem.
How $293M Left in Two Transactions
Cyvers founder Meir Dolev reconstructed the on-chain timeline for the KelpDAO assault, and it strikes quick. The attacker’s pockets was funded by Twister Money about 10 hours earlier than something occurred. Then, at 17:35 UTC on April 18, two transactions occurred: commitVerification on LayerZero’s ReceiveUIn302, adopted 24 seconds later by IzReceive on EndpointV2. That second transaction drained 116,500 rsETH, valued at about $293.5 million, in a single shot.
KelpDAO’s multisig responded at 18:23 UTC by blacklisting the attacker’s recipient tackle on rsETH, and it labored. A second try, 3 minutes later, which might have taken one other 40,000 rsETH price round $100 million, hit the blacklist and reverted.
In line with Dolev, the foundation trigger was fairly easy: KelpDAO’s Unichain-to-Ethereum bridge required just one DVN attestation to launch funds. Forging that one verification allowed the hacker to maneuver $293 million.
LayerZero additionally printed its personal assertion attributing the assault to Lazarus Group’s TraderTraitor unit. The corporate mentioned the protocol labored as designed and in addition pointed immediately at KelpDAO’s 1-of-1 DVN configuration because the trigger, noting it had beforehand beneficial multi-DVN setups to all integration companions.
Safety researcher Andy was blunter, calling KelpDAO’s determination to run a single DVN whereas holding $1.5 billion in person funds “extraordinarily irresponsible” and warning that dozens of different protocols are operating the very same setup proper now.
The put up DeFiLlama Co-Founder Suggests 3 Paths to Resolve $293M KelpDAO Hack Fallout appeared first on CryptoPotato.