Ethena, Kelp DAO disagree on the cause of the LayerZero exploit worth 300 million USD

Ethena and Kelp DAO are presenting two different explanations regarding the exploit related to LayerZero’s cross-chain infrastructure, in the context of over 116,000 rsETH being withdrawn from Kelp DAO’s bridge on April 18th.

This debate revolves around whether the incident was caused by infrastructure errors or by the design of the verification mechanism. The differing perspectives of the two parties highlight that the risks of cross-chain bridges remain a point to monitor in DeFi.

MAIN CONTENT

• Over 116,000 rsETH was withdrawn from Kelp DAO’s bridge in the April 18th incident.
• Kelp DAO claims the cause lies in LayerZero’s off-chain infrastructure, not their configuration.
• Ethena views the incident as a verification mechanism design issue and has temporarily paused their LayerZero bridge.

Kelp DAO believes the issue stems from LayerZero infrastructure

Kelp DAO denies that their configuration is the direct cause and states that the exploit originated from a breach in LayerZero’s off-chain infrastructure.

This protocol states that the 1-of-1 Decentralized Verifier Network (DVN) configuration is not a special setup but a common default used within the LayerZero ecosystem. Kelp also mentions that this configuration had been approved and documented previously.

To reduce dependence on LayerZero after the incident, Kelp DAO announced it will migrate its bridge infrastructure to Chainlink CCIP.

Ethena considers this a verification design risk

Ethena argues that the weakness lies in the verification mechanism design, especially when a low quorum configuration creates a single point of failure.

According to Ethena, combining a 1-of-1 DVN configuration with an infiltrated RPC infrastructure allowed fake cross-chain messages to be verified and executed.

Ethena states that their architecture avoids similar risks by using higher verification thresholds, along with measures such as rate limiting and bridge line restrictions. The protocol also reports that it paused its LayerZero bridges for several hours after detecting anomalies, while USDe remained fully collateralized and unaffected.

The incident highlights the risks of cross-chain bridges

The two differing explanations reflect a larger debate in DeFi about whether to prioritize flexibility or safety in cross-chain systems.

If the focus is on infrastructure, the issue lies in protecting off-chain components. If the focus is on design, the lesson is that systems must remain secure even if part of the structure fails.

Regardless of the perspective, the common point is the need to prevent a single point of failure from compromising the verification mechanism.

Summary

The incident involving Ethena, Kelp DAO, and LayerZero demonstrates that security risks in cross-chain bridges are still significant, especially when verification mechanisms depend on configurations or components that are vulnerable.

Thank you for reading this article!

Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news in the cryptocurrency market and not miss any important information!