BTC $64,575.20 +4.19%
ETH $1,877.47 +6.47%
BNB $580.65 +2.96%
XRP $1.12 +5.34%
SOL $77.38 +3.53%
TRX $0.3251 -0.10%
DOGE $0.0743 +4.26%
ADA $0.1635 +4.10%
BCH $236.85 +0.57%
LINK $8.27 +5.48%
HYPE $65.40 +2.75%
AAVE $98.83 +4.66%
SUI $0.7609 +6.06%
XLM $0.1859 +2.41%
ZEC $539.98 +6.52%
BTC $64,575.20 +4.19%
ETH $1,877.47 +6.47%
BNB $580.65 +2.96%
XRP $1.12 +5.34%
SOL $77.38 +3.53%
TRX $0.3251 -0.10%
DOGE $0.0743 +4.26%
ADA $0.1635 +4.10%
BCH $236.85 +0.57%
LINK $8.27 +5.48%
HYPE $65.40 +2.75%
AAVE $98.83 +4.66%
SUI $0.7609 +6.06%
XLM $0.1859 +2.41%
ZEC $539.98 +6.52%

lpd

All
Article
Flash

After the attack on KelpDAO, multiple protocols have abandoned LayerZero, with $4 billion in assets migrated to Chainlink CCIP

According to CoinDesk, after KelpDAO was attacked resulting in a loss of $292 million, the industry's scrutiny of the security of cross-chain infrastructure continues to heat up, with approximately $4 billion in assets having completed or currently migrating from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP).The DeFi protocol Lombard is the latest project to join this migration trend. The protocol announced it would abandon LayerZero and migrate over $1 billion in Bitcoin-backed assets to Chainlink CCIP, stating that this decision stemmed from a comprehensive internal security review following the April attack incident.Lombard issues two types of Bitcoin-backed tokens—LBTC and BTC.b—and will prioritize the migration of assets on chains such as Solana, Etherlink, Berachain, Corn, and TAC, while terminating the use of LayerZero on Morph and Swell. Lombard stated that the reason for choosing CCIP is its independent node operators, built-in rate limiting mechanisms, and audited infrastructure. Additionally, the protocol will adopt Chainlink's cross-chain token standard to achieve asset cross-chain circulation through a burn-and-mint model.Previously, Kelp DAO, Solv Protocol, Re, and the cryptocurrency exchange Kraken have all completed similar migrations, with these projects collectively transferring approximately $4 billion in assets. Chainlink Labs Chief Business Officer Johann Eid stated, "We are witnessing a continued wave of risk-averse migration within the industry."

first_img KelpDAO: Actively advancing post-incident solutions and prioritizing the protection of user interests

According to official news, KelpDAO stated that over the past few days, the team has been continuously advancing the handling of related events with the support of partners, allies, and the community. Discussions are progressing in a positive direction, and efforts are being accelerated to reach a suitable solution. The project party emphasized that it always adheres to the core principle of "user first," and subsequent measures will be gradually implemented with the aim of safeguarding the overall interests of users.In the past four days, the Kelp team has been working around the clock in collaboration with multiple parties, maintaining close communication with all relevant parties, and making substantial progress on several potential solutions. This includes measures taken by the Arbitrum Security Council to freeze the stolen funds, as well as SEAL 911 participating in the preliminary investigation to provide objective and clear analytical support for the incident.Kelp stated that the current focus of work remains on protecting user asset security and strengthening the protocol itself. This incident is not only of critical significance to the project but also has enlightening value for the entire industry. The team will continue to disclose subsequent progress through official channels and thanks the ecological partners and community for their ongoing support.Previous reports indicated that the KelpDAO hacker has essentially laundered $175 million in ETH into BTC.

LayerZero reports the KelpDAO theft incident, confirming that it only affects the rsETH configuration

LayerZero Labs released an incident report stating that KelpDAO suffered an attack resulting in a loss of approximately $290 million. Preliminary assessments indicate that the attacker is the Lazarus Group, which has ties to North Korea (more specifically, TraderTraitor). The attack was executed by poisoning the downstream RPC infrastructure relied upon by its decentralized verification network (DVN). The attacker controlled some RPC nodes and, in conjunction with a DDoS attack, induced the system to switch to malicious nodes, thereby forging cross-chain transactions.All affected RPC nodes have been taken offline and replaced, and the DVN has now resumed operation. LayerZero emphasized that this incident was limited to the rsETH application configuration of KelpDAO and did not affect other assets or applications. The reason is that KelpDAO was using a single DVN (1/1) architecture at the time and did not utilize the multi-DVN redundancy mechanism that is officially recommended for long-term use, resulting in a lack of independent verification nodes to identify forged messages.LayerZero pointed out that there were no vulnerabilities in its protocol itself, and applications with multi-DVN configurations were not affected, meaning there is no contagious risk in the system. LayerZero stated that it will urge all projects using single DVN configurations to migrate to multi-DVN architectures as soon as possible and has suspended providing signature and verification services for 1/1 configuration applications. Meanwhile, the company is cooperating with global law enforcement agencies to investigate and assist industry partners in tracking the stolen funds. LayerZero noted that this incident highlights the value of modular security architecture and also reminds the industry to pay attention to the potential security risks of RPC verification links.
app_icon
ChainCatcher Building the Web3 world with innovations.