April 18 Incident: Additional Context
Contents
April 18 Incident: Additional Context
On April 18, rsETH was drained from rsETH bridging adapter through a forged cross-chain message. We want to ensure users and partners have the complete picture as the broader post-incident review continues.
What happened.
Two RPC nodes hosted by LayerZero were compromised. A simultaneous DDoS attack was launched against the 3rd RPC node. This was an attack on LayerZero's infrastructure. Kelp's own systems were not involved in building or operating that infrastructure.
Kelp’s response helped contain the situation
Kelp detected the anomaly, paused all relevant contracts on Ethereum mainnet and L2s, blacklisted all wallets associated with the exploiter, and engaged SEAL-911.
A subsequent attempt by the exploiter, leveraging a falsely verified phantom packet to target an additional 40,000 rsETH (~$95M), was fully mitigated by these interventions.
On the DVN configuration
The 1-of-1 DVN setup is the configuration documented in LayerZero's documentation and shipped as the default for any new OFT deployment. Kelp has …
On April 18, rsETH was drained from rsETH bridging adapter through a forged cross-chain message. We want to ensure users and partners have the complete picture as the broader post-incident review continues.
What happened.
Two RPC nodes hosted by LayerZero were compromised. A simultaneous DDoS attack was launched against the 3rd RPC node. This was an attack on LayerZero's infrastructure. Kelp's own systems were not involved in building or operating that infrastructure.
Kelp’s response helped contain the situation
Kelp detected the anomaly, paused all relevant contracts on Ethereum mainnet and L2s, blacklisted all wallets associated with the exploiter, and engaged SEAL-911.
A subsequent attempt by the exploiter, leveraging a falsely verified phantom packet to target an additional 40,000 rsETH (~$95M), was fully mitigated by these interventions.
On the DVN configuration
The 1-of-1 DVN setup is the configuration documented in LayerZero's documentation and shipped as the default for any new OFT deployment. Kelp has …