Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, Mastercard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Others
CFD
Rewards
Square
Latest
Hot
News
Profile

LayerZero discloses KelpDAO rsETH bridge attack incident, with North Korean hacker group identified as the mastermind.

WuSaidBlockchainW
robot
Abstract generation in progress
Wu said that LayerZero released an incident report stating that on April 18, the KelpDAO rsETH bridge built on LayerZero's cross-chain messaging protocol was attacked, resulting in a loss of 116,500 rsETH (approximately $292 million). Mandiant, CrowdStrike, and independent security researchers all attributed the attack to the North Korean hacker group TraderTraitor (also known as UNC4899). The report states that the attack began on March 6, with the attacker using social engineering to obtain session keys from a LayerZero Labs developer, gaining access to the RPC cloud environment and contaminating internal RPC nodes; subsequently, they launched a DoS attack on external RPC providers, forcing LayerZero Labs' DVN signing service to rely only on two compromised internal nodes and generate valid proofs for forged cross-chain messages. LayerZero indicated that the incident's impact was due to the affected OApp using a single validator configuration, and it did not affect other OApps, channels, or transactions.
ZRO4.29%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 7
  • 10
  • Share
Comment
Add a comment
Add a comment
PerpPaperTiger
· 53m ago
DoS external providers + polluting internal nodes, this combo punch is well executed, but unfortunately it's against us.
View OriginalReply0
GateUser-83c80dd0
· 1h ago
The RPC cloud environment has been compromised, and now even the infrastructure layer is no longer secure.
View OriginalReply0
MintStop-LossPatch
· 13h ago
LayerZero shifts the blame to OApp configuration, but what about the security of their own nodes?
View OriginalReply0
GovernanceVoting
· 13h ago
289 million just gone like that, cross-chain bridges are really hacker withdrawal machines
View OriginalReply0
QuietQuants
· 13h ago
DVN signatures depend on two controlled nodes; this single point of failure design is truly outrageous.
View OriginalReply0
OracleBabysitter
· 13h ago
From March 6th to April 18th, lurking for over a month, this attacker has patience.
View OriginalReply0
ColdBrewSparklingWater
· 13h ago
Social engineering is always the hardest to defend against; humans are much more vulnerable than code.
View OriginalReply0

  • Pinned

Sitemap