News: Hackers stole over $290 million from Kelp DAO, surpassing April’s $285 million Drift hack as the largest crypto heist of the year. Preliminary indicators point to North Korea, specifically the TraderTraitor hacking group and a possible link to Lazarus Group. The exploit leveraged a weak 1-of-1 DVN mechanism in Kelp DAO and its use of the LayerZero bridge, which lacked multi-verifier checks. Kelp DAO blames LayerZero, while LayerZero has removed and replaced compromised RPC nodes. The fallout extended to Aave, which faced bad debt due to exposure to stolen rsETH tokens. North Korean hackers have stolen over $2 billion in crypto last year and approximately $6 billion since 2017.
AI Analysis: This incident highlights the critical need for robust security measures, particularly multi-verifier systems, in DeFi protocols. The attribution to North Korean hacking groups underscores the ongoing threat posed by state-sponsored actors in the crypto space, and the potential for broader systemic risk due to interconnected protocols like Aave.
