More than $500 million was lost in less than three weeks from two DeFi platforms. The issue was not due to the system being hacked, but because the system itself had vulnerabilities. The attack is believed to have been carried out by the Lazarus Group from North Korea.
The Kelp exploit shows that this hacker group has evolved beyond isolated attacks. They have quickly shifted their tactics from social engineering to exploiting weaknesses in crypto infrastructure. This incident indicates an ongoing campaign supported by a state and has occurred before.
These hackers carried out their attacks using strategies that did not focus on breaking encryption or cracking keys. Instead, they manipulated the data entering the system by forcing it to rely on compromised inputs, causing the system to approve transactions that never actually took place.
In this case, the Lazarus Group exploited vulnerabilities that had long existed within the system. The system verifies who sends the message, but does not further check whether the message itself is valid or merely manipulated data. For security experts, this case is not considered a sophisticated hack, but rather an exploitation of how the system was originally designed.
The main issue that made this attack possible lies in configuration choices. Within its system, Kelp relied on a single verifier to approve cross-chain messages. Using a single verifier is considered faster and easier to implement. Unfortunately, this approach removes an important layer of security.
Following the incident, LayerZero has recommended using multiple independent verifiers to approve transactions. This system is similar to requiring multiple signatures in a bank transfer. However, this recommendation has received significant criticism. One of them came from David Schwed, COO of blockchain security firm SVRN. As quoted by CoinDesk, Schwed said, “If a configuration has been identified as unsafe, it should not be shipped as an option. Security that depends on everyone reading the documentation and getting it right is not realistic.”
This hacker attack also exposes the gap between how decentralization is presented and how it actually works in practice.
DeFi does use a decentralized system, but it is revealed that it still contains hidden weaknesses within its infrastructure and configuration. As a result, long-ignored vulnerabilities can become the main targets of increasingly fast and organized hacker attacks.
This hacker attack also highlights the gap between how decentralization is marketed and how the system truly operates.
Although DeFi is built on a decentralized system, it still harbors hidden weaknesses in its infrastructure and configuration. As a result, long-standing vulnerabilities that have been overlooked can become primary targets for increasingly fast and coordinated attacks.
