Author: Gu Yu, ChainCatcher

Over 40 hours after the theft, the chain reaction triggered by Kelp DAO is still fermenting, with more and more well-known projects such as Aave, LayerZero, and Arbitrum being drawn into it, even to the extent that some popular narratives are undergoing a death sentence.

Well-known KOL Feng Wuxiang stated on the X platform that only ETH is safe now, and ARB has authorized the freezing and transferring of customers' assets. No L2 is a true L2 now. L2 flourished because of Arbitrum, and it also perished because of Arbitrum.

Another notable KOL Blue Fox mentioned that the one who suffered the most from this Kelp incident is not Aave or Kelp, but LayerZero, simply because it is too shortsighted to see the essence of the entire event. The essence of this incident did not disprove L2 (never mind the fake L2), but rather disproved cross-chain bridges.

More and more intense viewpoints are emerging in the public opinion arena, with the parties involved in the incident each insisting on their positions and blaming each other. This has made the Kelp DAO theft incident a typical window for observing the division of responsibility in security accidents and the conflict between pragmatism and technological fundamentalism.

1. Is L0 disproven? Cross-chain bridges become the biggest losers

The key point of the event is the detailed hacker attack report released by LayerZero yesterday, which preliminary identifies the attackers as the Lazarus Group with North Korean connections. The attack was realized by poisoning the downstream RPC infrastructure on which its decentralized validation network (DVN) relies. The attacker controlled some RPC nodes and combined DDoS attacks to induce the system to switch to malicious nodes, thus forging cross-chain transactions.

"Using the compromised nodes to poison the RPC infrastructure and combining it with DDoS attacks on unaffected RPCs to force failover is a very complex method. This is essentially an infrastructure war," said Samuel Tse, Director of Investment and Cooperation at Animoca Brands.

At the end of the report, LayerZero stated that the protocol operated entirely as expected throughout the incident. No vulnerabilities were found in the protocol. The core feature of LayerZero's architecture is modular security, which in this case perfectly achieved its intended goal, isolating the entire attack to a single application—with zero infection risk to the entire system; other OFTs or OApps were also not affected.

This complete removal of responsibility has become the trigger for a huge backlash in public opinion, with many well-known industry figures unhappy with LayerZero's performance in this incident.

"L0 cleared itself of blame, and the entire article shifted the blame onto KelpDAO's configuration mistakes, while insisting it had no issues at all. Incredible. May I ask, why was a 1/1 configuration allowed to exist? How could the internal RPC list be obtained by the attacker? Why did the failover logic trust the contaminated RPC directly after the DDoS, instead of immediately stopping validation or at least taking some action?" renowned industry researcher CM retorted.

"This deliberately evasive attitude makes me very uncomfortable. The statement clearly states 'the protocol operates fully as expected.' The attack was described as RPC nodes being compromised and RPC poisoning. But RPC poisoning is not like that; their own infrastructure was compromised and destroyed. Given that the statement did not clarify how the intrusion occurred, I will not be hasty to re-enable the bridge," said well-known DeFi developer banteg.

Kelp DAO also responded, stating that the single-validator (1/1) configuration that led to this attack was not a choice made in defiance of advice, but rather a default setting in LayerZero's official guidelines, and the validator network (DVN) exploited by the attackers is LayerZero's own infrastructure.

According to analysis from Dune, among the 2665 OApp contracts based on LayerZero, 47% adopt a 1/1 DVN configuration, which is a single-validator mechanism, significantly amplifying the risks in the industry.

More terrifying than the occurrence of problems is the refusal of the parties involved to acknowledge mistakes and evade responsibility. As the number one player in cross-chain communication and Layer0 narrative, LayerZero's cross-chain infrastructure is used by hundreds of crypto projects to bridge tokens and assets across different chains. If it continues to maintain an arrogant posture, it will inevitably further affect the industry's confidence in it.

Public opinion generally holds that although LayerZero was not directly hacked, its reputation was harmed the most—it must pay the price for 'allowing weak configurations'; otherwise, the cross-chain narrative will collapse.

In other words, LayerZero not only needs to propose clear technical improvement measures but also needs to assume more responsibility for asset compensation schemes.

2. Is Layer2 dead? Arbitrum's extraordinary freeze

Discussions about Layer2 stem from Arbitrum's freezing actions. Today at noon, the Arbitrum security committee announced that it had taken emergency action to rescue 30,766 ETH stored at the Arbitrum One address, now worth 71 million dollars.

Arbitrum also stated that after extensive technical investigation and deliberation, the security committee determined and executed a technical solution to transfer the funds to a safe location without affecting the state of any other chain or Arbitrum users. The address that originally held the funds can no longer access them, and only the Arbitrum management can take further actions to transfer these funds, which will be coordinated with relevant parties.

According to industry interpretation, the Arbitrum security committee used a privileged state override transaction type (which is part of ArbOS but has basically never been used), allowing the attacker's private key to still sign transactions while the ETH of that address was transferred by the chain itself.

This special transaction type completely bypasses the attacker's private key, allowing only the chain itself (through the sequencer/ArbOS upgrade path, controlled by the Arbitrum security committee) to inject it.

It is reported that the Arbitrum security committee consists of 12 individuals elected by the Arbitrum DAO, and any decision requires the consent of 9 out of 12.

This caused a stir. Previously, Arbitrum, as a representative Layer2, was perceived not to have the capability or authority to manage user ETH assets, as this contradicts the decentralization spirit of blockchain.

In past hacking incidents, USDT and USDC stolen by hackers could often be frozen by Tether or Circle at the first moment to minimize user losses. As the chain's native asset, ETH has not historically been frozen or transferred by the chain itself, surpassing the expectations of most users.

Many viewpoints support Arbitrum's actions, such as "all companies, banks, and formal financial institutions will eventually adopt a secondary architecture. Acting like a centralized entity at critical moments is not a flaw but an advantage." However, this does not apply to many technical geeks.

"No private key required, no authorization needed, direct transfer." In many viewpoints, Arbitrum's recent operation has effectively redefined the decentralization level of Layer2, which has made them feel insecure on Layer2.

Blue Fox bluntly stated that this event has directly touched the ideological red line of DeFi: "Not Your keys, not your coins." This event once again returns to the classic dilemma of crypto: the security of pragmatism vs the security of complete decentralization.

Conclusion

When LayerZero says “the protocol operates fully as expected,” it retains technical correctness but loses public opinion and trust; when Arbitrum transfers 71 million dollars in ETH using privileged transactions, it saves user funds but severely damages the decentralization narrative of Layer2.

The Kelp theft incident has put two of the hottest narratives on trial at the same time: Is the cross-chain bridge an infrastructure or a risk amplifier? Is Layer2 a reliable expansion of Ethereum, or a secondary bank disguised as decentralized?

LayerZero was breached due to a single-validator node mechanism, while Arbitrum used a centralized special voting mechanism to recover losses for LayerZero and Kelp DAO. This forms an extremely ironic closed loop: a protocol that claims to be decentralized collapses due to its "single point of weakness"; in the end, it has to rely on the "centralized privilege" of another protocol to salvage the situation.

It forces the entire industry to face a question that has never been directly answered: When the ideal of decentralization collides with the security costs of reality, which side are we willing to sacrifice?

The discussion of grand narratives is one focal point of public opinion, while user compensation schemes are another realistic focal point of public opinion. Even if Arbitrum retrieves more than 70 million dollars through technical means, Aave still faces nearly 200 million dollars in bad debt; how should users' interests be duly maintained and protected?

In the vast majority of hacking incidents, losses on the order of millions of dollars can be catastrophic for a protocol, and users' claims often end in failure. However, this incident involves top-tier star projects such as Aave and LayerZero, and their bad debt handling schemes are of great interest.

Aave proposed two possible bad debt handling schemes today: the first is to socialize the losses among all rsETH holders (shared across the chain), and Kelp DAO will uniformly reduce the value of all rsETH (mainnet + L2) by approximately 15%; the second option is to only allow rsETH holders on L2 to bear all losses while maintaining the original value of mainnet rsETH.

However, Kelp DAO and LayerZero officials have yet to discuss their roles in the compensation scheme. From LayerZero's attitude in the report, which attempted to absolve responsibility, it is evident that the project believes that without responsibility, there is no obligation for compensation.

However, a protocol with a valuation of billions of dollars, regarded as a foundational dependency by hundreds of projects, choosing "technical immunity" in the face of enormous losses caused by DVN default configuration is a tremendous irony of the definition of "infrastructure."

This is a typical prisoner's dilemma, where the parties involved in the crisis are trying to minimize their losses through "interest segmentation," rather than repairing the trust deficit in the industry by sharing responsibility.

From the negative impact of this incident on all parties in the industry, this will be the most dangerous prisoner's dilemma in the history of the DeFi field.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。