In recent weeks, the major attacks carried out repeatedly by North Korea-related hacker groups in the crypto world have attracted attention. After the crypto trading platform Drift was recently targeted, a major cyber attack has now been carried out on the restaking protocol called Kelp using similar methods. Kelp is known as an important protocol in the decentralized finance (DeFi) ecosystem, which works integrated with LayerZero’s cross-chain infrastructure.
Suspicious Vulnerabilities and Attack Method
It turned out that the attack was carried out by abusing deficiencies and uncontrolled aspects in the basic operating logic of the system, rather than breaking traditional encryption or stealing keys. Attackers manipulated the resources that provide data to the infrastructure running the Kelp protocol, causing the system to confirm transactions with incorrect inputs. Fundamentally, how the mechanism works has not been changed; The authority and control weaknesses inherent in the system were exploited.
It was understood that the use of only a single auditor in the protocol’s cross-chain message verification process made the attack possible. This approach can provide quick and simple verification of transactions; but it creates a serious vulnerability in terms of security. Therefore, experts recommend requiring more independent and multiple verification mechanisms.
It is stated that in the Kelp case, the main security vulnerability stems from over-reliance on the system’s verification mechanism. It is emphasized that “The person who signs does not mean that he is telling the truth, the signature only shows who wrote it.”
Spillover Effect and Decentralization Discussions
The effects of the attack were not limited to Kelp. Since assets can be used as hostage on multiple platforms in DeFi protocols, the problem on Kelp has moved to other systems with a domino effect. In this process, infrastructures that provide inter-chain transfer and various platforms used for asset transfer were also damaged. It was reported that major players such as Aave, one of the lending platforms, suffered losses after accepting Kelp-derived assets as hostage, and even a single vulnerability could create a chain wave of stress in the market.
Claims of decentralization have also come to the fore again. It is stated that the presence of a single validator in the system does not fully reflect this feature, although the system is marketed as decentralized. Experts evaluate that, “In reality, decentralization is determined by the choices made; the weakest link can make the entire system fragile.”
A security expert said, “The main issue of this attack is not breaking the encryption, but clearly revealing how the structure was established. A single auditor in the infrastructure is not enough to be decentralized.” He quotes his statement.
Critical Support Layers on Target
It is stated that North Korean hackers have recently focused especially on cross-chain infrastructures and restaking protocols. These infrastructures enable the transfer of large amounts of crypto assets between different systems and play a critical role in the ‘background’ of the ecosystem. These layers, which are often poorly visible, can unintentionally contain large vulnerabilities. Experts say that instead of concentrating on exchanges or software bugs, attacks are now shifting to the interconnection points of the ecosystem, which are described as ‘plumbing’.
According to industry representatives, the attack on Kelp did not present a new security vulnerability, but rather showed the impact of known deficiencies and how they can lead to great risks if precautions are not taken. In particular, it is emphasized that security should be made a mandatory condition rather than a complementary option. In this period when attackers are rapidly developing methods, the fact that known vulnerabilities are still not resolved may lead to greater losses.
One expert said, “It is unacceptable for a protocol to present a setting marked ‘not secure’ as the default. For security, not everyone can be expected to read all the documentation and find the most correct setting.” expresses his opinion.
In total, Drift and Kelp attacks caused losses exceeding $500 million in two weeks. This situation led to both questioning the security culture in the ecosystem and increasing demands for tighter control and transparency in the decentralized finance world.
