Subscribe to Bankless or sign in
Although not even in the top 10 crypto hacks in terms of dollar-size, the LayerZero<>KelpDAO<>
Aave exploit will go down in history as the most consequential DeFi hack of all time.
The entire onchain industry is now on a completely different path than we were before.
The implications to crypto come in two buckets:
- DeFi needs to be Rearchitected
- Validators/Security Councils will need to standardize recovery operations (or give up control)
DeFi Needs to be Rearchitected
The LayerZero<>KelpDAO<>Aave exploit occurred because each component in their composable DeFi stack trusted each other.
KelpDAO trusted that LayerZero’s DVN wouldn’t ever be compromised (it got compromised).
LayerZero trusted KelpDAO to choose the appropriate level of security (they didn’t)- Aave trusted KelpDAO’s rsETH collateral to always be fully backed (it wasn’t)
Trust lowers the costs of transactions and improves the welfare of everyone involved. So, it's enticing to assume these protocols are operating inside of trustworthy environments.
But they are not.
Permissionless systems are inherently adversarial environments. Building under the premise that 99.99% of users are good doesn’t change the fact that it only takes one bad actor to attack the system.
The LayerZero<>KelpDAO<>Aave structure forgot this paradigm.
Upgrade to continue reading
- Support the Bankless Movement
- Premium Feed: Ad Free & Bonus Content
- Daily Market Analysis & Research
- Airdrop Hunter: Guided, Vetted Projects
- Claimables: Find & Claim Airdrops + more
- Private Discord w/ David & Ryan
