DeFi Security Incident Highlights Risks of Cross-Chain Protocols

A recent security incident involving Kelp DAO, a DeFi re-staking protocol, has highlighted the risks associated with cross-chain protocols and lending protocols.

The attack, which occurred on April 18, resulted in the theft of approximately $292 million worth of rsETH tokens. The hacker used a cross-chain message forgery attack to manipulate Kelp DAO's bridging contract, allowing them to mint fake rsETH tokens.

According to preliminary analysis, the attack was not a traditional re-entry attack or flash loan, but rather a targeted strike based on cross-chain message forgery. This type of attack takes advantage of weaknesses in cross-chain protocols, which can be exploited to manipulate assets and steal funds.

The incident has raised concerns about the systemic collapse of DeFi's 'Lego structure', where individual protocols are connected through complex networks of contracts and assets. In this case, the hack had a ripple effect throughout the industry, causing significant losses for Aave and other affected protocols.