DeFi Ecosystem Hit by Sophisticated RPC Attack

A recent exploit targeting LayerZero's Decentralized Verifier Network (DVN) has caused a significant disruption in the DeFi ecosystem, with several protocols affected.

The attack, attributed to the North Korean state-sponsored Lazarus Group (DPRK), targeted two Remote Procedure Call (RPC) nodes used by the DVN. The attackers launched a Distributed Denial of Service (DDoS) attack against the primary RPCs, forcing the system to fail over to the compromised nodes.

The exploit allowed the attacker to mint fraudulent rsETH and deposit it into Aave, draining approximately $300 million in ETH from the protocol. This sudden exodus of liquidity caused a 'Whale Panic,' with several high-profile investors withdrawing large sums of money.

Aave has frozen all rsETH transactions across its V3 and V4 protocols to prevent further contagion. The market remains uncertain about the recoverability of the affected assets, with many questioning the role of 'bad debt' in the DeFi ecosystem.