LIMIT DAMAGE

“The TVL and Aave plunged from $26 billion to $17 billion kind of as like panic withdrawals happened. In response to this attack, Aave paused the RS ETH markets and the WETH reserves across multiple chains just to kind of constrain the damage. Now it's got $180 million in bad debt.”

“I think while I do think that this was a good action in this case when we view it in isolation, I think, were I on the Security Council, I likely would have gone along with this. I think that a lot of people who are right to celebrate it in the moment, we're going to look back on this, and it really has the potential to set bad precedents in a lot of ways going forward.”

“I think for everything digital, like we are in the probably 12-month period of max danger because we are now seeing AI systems at a certain level... they're able to find insane zero days, not just in smart contracts, but in traditional like web to like operating systems, browsers, like all of these things. It is really, really scary what is possible now.”

“In crypto, a hack is a physics event. It's closer to an aerospace, right? Because if you have an issue in an airplane, people die. In crypto, okay, if you have an issue, people don't die, but it's still very severe, right? And you have these irreversible damage, and now we see like systemic even.”

“If you build your system with the assumption that any individual component can break, and ideally that like maybe two different components, three different, however many components break, that you still can limit the damage. I think everybody has to assume both in the crypto ecosystem or generally, you are going to get hacked at some point... you need to have a plan for what to do when it happens.”

“Interestingly, turn of events, the Arbitrum Security Council recovered $70 million in ETH in a pretty unprecedented violation of chain state, basically seizing the stolen assets by Dow governance vote, kind of opening up Pandora's box about what immutability means on layer twos. There are a ton of conversations that kind of sprawl out from this.”

“April 18th, we had a hack in DeFi, likely North Korea's Lazarus Group... exploited KelpDao's Layer powered bridge to create 116,000 RS ETH tokens. That is the restaked ETH token out of KelpDao without any backing. So, extra tokens minted, they then deposit those tokens into Aave V3 across Arbitrum and Ethereum mainnet to borrow $236 million in wheat... leaving Aave with about $280 million in bad debt that it cannot recover.”

“April 18th, we had a hack in DeFi, likely North Korea's Lazarus Group... exploited KelpDao's Layer powered bridge to create 116,000 RS ETH tokens. That is the restaked ETH token out of KelpDao without any backing. So, extra tokens minted, they then deposit those tokens into Aave V3 across Arbitrum and Ethereum mainnet to borrow $236 million in wheat... leaving Aave with about $280 million in bad debt that it cannot recover.”

“Interestingly, turn of events, the Arbitrum Security Council recovered $70 million in ETH in a pretty unprecedented violation of chain state, basically seizing the stolen assets by Dow governance vote, kind of opening up Pandora's box about what immutability means on layer twos. There are a ton of conversations that kind of sprawl out from this.”

“In crypto, a hack is a physics event. It's closer to an aerospace, right? Because if you have an issue in an airplane, people die. In crypto, okay, if you have an issue, people don't die, but it's still very severe, right? And you have these irreversible damage, and now we see like systemic even.”

“What they did basically was to replace the RPC nodes they have deployed with a malicious RPC node, which showed fake data, right? And this fake data were piped into the validator network, which was not a network, which was just one node, was a one-of-one. And based on this fake data, it said, oh, there is a deposit on the unit chain of this amount of restrict ETH, of kelp-dell ETH.”

“If you build your system with the assumption that any individual component can break, and ideally that like maybe two different components, three different, however many components break, that you still can limit the damage. I think everybody has to assume both in the crypto ecosystem or generally, you are going to get hacked at some point... you need to have a plan for what to do when it happens.”

“What they did basically was to replace the RPC nodes they have deployed with a malicious RPC node, which showed fake data, right? And this fake data were piped into the validator network, which was not a network, which was just one node, was a one-of-one. And based on this fake data, it said, oh, there is a deposit on the unit chain of this amount of restrict ETH, of kelp-dell ETH.”

“I think while I do think that this was a good action in this case when we view it in isolation, I think, were I on the Security Council, I likely would have gone along with this. I think that a lot of people who are right to celebrate it in the moment, we're going to look back on this, and it really has the potential to set bad precedents in a lot of ways going forward.”

“The TVL and Aave plunged from $26 billion to $17 billion kind of as like panic withdrawals happened. In response to this attack, Aave paused the RS ETH markets and the WETH reserves across multiple chains just to kind of constrain the damage. Now it's got $180 million in bad debt.”

“I think for everything digital, like we are in the probably 12-month period of max danger because we are now seeing AI systems at a certain level... they're able to find insane zero days, not just in smart contracts, but in traditional like web to like operating systems, browsers, like all of these things. It is really, really scary what is possible now.”