Arbitrum pretends to be a hacker and "snatch" KelpDAO's lost money back

Original title: Arbitrum pretends to be a hacker and "snatch" KelpDAO's lost money back
Source: Deepwater TechFlow

Last week, KelpDAO was stolen by hackers for nearly $300 million, making DeFi the biggest negative security incident this year。

The stolen ETH is now scattered on multiple chains, of which about 30765 remain in an address on the Arbitrum chain, worth over $7 million。

The story thought it was overThere's another one today。

According to the chain security agency Peck Shield, the money from the hacker's address in the Arbitrum chain was transferred a few hours ago, but strangely, it was transferred to a strange address that seemed almost to be zero。

Everyone was guessing that hackers had all their money burned in the black hole? Or did you find out about your conscience

Neither。

A few hours ago, the official forum Arbitrum posted an urgent action announcement explaining the situation。The hacker's money was transferred by the Security Council in Arbitrum。

But amazingly, without knowing the hacker's address's private key, the Arbitrum Council neither freezes hacker money nor has the authority to transfer itInstead, a transfer order was issued directly "in the name of hackers."。

The hacker himself had no idea, the private key had not been leaked, and the chain records seemed like hackers operated themselves。

And the idea behind this operation is that all cross-link messages between Arbitrum and the Ether Workshop go through a bridge contract called Inbox。The Security Council has temporarily upgraded the contract with emergency powers, adding a new function:

Cross-chain transactions are made in the name of any wallet address, but the private key of the wallet may not be required。

And they faked a message with this function. The sender wrote about hacking the wallet"TAKE MY ETH, ALL TO THE FREEZER."I don't know. Following receipt of the Arbitrum chain, it was carried out as usual, and there was a strange scene in the top of the chain of transfers。

When the hacker's money is transferred, the contract is downgraded. Upgrade, forgery, transfer, restoration, all packaged in an ETA deal. Other users and applications were completely unaffected。

This operation has no precedent in the history of Arbitrum。

According to the Forum communiqué, the Security Council had previously confirmed hacker status with law enforcement, pointing to the North Korean Lazarus Group, the most active national hacker organization in the DeFi field this year. The Board conducted a technical assessment to ensure that it did not affect other users。

Now that hackers are not doing it right, it's a little "don't blame everyone for not saying martial arts". As for the subsequent treatment of the frozen ETH, the DAO governance vote in Arbitrum is coordinated with the law enforcement authorities。

It is certainly good to recover more than 70 million stolen funds. But the premise for this is to be noted that 9 of the 12 members of the Security Council can sign by bypassing all governance votes and delaying any core contract in the chain。

Commending results, worrying about capacity

At present, the community's response to the incident is divided。

Some people think Arbitrum is doing well, protecting assets at a critical time, but a little more faith in L2. Another part asked a very direct question: if a personal signature could move any asset in the name of anyone, would that be called decentrization。

According to the writer, both sides are not actually the same thing。

The former speaks of results, while the latter speak of capacity。The result is certainly good. More than 70 million stolen funds have been recovered. But the ability of Arbitrum to overwrite the contractual function this time is per se neutral; the ability to pursue hackers, what to use later, whether or not to do, how to do it, is in fact dependent on the governance of the Commission。

However, for the majority of those who use Arbitrum, there may be no other reality in this discussion. Arbitrum is not special, and the current mainstream L2 retains almost all of its emergency upgrades。

The chain you use has a similar Security Council with similar capabilities. This isn't Arbitrum's unique choice. L2 has this universal design at this stage。

In other words, the attack actually revealed a bigger picture。

The attackers were North Korean Lazarus Group, attributed to at least 18 DeFi attacks since this year. Just three weeks ago, Drift Protocol stole $285 million in a completely different way。

On the one hand, State hackers are escalating their methods of attack, and on the other hand, L2 has begun to use bottom-up powers to counter them. DeFi's security war is entering a new phase from "freezing afterwards, shouting on the chain, praying for White Hat intervention"。

An all-powerful key was created during the extraordinary period and the hacker's address was opened, and the key was subsequently melted. From this point of view alone, the ability to respond to hacker attacks is not bad。

And there is too much to say if it has to be brought up to the philosophical discussion of "this is not central." The centralization of the encryption industry is not a small number of operations, this time at least dealing with negative events and solving them, rather than creating them。

Turning back pragmatically, KelpDAO was stolen by $292 million and recovered by over 70 millionLess than a quarter of the totalI don't know. The rest of the ETH is scattered on other chains, and over $100 million in bad debts on Aave has not yet arrived, and the amount of rsETH that can be recovered by the holders is still unknown。

Even if Arbitrum had used God's authority, the war was clearly far from over。

Original Link