Arbitrum, in the name of hackers, stole 70 million dollars back
Even if Arbitrum had used God's authority, the war was clearly far from over. 。
Original by Deepwater TechFlow
Last week, KelpDAO was stolen by hackers for nearly $300 million, making DeFi the biggest negative security incident this year。
The stolen ETH is now scattered on multiple chains, of which about 30765 remain in an address on the Arbitrum chain, worth over $7 million。
This story was supposed to be finished, and it's being repeated today。
According to the chain security agency Peck Shield, the money in the hacker's address on the Arbitrum chain was transferred a few hours ago, but strangely, it was transferred to a strange address that seemed almost to be zero。
Everyone was guessing that hackers had all their money burned in the black hole? Or did you find out about your conscience
Neither。
A few hours ago, the official forum Arbitrum posted an urgent action announcement explaining the situation. The hacker's money was transferred by the Security Council in Arbitrum。
But the magic is that the Arbitrum Council neither freezes the hacker's money nor has the authority to transfer it, without knowing the hacker's address's private key, but issues a transfer order directly “in the name of the hacker”。
The hacker himself had no idea, the private key had not been leaked, and the chain records seemed like hackers operated themselves。
And the idea behind this operation is that all cross-link messages between Arbitrum and the Ether Workshop go through a bridge contract called Inbox. The Security Council has temporarily upgraded the contract with emergency powers, adding a new function:
Cross-chain transactions are made in the name of any wallet address, but the private key of the wallet may not be required。
And then they faked a message with this function, which was sent by a hacker's wallet, which said, "Take my ETH, all to the frozen address." Following receipt of the Arbitrum chain, it was carried out as usual, and there was a strange scene in the top of the chain of transfers。
When the hacker's money is transferred, the contract is downgraded. Upgrade, forgery, transfer, restoration, all packaged in an ETA deal. Other users and applications were completely unaffected。
This operation has no precedent in the history of Arbitrum。
According to the Forum communiqué, the Security Council had previously confirmed hacker status with law enforcement, pointing to the North Korean Lazarus Group, the most active national hacker organization in the DeFi field this year. The Board conducted a technical assessment to ensure that it did not affect other users。
Now that hackers are not doing it right, it's kind of like, "Don't blame people for not speaking martial arts." As for the ETH follow-up to the freeze, go to the DAO in Arbitrum and coordinate with law enforcement。
It is certainly good to recover more than 70 million stolen funds. But the premise for this is to be noted that 9 of the 12 members of the Security Council can sign by bypassing all governance votes and delaying any core contract in the chain。
Commending results, worrying about capacity
At present, the community's response to the incident is divided。
Some people think Arbitrum is doing well, protecting assets at a critical time, but a little more faith in L2. Another part asked a very direct question: if a personal signature could move any asset in the name of anyone, would that be called decentrization。
According to the writer, both sides are not actually the same thing。
The former speaks of results, while the latter speak of capacity. The result is certainly good. More than 70 million stolen funds have been recovered. But the ability of Arbitrum to overwrite the contractual function this time is per se neutral; the ability to pursue hackers, what to use later, whether or not to do, how to do it, is in fact dependent on the governance of the Commission。
However, for the majority of those who use Arbitrum, there may be no other reality in this discussion. Arbitrum is not special, and the current mainstream L2 retains almost all of its emergency upgrades。
The chain you use has a similar Security Council with similar capabilities. This isn't Arbitrum's unique choice. L2 has this universal design at this stage。
In other words, the attack actually revealed a bigger picture。
The attacker, Lazarus Group of North Korea, has been attributed to at least 18 DeFi attacks since this year. Just three weeks ago, Drift Protocol stole $285 million in a completely different way。
On the one hand, State hackers are escalating their methods of attack, and on the other hand, L2 has begun to use bottom-up powers to counter them. DeFi's security battle is entering a new phase from "freezing afterwards, shouting on the chain, praying for White Hat intervention"。
An all-powerful key was created during the extraordinary period and the hacker's address was opened, and the key was subsequently melted. From this point of view alone, the ability to respond to hacker attacks is not bad。
And it would be too much to say if something had to go up to the philosophical discussion of “this is not central”. The centralization of the encryption industry is not a small number of operations, this time at least dealing with negative events and solving them, rather than creating them。
Looking back pragmatically, KelpDAO has been robbed of $292 million and recovered more than 70 million, less than a quarter of the total. The rest of the ETH is scattered on other chains, and over $100 million in bad debts on Aave has not yet arrived, and the amount of rsETH that can be recovered by the holders is still unknown。
Even if Arbitrum had used God's authority, the war was clearly far from over。
