# Сопутствующие статьи по теме Security

Новостной центр HTX предлагает последние статьи и углубленный анализ по "Security", охватывающие рыночные тренды, новости проектов, развитие технологий и политику регулирования в криптоиндустрии.

LayerZero Breaks Silence On $290 Million KelpDAO Crypto Exploit

LayerZero has addressed the $290 million exploit affecting KelpDAO's rsETH, asserting it was not a protocol failure but a result of KelpDAO's decision to use a single-DVN (Decentralized Verifier Network) configuration. The company claims the attack was isolated to this specific setup and confirms no contagion risk to other assets or applications. Preliminary analysis suggests the attack was executed by a sophisticated state actor, likely North Korea's Lazarus Group. The method involved poisoning RPC infrastructure used by the LayerZero Labs DVN, swapping binaries on compromised nodes, and using DDoS attacks to force traffic to the malicious infrastructure. However, LayerZero states its least-privilege principles prevented a direct compromise. The exploit was only possible due to KelpDAO's 1-of-1 verifier setup, which contradicts LayerZero's recommended multi-DVN redundancy model. A properly configured system with multiple independent DVNs would have prevented the attack. LayerZero has deprecated affected nodes, restored its DVN, and will no longer support 1/1 configurations. Aave has frozen rsETH and WETH reserves on its platforms as a precaution while confirming rsETH on Ethereum mainnet remains fully backed.

bitcoinist04/20 15:01

LayerZero Breaks Silence On $290 Million KelpDAO Crypto Exploit

bitcoinist04/20 15:01

Vitalik's Full Speech at the 2026 Hong Kong Web3 Carnival

In his keynote speech at the 2026 Hong Kong Web3 Carnival, Ethereum co-founder Vitalik Buterin outlined the platform’s vision as a "world computer" and detailed its technical roadmap for the next five years. Buterin emphasized Ethereum’s two core functions: serving as a public bulletin board where applications can publish verifiable data, and enabling shared computational objects like tokens, NFTs, and DAOs. He stressed the importance of Ethereum lies in its ability to provide self-sovereignty, verifiability, and permissionless participation without relying on trusted third parties. He discussed the evolution of Layer 2 solutions, arguing that meaningful L2s should complement Ethereum by integrating necessary off-chain components—such as oracles or privacy protocols—rather than simply scaling through centralization. Key short-term goals include scaling data availability and computational capacity through initiatives like increasing the gas limit and deploying zkEVM for more complex, verifiable computations. Buterin also highlighted ongoing efforts to improve quantum resistance, privacy, and efficiency through proposals like EIP-8141 for account abstraction and quantum-safe signatures. Long-term, Ethereum aims to maximize security and decentralization through formal verification, AI-assisted proof generation, and a hybrid consensus model combining Bitcoin’s longest-chain rule with BFT-style finality. The goal is a robust, easily verifiable platform that supports a wide range of applications—from finance and identity to decentralized social networks—while ensuring long-term resilience and trustlessness.

marsbit04/20 05:40

Vitalik's Full Speech at the 2026 Hong Kong Web3 Carnival

marsbit04/20 05:40

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

An open-source AI security tool flagged critical risks in Kelp DAO’s cross-chain architecture 12 days before a $292 million exploit on April 18, 2026—the largest DeFi incident of the year. The vulnerability was not in the smart contracts but in the configuration of LayerZero’s cross-chain bridge: a 1-of-1 Decentralized Verifier Network (DVN) setup allowed an attacker to forge cross-chain messages with a single compromised node. The tool, which performs AI-assisted architectural risk assessments using public data, identified several unremediated risks, including opaque DVN configuration, single-point-of-failure across 16 chains, unverified cross-chain governance controls, and similarities to historical bridge attacks like Ronin and Harmony. It also noted the absence of an insurance pool, which amplified losses as Aave and other protocols absorbed nearly $300M in bad debt. The attack unfolded over 46 minutes: the attacker minted 116,500 rsETH on Ethereum via a fraudulent message, used it as collateral to borrow WETH on lending platforms, and laundered funds through Tornado Cash. While an emergency pause prevented two subsequent attacks worth ~$200M, the damage was severe. The tool’s report, committed to GitHub on April 6, scored Kelp DAO a medium-risk 72/100—later acknowledged as too lenient. It failed to query on-chain DVN configurations or initiate private disclosure, highlighting gaps in current DeFi security approaches that focus on code audits but miss config-level and governance risks. The incident underscores the need for independent, AI-powered risk assessment tools that evaluate protocol architecture, not just code.

marsbit04/20 03:23

An Open-Source AI Tool That No One Saw Predicted Kelp DAO's $292 Million Vulnerability 12 Days Ago

marsbit04/20 03:23

a16z Founder: In the Agent Era, What Truly Matters Has Changed

Marc Andreessen, co-founder of a16z, argues that the current AI boom is not an overnight success but the culmination of 80 years of research, now delivering practical results. He emphasizes that this era is defined by the convergence of four key capabilities: large language models (LLMs), reasoning, coding, and agents capable of recursive self-improvement. Andreessen describes the agent architecture—combining an LLM with a shell, file system, markdown, and cron/loop—as a fundamental shift beyond chatbots. This structure leverages existing software components, allowing agents to maintain state, introspect, and extend their own functionality. He predicts a move away from traditional GUI and browser-based interactions toward an "agent-first" world where software is primarily operated by bots, not humans, with people simply stating their goals. He draws parallels to the 2000 internet bubble but notes key differences: current AI infrastructure investments are led by cash-rich giants and quickly monetized. He highlights that scaling constraints involve not just GPUs but the entire chip ecosystem. Open source and edge inference are crucial for democratizing knowledge and enabling low-latency, cost-effective applications on local hardware. Finally, Andreessen identifies significant non-technical challenges: potential short-term cybersecurity crises, the need for "proof of human" identity solutions, financial infrastructure for agents, and institutional resistance from sectors like education and healthcare. He cautions that societal adoption will be slower than technological change.

marsbit04/20 00:02

a16z Founder: In the Agent Era, What Truly Matters Has Changed

marsbit04/20 00:02

The Code Was Fine, But It Was Still Hacked: What Is the 'DVN Configuration Vulnerability' Behind the Biggest Hack of 2026?

Title: Code Was Secure, Yet $293M Stolen: The 2026 DVN Configuration Breach Explained On April 18, 2026, Kelp DAO’s restaking protocol was exploited, losing 116,500 rsETH (worth $293M at the time) due to a configuration flaw—not a smart contract vulnerability. The attacker used a forged cross-chain message to drain funds via LayerZero’s bridge, then dispersed the stolen rsETH across Aave V3, Compound V3, and Euler to borrow real assets, ultimately escaping with $236M in WETH. The root cause was a critical misconfiguration in Kelp’s LayerZero V2 setup: the protocol used a 1-of-1 Decentralized Verifier Network (DVN) threshold, meaning only one node approval was needed to validate cross-chain messages. The attacker compromised that single node, allowing unauthorized minting of rsETH on Ethereum. This configuration choice—permitted by LayerZero but highly risky—left zero fault tolerance. In contrast, protocols like ApeChain using multi-node validation (e.g., 2-of-3 or 5-of-9) remained secure. This incident highlights a blind spot in DeFi security audits: tools like Slither and Mythril scan code for logic flaws but ignore configuration parameters. The 2022 Nomad hack ($190M loss) also stemmed from a config error, bringing total losses from such issues to ~$482M—rivaling private key breaches. The Kelp exploit underscores the need for standardized config audits and higher baseline security in cross-chain designs.

marsbit04/19 23:56

The Code Was Fine, But It Was Still Hacked: What Is the 'DVN Configuration Vulnerability' Behind the Biggest Hack of 2026?

marsbit04/19 23:56

Kelp DAO Suffers $292 Million rsETH Exploit – Details

Kelp DAO has suffered a major cross-chain exploit resulting in the loss of approximately 116,500 rsETH, valued at nearly $292 million. The attack targeted a vulnerability in the protocol's cross-chain bridge mechanism, specifically through LayerZero’s EndpointV2. On-chain investigator ZachXBT first identified the breach, noting that the attacker used Tornado Cash to conceal funding sources. In response, Kelp DAO immediately paused all rsETH contracts across mainnet and Layer-2 networks, preventing two additional attempts to drain another $100 million in assets. The protocol is collaborating with LayerZero and Unichain for a full investigation. The incident has impacted the broader DeFi ecosystem, leading Aave to freeze rsETH markets on its V3 and V4 deployments as a precaution, though its own contracts remain secure. The stolen rsETH represents around 18% of its circulating supply, significantly damaging liquidity and user confidence.

bitcoinist04/19 22:33

Kelp DAO Suffers $292 Million rsETH Exploit – Details

bitcoinist04/19 22:33

Expert Predicts What Will Happen To Bitcoin Price Amid The Miner Shift To AI

Expert Charles Edwards warns that Bitcoin miners are rapidly pivoting to AI, which could negatively impact BTC's price and network security. Public mining firms expect Bitcoin revenue to drop from 90% to 30% in 2-3 years, driven by stock performance incentives—companies targeting over 80% AI revenue saw shares surge 500%. This shift reduces investment in new mining hardware, potentially weakening network security. Additionally, miners are selling BTC holdings aggressively, with over 32,000 BTC sold in Q1 2026, creating sell-side pressure. The halving rewards and low hash prices further squeeze profits, suggesting industry leaders lack long-term Bitcoin price confidence.

bitcoinist04/19 05:02

Expert Predicts What Will Happen To Bitcoin Price Amid The Miner Shift To AI

bitcoinist04/19 05:02

Harness Arbitrage Era: Rescuing DeFi from the SaaS Edge

The article "Harness Arbitrage Era: Rescuing DeFi from the SaaS Edge" explores the convergence of AI and decentralized finance (DeFi), arguing that AI-driven organizational models and token economies are surpassing DeFi and SaaS paradigms in efficiency. It traces how AI, particularly through agents and harness engineering, is quantizing human labor and organizational structures into scalable, automated systems ("Skill" extraction). Token consumption has exploded, driving data and content production costs toward zero, while SaaS models crumble as AI sells "work capability" rather than mere information. DeFi, though pioneering, has stagnated into a SaaS-like state—charging for transactions but failing to innovate fundamentally. The piece proposes that AI can reboot DeFi by enhancing security (e.g., via Mythos), optimizing capital efficiency, and redesigning token economics around verifiable, real-time returns rather than speculative value. Ultimately, AI agents learning from human behavior could autonomously manage DeFi protocols, making crypto tokens certificates of capital回报率 (return on capital). While AI reduces the value of data and repetitive labor, it opens new economic opportunities for individuals, reshaping finance through scalable, agent-driven automation.

marsbit04/19 01:16

DeFi Hacked Again for $292 Million, Is Even Aave No Longer Safe?

On April 19, a major DeFi security breach occurred, resulting in the loss of approximately $292 million. The attack targeted Kelp DAO’s rsETH bridge contract built on LayerZero, with 116,500 rsETH stolen. The attacker initiated the exploit using funds from Tornado Cash and manipulated the LayerZero EndpointV2 contract to transfer the assets. Kelp DAO confirmed the incident and temporarily paused rsETH contracts across multiple networks while collaborating with security experts for investigation. Initial analysis suggests the root cause was a compromised private key on the source chain, with the contract secured by only a 1/1 validator set, making it vulnerable to a single malicious transaction. The attacker used the stolen rsETH as collateral on lending platforms—including Aave, Compound, and Euler—to borrow more liquid assets like WETH, accumulating over $236 million in debt. Aave alone accounted for $196 million of this amount. In response, Aave froze its rsETH markets and stated it would explore covering potential bad debt through its Umbrella safety module, which holds around $50 million in WETH. This incident follows another large exploit earlier in April, where Drift Protocol on Solana lost $280 million. The repeated high-value attacks raise concerns about DeFi security, even affecting major protocols like Aave. Users are advised to exercise caution, diversify holdings, and limit exposure to on-chain protocols until more robust security measures are established.

marsbit04/18 23:31

DeFi Hacked Again for $292 Million, Is Even Aave No Longer Safe?

marsbit04/18 23:31

DeFi Hacked Again, Losing $292 Million: Is Even Aave No Longer Safe?

On April 19, DeFi suffered another major security breach, with liquid staking protocol Kelp DAO losing approximately 116,500 rsETH (worth around $292 million) due to an exploit in its LayerZero-based bridge contract. The attack originated from a compromised private key on the source chain, allowing the hacker to initiate unauthorized transfer via a single validator. The attacker used the stolen rsETH as collateral on lending platforms including Aave, Compound, and Euler to borrow more liquid assets like wETH, resulting in over $236 million in debt—$196 million from Aave alone. Aave quickly froze its rsETH markets and announced it would explore covering potential bad debt through its Umbrella safety module, which holds about $50 million in WETH. This incident follows a $280 million exploit on Solana’s Drift Protocol earlier in April, raising further concerns about DeFi security. Even established protocols like Aave are now indirectly exposed, prompting warnings for users to diversify holdings and limit exposure to smart contract risks. Investigations are ongoing.

Odaily星球日报04/18 23:24

DeFi Hacked Again, Losing $292 Million: Is Even Aave No Longer Safe?