QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
JULY 2024
GLOBAL
KELP DAO
DESCRIPTION OF EVENTS
"Liquid restaking with rsETH" "rsETH is a Liquid Restaked Token (LRT) issued by Kelp DAO designed to offer liquidity to illiquid assets deposited into restaking platforms, such as EigenLayer. It aims to address the risks and challenges posed by the current offering of restaking"
"Kelp DAO was founded by Amitej G and Dheeraj B, who have previously founded Stader Labs, a multichain liquid staking platform with $350M+ in TVL. The team is focused on building Liquid Restaking Solutions for public blockchain networks."
"Restakers stake their LST to mint rsETH tokens indicating fractional ownership of the underlying assets
rsETH contracts distribute the deposited tokens into different Node Operators that operate with the Kelp DAO
Rewards accrue from the various services to the rsETH contracts. The price of rsETH token assumes the underlying price of the various rewards and staked tokens
Restakers can swap their rsETH tokens for other tokens on AMMs for instant liquidity or choose to redeem underlying assets through rsETH contracts
Restakers can further leverage their rsETH tokens in DeFi"
"The attackers gained access to Kelp’s domain registrar account impersonating Kelp team and successfully convinced GoDaddy’s customer support that they were the legitimate owners of the account bypassing the 2-FA that was in place."
"The attackers gained access to Kelp’s domain registrar account impersonating Kelp team and successfully convinced GoDaddy’s customer support that they were the legitimate owners of the account bypassing the 2-FA that was in place. These attacks are very similar to the recent DNS hijacking that we had seen with several other crypto protocols over the last month.
It is appalling to note that the Kelp team was not intimated even once when all security restrictions were bypassed by GoDaddy customer support. We are working with GoDaddy to understand further details around the situation."
"Kelp's engineering team evaluated the situation and identified the root cause to be faulty nameservers routing users to different application code that was attempting to trick the users into phishing."
"The Kelp team immediately posted an update on Twitter, TG and Discord channels asking users to not interact with the dApp until more details emerged. Upon the first incident report, our engineering team evaluated the situation and identified the root cause to be faulty nameservers routing users to different application code that was attempting to trick the users into phishing.
Within 30 minutes after the first report, our team got GoDaddy to lock the owning account from making further changes. More information was provided to GoDaddy to authenticate ownership and gain access to ownership of the account.
Within 4 hours from the time the incident was reported, GoDaddy had restored ownership access at which point Kelp team promptly restored settings to make Kelp dApp accessible to users again. At 7:30 PM UTC the same day, Kelp dApp began to offer the correct functionality. We began to gradually let users know that the dApp was safe to use again while constantly monitoring all through. The issue was fully resolved by 8:30 PM UTC, 5 hours from the time the incident was first reported."
"We have received a few reports from users on funds lost because of this UI attack. If you are a user affected, please enter your details here so our team can work with you to support you better."
Kelp DAO provides a utility to allow investors to earn a return on staked assets and liquidity provided from their assets. On July 22nd, an individual was able to successfully convince GoDaddy customer support that they were the owners of the Kelp DAO, causing the DNS settings for the domain to be changed to a new server they controlled. This server mimicked the official Kelp DAO website and requested users to sign malicious transactions which would drain funds from their wallets. Several users were affected. It is unclear what the Kelp DAO plans to do, however they have provided contact information for users to reach out to them.
SlowMist Hacked - SlowMist Zone (Aug 15)
Kelp dApp UI attack | Post mortem | by Kelp DAO | Jul, 2024 | Medium (Aug 15)
https://kelpdao.xyz/ (Aug 15)
Introduction | Kelp (Aug 15)
@KelpDAO Twitter (Aug 15)
@KelpDAO Twitter (Aug 15)
@KelpDAO Twitter (Aug 15)
x.com (Aug 21)