UNKNOWN

JULY 2024

GLOBAL

KELP DAO

DESCRIPTION OF EVENTS

"Liquid restaking with rsETH" "rsETH is a Liquid Restaked Token (LRT) issued by Kelp DAO designed to offer liquidity to illiquid assets deposited into restaking platforms, such as EigenLayer. It aims to address the risks and challenges posed by the current offering of restaking"

 

"Kelp DAO was founded by Amitej G and Dheeraj B, who have previously founded Stader Labs, a multichain liquid staking platform with $350M+ in TVL. The team is focused on building Liquid Restaking Solutions for public blockchain networks."

 

"Restakers stake their LST to mint rsETH tokens indicating fractional ownership of the underlying assets

 

rsETH contracts distribute the deposited tokens into different Node Operators that operate with the Kelp DAO

 

Rewards accrue from the various services to the rsETH contracts. The price of rsETH token assumes the underlying price of the various rewards and staked tokens

 

Restakers can swap their rsETH tokens for other tokens on AMMs for instant liquidity or choose to redeem underlying assets through rsETH contracts

 

Restakers can further leverage their rsETH tokens in DeFi"

 

"The attackers gained access to Kelp’s domain registrar account impersonating Kelp team and successfully convinced GoDaddy’s customer support that they were the legitimate owners of the account bypassing the 2-FA that was in place."

 

"The attackers gained access to Kelp’s domain registrar account impersonating Kelp team and successfully convinced GoDaddy’s customer support that they were the legitimate owners of the account bypassing the 2-FA that was in place. These attacks are very similar to the recent DNS hijacking that we had seen with several other crypto protocols over the last month.

 

It is appalling to note that the Kelp team was not intimated even once when all security restrictions were bypassed by GoDaddy customer support. We are working with GoDaddy to understand further details around the situation."

 

"Kelp's engineering team evaluated the situation and identified the root cause to be faulty nameservers routing users to different application code that was attempting to trick the users into phishing."

 

"The Kelp team immediately posted an update on Twitter, TG and Discord channels asking users to not interact with the dApp until more details emerged. Upon the first incident report, our engineering team evaluated the situation and identified the root cause to be faulty nameservers routing users to different application code that was attempting to trick the users into phishing.

 

Within 30 minutes after the first report, our team got GoDaddy to lock the owning account from making further changes. More information was provided to GoDaddy to authenticate ownership and gain access to ownership of the account.

 

Within 4 hours from the time the incident was reported, GoDaddy had restored ownership access at which point Kelp team promptly restored settings to make Kelp dApp accessible to users again. At 7:30 PM UTC the same day, Kelp dApp began to offer the correct functionality. We began to gradually let users know that the dApp was safe to use again while constantly monitoring all through. The issue was fully resolved by 8:30 PM UTC, 5 hours from the time the incident was first reported."

 

"We have received a few reports from users on funds lost because of this UI attack. If you are a user affected, please enter your details here so our team can work with you to support you better."

Kelp DAO provides a utility to allow investors to earn a return on staked assets and liquidity provided from their assets. On July 22nd, an individual was able to successfully convince GoDaddy customer support that they were the owners of the Kelp DAO, causing the DNS settings for the domain to be changed to a new server they controlled. This server mimicked the official Kelp DAO website and requested users to sign malicious transactions which would drain funds from their wallets. Several users were affected. It is unclear what the Kelp DAO plans to do, however they have provided contact information for users to reach out to them.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.