Did North Korean Hackers Target Aave Again?

6 replies 349 views
chad100Senior Member
Posts: 180 · Reputation: 843
#1Jul 28, 2023, 08:27 PM
Looks like the Lazarus Group hit the Kelp platform and made some extra cash by shorting the AAVE token. Just five days after the V4 protocol launched with its new 'hub-and-spoke' setup, the hackers deposited 89,567 'fake' rsETH into the Aave death contract. This move sparked a five-day price surge for AAVE, only to end when the Kelp hack went down. That allowed the hackers to cash in with a 26% gain on their short position. This isn’t the first time around for the Lazarus Group, they did something similar with the Ronin bridge, shorting AXS and RON before that hack, predicting the price drop would follow the news. But here’s the kicker, with the Ronin hack, validators didn’t even realize for a week that $600 million was missing, and the hackers’ shorts were closed due to margin calls. With the AAVE situation, the news broke out right away, and prices tanked to their lowest levels all year. People started losing trust, and it caused a big liquidity scare for the platform. According to DeFiLlama, they’re down $6.6 billion in total value locked. Cryptomus analysts are saying that investors are still offloading AAVE tokens, and coins are flooding into exchanges.
7 Reply Quote Share
jake_gweiSenior Member
Posts: 346 · Reputation: 1359
#2Jul 30, 2023, 04:04 AM
They are trying to extract profit from all sides, but this kind of thing won't even become possible if the contract isn't hacked in the first place. There has been tweets about how white hat bug bounty hunters are getting underpaid severely for their bug reports, I think they should work on that to prevent this kind of thing from happening. It's better to pay white hat bounty hunters some money than getting entire contract drained.
4 Reply Quote Share
chad100Senior Member
Posts: 180 · Reputation: 843
#3Jul 30, 2023, 09:41 AM
White hats wouldn't have helped here. There was no code bug; it was simply an issue of having too few validators.
3 Reply Quote Share
jake_gweiSenior Member
Posts: 346 · Reputation: 1359
#4Jul 30, 2023, 01:29 PM
Although this is true that white hats wouldn't have helped since it's not code bug and 1/1 DVN is apparently intended mechanism that is even the LayerZero themselves said they are against it. But still, there is turmoil about how severely underpaid white hats are after disclosing bug that could potentially put hundred million dollar at risk and only getting $3k for that. Honestly there were critics about 1/1 DVN setup by wormhole co founder before rsETH exploit happened. If these aren't fixed, those hackers will keep doing the same exact thing you mentioned. Though yeah, the 1/1 DVN is problem on the KelpDAO themselves not a code problem.
0 Reply Quote Share
WildBearSenior Member
Posts: 206 · Reputation: 1230
#5Jul 30, 2023, 05:21 PM
If there's a definite hack that has happened to a project and its network, panic is the first thing to be felt by investors. And rather they shall see it go into void, they'll have to take care of their losses and deal with it. So they cut it. AFAIK, what Lazarus did to their stolen funds went through several mixers and did a lot of conversion for the authorities to have hard time in tracking it.
3 Reply Quote Share
raven1337Hero Member
Posts: 530 · Reputation: 3357
#6Jul 30, 2023, 11:06 PM
It's basically a basic logic. They knew they found a loophole to stole the money, then drain all of collateral. Once it happened, it would create bad news, which in result people were dumping their token due to the bad news that was affecting the platform. So it's obviuos this North Korean hackers were trying to fully extracting the platform and retails. This is also the reason why people slowly changed their mind about defi for the future.
3 Reply Quote Share
n0c0inerMember
Posts: 1 · Reputation: 109
#7Jul 31, 2023, 12:35 AM
No blame on North Korean Hackers any more! This is just ridiculors!
3 Reply Quote Share

Related topics