Charles Hoskinson은 KelpDAO 해킹의 원인이 된 크로스체인 결함에 대한 해결책으로 Cardano와 Midnight를 지목했다

📄전체 원문· trafilatura에 의해 자동 추출됨6847 자

A cross-chain message forgery drained 116,500 restaked ether from KelpDAO on April 18, triggering what Cardano founder Charles Hoskinson called the largest DeFi exploit of the year and a contagion event that pulled billions in total value locked from the broader ecosystem within 48 hours. Charles Hoskinson Points to Cardano and Midnight as Fix for Cross-Chain Flaws Behind KelpDAO Hack Key Takeaways: - An attacker exploited KelpDAO’s cross-chain bridge on April 18, stealing 116,500 restaked ETH worth roughly $292 million. - The breach triggered more than $13 billion in DeFi TVL outflows within 48 hours, hitting Aave, Compound, Morpho, and at least 9 other protocols. - Charles Hoskinson says Midnight’s zero-knowledge proofs and multi-party computation could prevent this class of attack from repeating. Hoskinson Explains Why Cardano’s Non-Custodial Staking Sidesteps Restaking Risk Charles Hoskinson, founder of Cardano and Ethereum co-founder, broke down the attack in a video published from Wyoming, walking viewers through a custom artificial intelligence (AI)-generated incident report website. “The standard DeFi threat model assumes smart contract bugs are the dominant risk,” Hoskinson said. “That’s not true anymore.” He added: “Bridges can be very problematic. A one-of-one verifier is not good. Don’t do that. And then the problem is that if they steal the money, DeFi lending is the exit condition. So basically, you can deposit, you can lend, and when you get those tokens, you’re getting tokens unconnected to the theft, and the collateral is poisoned effectively.” The attacker submitted a spoofed Layerzero message that reached the endpoint v2 contract connected to Kelp’s restake adapter, which then released the tokens from an Ethereum escrow. The forged packet claimed Uni-Chain endpoint ID 30320 as its source. Kelp’s cross-chain configuration relied on a single decentralized verifier network, a one-of-one setup that gave the attacker a single point to compromise. The stolen tokens were not sold directly on decentralized exchange ( DEX) platforms, which would have crashed the price. The attacker deposited the restaked ETH as collateral in lending markets like Aave before Kelp or its partners could freeze positions, borrowing liquid wrapped ether against it and walking away with assets unconnected to the original theft. The poisoned collateral remained inside the borrowing markets. Llamarisk’s joint incident report, published April 20, confirmed 83,471 ETH equivalent spread across seven attacker wallets on Ethereum core and Arbitrum. The report outlined two resolution scenarios. The first socializes a 15.12% haircut across all restaked ETH holders, producing roughly $123 million in bad debt absorbed by Ethereum core’s reserve. The second isolates losses at the layer two ( L2) level, repricing tokens to 26.46% backing and generating about $230 million in bad debt concentrated across Mantle, Arbitrum, and Base, while leaving Ethereum core untouched. Aave alone saw between $6.6 billion and $8.45 billion in outflows. Wrapped ETH pools on Arbitrum, Base, Mantle, Linia, and Plasma hit near 100 percent utilization, effectively blocking withdrawals. At least nine DeFi protocols were classified as directly affected, including Compound, Morpho, Lido, Ethena, Pendle, Euler, Beefy, and Lombard Finance. Three separate post-mortems have been published by KelpDAO, Layerzero, and Llamarisk. None agree on where responsibility sits. Layerzero announced April 20 that it would no longer sign or attest messages for any application running a one-of-one DVN configuration, pushing a protocol-wide migration to multi-verifier setups. Kelp maintains that Layerzero’s default configuration shipped with single-source verification across Ethereum, BNB Chain, Polygon, Arbitrum, and Optimism, and that allegedly 40% to 50% of all Layerzero OFT applications currently use the same one-of-one setup. Onchain forensics suggest connections to the Lazarus Group, a state-sponsored hacking collective linked to North Korea. No independent forensics firm has issued a formal attribution, and the FBI has not commented publicly. Hoskinson: ‘If You’re in Cardano Land, You Just Click Delegate … We’re Liquid Non-Custodial’ Hoskinson pointed to the attack as evidence that bridge verification failures have replaced smart contract bugs as the primary DeFi threat vector. He cited the $46-minute window between the initial drain and Kelp’s emergency pause as a sign that incident response matters but cannot outrun the speed at which stolen assets can be deployed into lending markets. “What makes this novel is the contagion,” Hoskinson explained in his video. “It wasn’t just a bridge hack. It spread to lending, which then created bad debt contagion inside these lending protocols. It created a bank run, and we saw $13 billion of TVL pulled in a very short period of time for a $290 million hack. That’s a crisis of confidence.” He framed Cardano‘s lower exposure as a function of its liquid, non-custodial staking design, which removes the need for the staking-to-liquid-staking-to- restaking wrapper chain that created the attack surface at Kelp. Hoskinson argued that Midnight, Cardano’s privacy-focused sidechain, addresses the core vulnerabilities involved. Its Nightstream protocol folds entire chain states into proofs that travel alongside cross-chain messages, making forged messages verifiable before acceptance. “When people send messages, they can verify that what they’re seeing is correct,” he said. Multi-party computation support on Midnight would allow Layerzero to deploy turnkey two-of-three or five-of-seven DVN configurations with less operational friction. Charles Hoskinson Predicts Bitcoin Could Hit $500K in 2 Years, Likening It to Gold for the Internet Charles Hoskinson Predicts Bitcoin Could Hit $500K in 2 Years, Likening It to Gold for the Internet Cardano founder Charles Hoskinson envisions a glowing trajectory for bitcoin, predicting the top cryptocurrency could soar to $250,000–$500,000 per coin… Read NowCharles Hoskinson Predicts Bitcoin Could Hit $500K in 2 Years, Likening It to Gold for the Internet Read NowCardano founder Charles Hoskinson envisions a glowing trajectory for bitcoin, predicting the top cryptocurrency could soar to $250,000–$500,000 per coin… Zero-knowledge proofs would block poisoned messages at the verification layer. Network anonymization would make the DDoS component of this class of attack harder to execute. He said AI tools, including frontier models reportedly accessible to the Lazarus Group through bribed insiders at major AI labs, are enabling attackers to scan entire codebases for emergent vulnerabilities that no single human reviewer would detect. “Hacks are a part of life,” he said, “and they’re going to get much, much worse for everyone.”

데이터 상태✓ 전체 내용 추출 완료원문 읽기 (Bitcoin.com)

🔍과거 유사 사건· 키워드 + 종목 매칭6 건

2026-04-16

Cardano의 Charles Hoskinson은 Bitcoin의 양자 수정안이 Satoshi의 코인을 구할 수 없는 하드 포크라고 말했다

유사도 430%標的 ADA關鍵字 cardano/hoskinson/charles

2026-04-16

Cardano 창립자 Hoskinson은 양자 제안이 Satoshi의 Bitcoin을 구하지 못할 것이라고 말했다

유사도 330%標的 ADA關鍵字 cardano/hoskinson

2026-04-22

Cardano의 Leios 업그레이드와 Bitcoin DeFi 도구 Pogun, Input Output의 2026년 자금 지원 계획의 핵심으로 선정

유사도 320%標的 ADA關鍵字 cardano同分類 hot

2026-04-23