The Chopping Block: Kelp DAO Hack Fallout, DeFi Socialized Losses & Arbitrum’s “Reverse Hack”

Users should be responsible for the fact that like I was lending my ETH on Aave. Like the risk is that you lose some of your money if one of the collateral scopes bad. But just pooled lending markets are not really, they're not configured in a way where they can handle this sort of like loss event gracefully. Like they either get recapitalized and everything's fine or they fail catastrophically and everyone loses all their money. Not a dividend. It's a tale of two funds. Now your losses are on someone else's balance sheet. Generally speaking, air drops are kind of pointless anyways. I named trading firms who were very involved. I like that ETH is the ultimate problem. DeFi protocols are the antidote to this problem. Hello, everybody. Welcome to Chopping Block. Every couple of weeks, the four of us get together and give the industry insider's perspective on the crypto topics of the day. Quick intros. First, you've got Tom, the DeFi maven and master of memes. Hello, everyone. Next, you've got Tarun, the gigabrain, and Grand Poobah at Gauntlet. Yo. Joining us today, we have special guest Monet Supply, the governance guru at Spark. Hello. And I am Hasiv, the head hype man at Dragonfly. We're early-stage investors in crypto, but I want to caveat that nothing we say here is investment advice, legal advice, or even life advice. Please see choppingblock.xyz for more disclosures. Gentlemen, it has been an insane week. Turns out this is the biggest hack all week. There's a second hack after the drift hack that we saw the previous week. Now there's a massive hack called KelpDAO. Now, KelpDAO, I had no idea what KelpDAO was until literally this week, but turns out it is deeply interconnected into almost everything in DeFi. So we have brought on Monet Supply. Monet Supply, you are a DeFi governance OG, one of the OGs of OGs. Very briefly for the audience, can you describe for us what your background is, what you've lived through in DeFi, and explain to us what happened here with the CalpDAO hack? Yeah, yeah, happy to. So I landed in the DeFi space in 2020 on the back of a few years previously in traditional finance. And originally I kind of like posted my way into a job with MakerDAO by just kind of posting in their governance forums. And then the rest is history. And I've been working previously with a risk consulting company for about five years. And then I moved over to Spark, which is a sub-DAO upmaker last year. But yeah, to get into kind of what's the state of play with KelpDAO and all the impact that it's had on the device base since the weekend, KelpDAO is a liquid restaking protocol. I think they have, well, they had a little bit over a billion dollars of TVL, so it's pretty major. And the vast majority of it was used as collateral for doing like looping trades essentially on places like Aave, Morpho, Euler, various other lending protocols. A looping trade you can think of as like a kind of a levered carry trade effectively. Yeah. Yeah. So you have this collateral that's earning, let's say, 3% in your borrowing at 2% and you just kind of like amplify or yield that way. A pretty common trade in DeFi, it's probably one of the biggest drivers of activity in TVL. And kelp down the quirk here, and this is where the vulnerability was kind of stemming from, is the bulk of the activity was on Ethereum mainnet, but they also used bridging infrastructure layer zero to have their token be available on a broad range of external chains in L2s, places like Mantle, Plasma, Arbitrum, a variety of others. There's a bunch of others. One of the other ones, which it was actually used very little on, but this is the source of the exploit, was L2 Unichain. and there was a pretty sophisticated hack where essentially we believe it was probably North Korea was able to forge a message coming from Unichain back to Ethereum. So they were, even though there were not this many tokens on Unichain to begin with, they're able to kind of forge a bridge message that said, I've burned over a hundred thousand KelpDAO restaking tokens on Unichain. it unlocked that amount on Ethereum. So basically, without actually having any money to start with, these hackers were able to get off with a bit over 200 million of stolen liquid restaking tokens. And because there's not even remotely close to this much liquidity where you could sell that on a decentralized exchange without just crashing the price to zero very quickly, the most efficient way to exit from these liquid restaking tokens, which they have freeze functions and various other sort of governance fail-safes, into a truly decentralized asset like Bitcoin or Ethereum, the most efficient way to do that was to post them as collateral on lending markets, on DeFi protocols, and then borrow the Ethereum. So that's basically what the start of the hack was, was stealing money from a bridge, posting it on various DeFi protocols like Aave, and there's a few others with smaller amounts, and then borrowing out hundreds of millions of dollars of ETH with these tokens. Right. So, okay, so there's basically all this unbacked CalpDAO restaking tokens that have been minted by presumably North Korea. North Korea can't sell them because there's just not standing liquidity to buy all this. And of course, everybody immediately sees, oh, somebody just hacked CalpDAO and minted all these things out of thin air. But, you know, so the liquidity might immediately dry up. The price might immediately dry up. But the lending protocols are just sitting there kind of just they have their parameters. They're just kind of like, yes, we are willing to accept hundreds of millions of dollars at such and such rate because we believe that the right risk parameters for this liquid resaking token, you know, it's back to the ETH is supposed to be there somewhere. So it should be relatively safe to lend against this collateral because, okay, it might not be the most liquid thing in the world, but it's clearly high-quality collateral, right? That was the thinking when these risk parameters were set into Aave in Compound and all these lending protocols. So North Korea basically borrowed against this fake collateral that they minted through this hack and then ran off with the ETH. And of course, they're not going to pay back the loans because why would they? And so now you're in the situation that Aave compound, a bunch of these protocols are stuck with bad debt. There is now this bad debt, these loans to North Korea that will never be paid back, and they have to figure out what do we do now? And one of the big questions is, okay, first off, whose fault was this? Who is to blame? And so now there's this gigantic, you know, the Spider-Man meme of the three Spider-Men pointing at each other. that's where we're doing that right now in DeFi. So the three players who are mutually blaming each other. So first is KelpDAO, right? So KelpDAO, they chose the parameters for all of these, sorry, they didn't do it themselves, obviously, but they chose the parameters for layer zero, the bridge. And layer zero, it was discovered, and they revealed this in their postmortem, was that their bridge had only a single validator. In layer zero, these are called DVNs. But basically, it's like a single private key that is signing these transactions. And it's basically saying like, yes, this happened. I looked at it on RPC or I ran a node. And this is the correct state of the chain. And therefore, I'm willing to mint this many new tokens, right? So there was a single signer. Now, LayerZero came out and said, this is not what we tell people to do. Go look at our docs. They like do a little screenshot of their docs. In our docs, we say, don't do a one-of-one DVN. That's not best practices. That's super janky. And that's why this thing happened that got hacked. Okay. So Layer Zero says, KelpDAO's fault. All right. KelpDAO points at Layer Zero and says, well, but hold on, motherfuckers. You guys actually ran the DVN for us. You guys, we paid you to run the DVN. And like, yeah, the one of one is one of – you are the one. You are the one of one that is signing our stuff. And you didn't tell us not to do that. Maybe it's in your doc somewhere. But you didn't tell us not to do this. And you're the ones who literally got hacked. So now there's some peculiarities because they didn't actually hack supposedly the node itself. They hacked the RPCs at the node. It was a very complex, very fancy attack that North Korea executed here. But so they say, okay, well, this is clearly their fault, not our fault. So both of them are pointing the finger at each other, which makes it unclear if somebody's going to be made whole here, who makes who whole? But both are saying not our fault. And then you have Aave, which right now is the largest lending protocol that's been impacted by this. And Aave is just kind of like, well, we have, so the quandary for Aave is that they had, I think, they had the risk parameter set that they allowed 300 million of this liquid restaking token to get borrowed, which is a pretty large number. But according to Aave, it's like, well, we have two set of stakeholders here. You've got the Aave holders on mainnet, and then you've got, or the Aave depositors on mainnet, and then you've got the Aave depositors on the L2s, right? And actually, Mainnet took a much smaller loss on a percentage basis than the L2s. And so there's now infighting within Aave of, okay, if there's going to be socialized losses here for Aave, who eats the losses? Is it, okay, the L2s are less collateralized than the L1, therefore the L1 holders, they're a separate group in the bankruptcy treatment and the L2s are a separate group or is everybody para-pasu? Everybody eats the haircut together. There's no precedent for this. As far as I know, I mean, Monet's supply, you tell me, but this is kind of like a case of first impression for what you do in the case of bad debt if there's no bailout. Now, there may be a bailout, for all we know. Right now, Aave's running around trying to raise money to go and just unstuck the funds. Last wrinkle in all of this is that last night, Arbitrum announced that they had done a extraordinary recovery mechanism. I don't know what the term is, a special operation. And their special operation was such that they basically replaced using their security council, which is a nine of 12 multi-sig of people who are not part of Arbitrum Labs or not part of the foundation. This security council, which is voted in by governance, decided that they were going to, in a single transaction, upgrade the L1 bridge contract to allow a special transaction to go through that modified the state of the layer two to move the coins belonging to North Korea to a special burn address, which will then later be dealt with by governance. So they basically flipped a switch that allowed them to basically steal back the money or confiscate the money from North Korea, which is about $70 million on arbitrage, which is a very significant portion of the funds that were lost, which were, for whatever reason, North Korea did not launder the money yet. They were just kind of sitting there. Immediately after this took place, North Korea started laundering the rest of the money. Maybe unsurprisingly, usually a good feature. North Korea usually tends to be pretty good about that. But that also caused another layer of drama of, oh my God, is this bad? Is this good? How do we feel about this, about Arbitrum making this extraordinary action? So huge discussion over the last 24 hours about what does this mean for DeFi? Who's to blame here? And did we do the right thing? So I will pause there. a lot to process. Tom, why don't we start with you? Just in any order, take your read of the situation and what you think went wrong and what you think went right. Yeah, what a mess. I mean, this feels like one of those cascading failure kind of things. There's this Swiss cheese model that people who build complex systems develop to try to mitigate these kinds of things where, hey, multiple different layers have to fail in order for something really bad to happen. And this feels a little bit like what happened. We saw many holes line up and just kind of propagate through um i guess i do i do kind of generally agree with maybe because it's a blame where it's like layer zero probably looks the worst than kelp dow than ave and i think you can kind of debate a little bit of the ordering of those but ultimately to your point there's like do you have kind of a duty of care or who do you who do you sort of have it to like who's who are you being compensated to ask for advice or service or whatever and here it's like yeah obviously if you're paying someone to run this for you you assume that they're going to be doing it correctly. And it feels like a little bit of a cop-out, you know, if you pay your mechanic and they like break your card and then say, oh, well, you know, I, you should have gotten a second opinion or you should have had, you know, multiple different mechanics look at this. And this feels a little bit like that. I think it's obviously easy to, again, also point fingers at, you know, Aave. And there's a lot of debate back and forth around, well, how do you treat these sort of pseudo-pegged assets like stable coins, liquid restaking tokens or staking tokens? There's certainly an argument to be made that well hey you know these should be still treated pretty conservatively um but like obviously in practice there's a very competitive market um a lot of these sort of carry trade yields are dependent on these things being treated like as as one-to-one you know collateral with with extremely high ltvs and so ultimately it's like i i find it harder harder to blame them when that is ultimately the way that you know a lot of these things get get treated but i think a lot of the discussion also is now sort of centering around rate limiting and speed bumps and delays. I mean, it was funny, like last episode, we were kind of joking that like, well, maybe the funds should take, you know, one or two business days to get from point A to point B. And now it feels like, you know, maybe that was actually, you know, less of a joke than it should have been. So I think everyone shares a little bit of blame here. Like I said, you try to sort of plan for best cases, but ultimately in every system, there are a little bit of assumptions. There are some assumptions and trust that get made for the sake of efficiency or the sake of competition. And unfortunately, those kind of line up in a way that isn't great. Well, so there's no real precedent for like a multi-party failure in crypto, right? Every time I can think of when the maker auctions didn't clear or when there's a protocol that would happen with Drift, usually it's very clear who the party is, who is on the hook. This is really unique because it is genuinely unclear who is supposed to pay remuneration. And there's an assumption always in crypto is that you must always remunerate if you can, right? There's basically nobody talking about like, well, you know, you were lending, you took risk. This is what, what are the risks where, was that like, yeah, bad things can happen to you. Like nobody's even contemplating that being the answer is, is this thing not being made whole. So what do you think is, you know, much less like, okay, who's to blame? You say, okay, there's your number one, kelp down number two, and then Aave number three. How do you think the adjudication of who pays up? because the story being circulated on Twitter is that everybody's lawyered up and everybody is like, you know, everybody has a lot of money to pay for general counsels now. And they're all being like, yeah, you definitely, you do not accept blame. You do not say that we were responsible. You do not say we're going to, you know, everybody else has to pay but me. So you've got a Mexican standoff going on right now from a liability perspective. What do you think should the norm be about what you do in situations like this? I mean, you know, frankly, I like do maybe side more in that kind of, you know, not quite libertarian approach, but hey, if you are underwriting this as collateral, you're underwriting it as collateral. And that is codified into the smart contracts. You can look at it with your own eyes. You can decide, hey, is this worth the risk for me lending or not? It's not like there was some bug that was exploited. And I think that gets a little bit cutesy around, well, you should have noticed the zero day in the smart contract before you put your assets in the vault But here we seen stablecoin ZPEG and other issues with liquid with staking tokens in the past And so you should be thinking about hey what risk am I sharing with other people in this pool And how do I sort of think about socialization there I think for everything else it feels like it more like a bilateral kind of issue of hey, if I paid you for this service, it feels like there's more like destruction to the equity value of my company or to the value of my token versus, hey, this is something that I need to sort of get paid back to, you know, stakers or something like that. But again, it just feels also maybe a bit dissimilar that, like, everything was pretty, you know, clear cut, and people were okay underwriting, you know, the risk assumption and security assumptions in every individual part of the protocol. And in this case, okay, they're happy to be this, like I said, this weird, you know, sort of exploit in this RPC message, and that sort of causes this cascade. But, you know, again, that's something that you could have modeled and thought about ahead of time, and people agree to take that risk when they deposit it? I would say it's just a bit more challenging with sort of an ABE-styled pooled lending market because just taking this example on ABE Core, so there was a bunch of RSETH, this packed liquid staking token that was used to borrow ETH, but then there's also a lot of ETH that was used to borrow stablecoins and stablecoins that were used to borrow other stablecoins. And so like it's not basically if like someone doesn't stand in to like try and create like a resolution or something like if any of these links in the collateral chain lose too much money, like let's say maybe 20 percent of their value or more. Like it just cascades through every other part. And I mean, the end result is the entire market would just have a catastrophic failure. And like the amount of losses would become much, much greater than what it started with. So, yeah, I think it's, you know, users should be responsible for the fact that like I was lending my ETH on Aave. Like the risk is that you lose some of your money if one of the collateral scopes bad. But just pooled lending markets are not really they're not configured in a way where they can handle this sort of like loss event gracefully. They either get recapitalized and everything's fine or they fail catastrophically and everyone loses all their money. so okay so uh monet how would you characterize the ordering of who's to blame and how you think remediation in a situation like this is pretty complex ought to be done yeah i mean i guess you know i'm not uh privy to any sort of like agreements and stuff that these people have you know had between each other as part of their bridge operations and stuff of this nature but I'm guessing that Layer Zero has like terms and conditions if you're using their DVN where like they're not actually accepting any liability of whether or not they're doing a good job. So legally, I'm assuming KelpDAO is probably the most culpable. They chose the DVN setup. It's their product that lost the money. But the flip side of this is that KelpDAO is by far worth the least of any of these projects. It's, you know, sort of a commodity business. I don't think there's really any realistic prospect that even before the hack that there was you know 200 million of like equity value that would you know someone would be willing to bail out what was the ftv does anyone know it's it's what's the token called i think it's called kernel they do some other stuff on bsc i think so so not much yeah i mean i'm imagining uh it was like less than 100 million like okay so yeah they definitely can't pay even in the universe where we decide they're at fault yeah layer zero you know they're a much more successful project maybe they could pay but like probably you know from like a legal standpoint i'm assuming they covered their ass pretty well so they're not going to be willing to that kind of like breaks the seal too of like now whenever they're providing dvn services or like if their documentation isn't good enough like they're accepting all of this open-ended liability, which is, I mean, yeah, I don't think anyone could accept that. So that it makes sense that they're going to hold firm. And then maybe the least culpable in a sense, but like the closest to the user's money is Aave. So like, you know, I really, I think as like a lending protocol, if you're relying on all of your dependencies to be doing a good job, Like you're kind of not doing as good of a job as you should be doing. You know, the buck kind of stops with you as the lending protocol operator. So people have discussed rate limits. It's something that like Spark, we've had these for years where you can only deposit so much of an asset per day. There's plenty of solutions that, you know, in hindsight could have significantly reduced the impact here. And I mean, I think, you know, I'm sure Aave is going to be looking at a lot of these like risk remediation things. We're looking at it. I'm sure compounds everyone else in the space is like going to be just like thinking of how do we how do we lock everything down as much as possible so that even if our dependencies get hacked by North Korea, like we minimize the losses. So you think the answer is basically Aave was facing the customers. Right. So like, you know, if you're if you're KelpDAO, like, well, you know, the people who hold the real RSEs are fine. It's only, you know, the people who got the fake RSEs that are in trouble. And then if you're Layer Zero, you're like, well, you know, our customer is KelpDAO and maybe KelpDAO is upset. But like we have a contract with them and maybe they terminate the contract and like boohoo. But like our customers are not Aave users. Those are not the customers of Layer Zero. and so your claim is like well you know ave was the one that actually owe the duty of care to the depositors the depositors the ones who are down they are the ones who ultimately cashed out north korea and so it's it's on ave to pay people back is that more or less the a good summary of your position yeah i mean it's maybe i would put it like a little bit less than like a like moral or like philosophical standpoint but just like ave is the only one who is close to the users and also has even like a remote capability of paying people back so more than the second part i agree they have a much bigger market cap they're probably better capitalized so it's it's plausible that they can pay people back whereas it's not really plausible that you know zero has a high fdv but much lower much lower market cap than than uh avi does so that part i agree with but but i do think like we are setting a norm right now that is going to be remembered for a long time like there's no way this is the last time. In the early days of DeFi, there were really not that many complex systems because the Maker auctions, it was just Maker. There's no other input into Maker at that time. Now everything is connected to everything. So it's a lot more likely that failures become these kind of complex chained things that you have to kind of look back and say, okay, yeah, there are service provider agreements, but there's also the general market expectation of what's supposed to happen, right? Like the whole thing about getting bailouts, people expect to be bailed out, right? There's really, nobody's contemplating, well, we just lose the money and boo-hoo and you learn to do diligence better. People know what the right answer is. The right answer is people get their money back. And they're just kind of waiting for the parties involved to get that answer because it's like, well, obviously that's what has to happen. So my point is that I think the way that we decide, and we, it's not necessarily us on a fucking podcast, but the people in the room or the lawyers who are going back and forth, whatever they decide is going to be norm-creating for this industry. I'm curious what you think of that, Mané. I mean, I think you're probably right. Whether this particular situation is going to be conducive to creating good precedents, I'm definitely less convinced. Yeah, I mean... I think there's good arguments that Layer Zero and KelpDAO, from a moral standpoint of who is most at fault, they probably are it. But it's just because you're not actually – I think there's a very low probability of actually getting any money out of them. I feel like it'd be more productive to just say, okay, KelpDAO is a zero. Layer Zero is riding off into the sunset. What do we do as Aave and then maybe the chain ecosystems, Arbitrum, with the 30k ETH that they reverse hacked? Some of these other chains where Aave is operating... Is that the legal term now, reverse hacked, for that? Hackback? I think that's the legal term. All right, Tarun, what's your take? Who's at fault? And what do you think ought to be done in remediation? i am not a legal expert or lawyer so i don't really even there's no law there's no law governing to be honest but i will say the following i agree there was a really good tweet by doug colkett who we've had on the show before or the weekend about how this sort of makes the roll-up centric roadmap look kind of bad because it kind of says hey the either the l2 assets are sort of junior to the mainnet assets or vice versa. And you don't really know kind of the kind of mezzanine structure, like the waterfall structure that's implicit in the L2 roadmap, right? Like the ability to call the L1 to withdraw is not always available to you as the Arbitrum thing shows. But it also kind of shows, hey, the losses can be unevenly distributed despite me thinking I had the same asset. Now, the other thing that is kind of scary to me, and I still have not seen a full analysis of, and I imagine this, to me, this is the biggest security thing, is the way that the exploits seem to have worked is like I had this 100K-ish ETH on that existed that was locked in a OFT contract, like this bridge contract. And basically, there was a way to forge messages such that the nonces didn't agree, which sort of suggests that the client either was completely zero-dated and injected something such that the entire software stack that was running, like Layer0, whoever was running the DVN, was either completely owned, like the attacker had root access to their machine, changed the geth binary, ran a malicious geth binary, and generated this thing. Or they found some zero-dating geth that no one knows about. they said that they hacked the rpcs and replaced the the geth with their own yes but but my point is how did you how did you do that that means you got root on the the validator node basically on the rpcs yeah yeah on the rpcs yeah so that's kind of very scary that's even scarier to me because like okay well aren't there other fucking dvns run in the subnet like should i could very easily imagine there's like a much bigger attack surface area that people haven't kind of fully explored i don't think the answer has been satisfactorily given that like everything else is locked down right like i think that to me is the scariest part the other thing is this is much this is even crazier than the drift stuff because the drift stuff it's like i replaced the the the signing contract in a way that is very legible like even though i understand that they did this malicious attack, I can actually look at the entire trace and tell you exactly what happened. Here, there's some injection step that I don't understand whatsoever, and there are still billions of dollars of assets using the same framework. So I'm just personally a little bit very paranoid about this whole setup. And yeah, it is a kind of interesting thing in that the roll-up roadmap implicitly defines a weird waterfall structure for the end users of these protocols whether they're bridging whether they're borrowing whatever there's also another let's hold on but this is not canonical bridges right this is like layer zeros yeah yeah for sure it's not like the actual l2 bridge yeah but the canonical bridge can go freeze your assets as we you just learned with the arbitrum the arbitrum is not yeah yeah yeah yeah sorry i'm just saying like all of these things show there's like some implied waterfall structure, right? Like if I were to like codify this and draw the flow of funds diagram, the roll-up roadmap has the most fucking complicated flow of funds diagram. And you can't even tell me, it's actually, it feels like it's a decision tree that keeps branching. There's not like a, oh, here's the end of the flow of funds diagram. That level of complexity is actually really crazy, right? To, if you, you know, until, unless you kind of figure things out. The other thing that's interesting to me is that implicitly these bridge hacks effectively say that like lending protocols are with 99% probability they're holding a collateralized asset, but they have this 1% making up the numbers, but like there's some probability that it's actually under collateralized and it's effectively unboundedly under collateralized. Right. And that risk is actually, especially in these cross chain type of things i think the expected value you know this is definitely the expected value if that was computed wrong right and i think like that that aspect is very hard to deal with i agree with that like you basically have to have isolation plus chain like knowing the entire chain of mints and like being able to kind of like halt at a certain point and have restrictions like there's obviously going to be a lot of changes but i'm still very scared about how the attack happened this one's feel does not feel like some of the attacks the last few weeks where i'm like okay i really understand the full end-to-end thing i really don't understand how this rpc injection happened in a way that's satisfactory and like maybe someone out there does right now right but and like but that part is very scary to me that part i also think could be the first real like ai thing where like i how did i craft the malicious binary that ignored non-308 well and As in, how did I craft the entire binary that did that? That actually is quite non-trivial, and you could imagine that's a very good AI task. Right. I mean, if they got root on an RPC, they could reply. I guess I'm not following, because they didn't take control over the DVN itself. Well, they had to make the malicious binary, and they also had to not check any state roots, right? Like, if they checked some state roots, okay, maybe there would actually be some evidence of how this was done, right? Yeah, yeah. Like, oh, the DVN is not itself running anything that was... Right, but how do I construct the binary that does that is not necessarily trivial, that does the exact nonce steps that we saw. And there's multiple ways you could have done that. And that is, to me, what is scary about this whole thing. Right. So many people, I think there was a Dune dashboard going around that showed all of the one-on-one DVNs, and there's quite a lot of them. And of course, some of these people are doing a direct contravention of what Layer Zero is recommending. Many of these people, though, Layer 0 is running the DVN that is 1 of 1. There's a bunch of people who are running 2 of 2. And a lot of people are like well you know everybody quickly move to 2 of 2 That way you know it secure Well that why the not knowing how the RPC was injected is scarier Because like K of K doesn't matter if the injection method is repeated. Right, right, exactly. If they have just a generalized ability to just, you know, pwn you if they find where your thing is located, then it doesn't matter what the K is unless you have a much larger security surface area. you're running very different software or very different operating systems or whatever it is. I mean, unfortunately, Layer Zero didn't give us enough detail about the compromise path to give anybody else any confidence about how to avoid these kind of attacks going forward other than, okay, don't do one-on-one, right? And like, that was kind of what Layer Zero effectively blamed it on or attributed the attack to is that, oh, it's because it was one-on-one. But, you know, to Turing's point, maybe if it's two-on-two, North Korea could pop the two. So we don't yet have a great answer, although the fact that they only attacked one is probably good evidence that there was something idiosyncratic to RSE that made it the right target for this. Usually when North Korea blows something, they blow everything. Well, there was something idiosyncratic to a Unichain RPC for RSE. Yeah, possible. Right, right. But there's a bunch of other assets going into Unichain as well. So I don't know. It's confusing. We don't have a great answer there. The lending markets made it one of the most extractable opportunities. I saw someone had a chart of what were the low-threshold DVN-bridged assets, and then either how much DEX liquidity they had or how much collateral capacity they had. And RSETH was far and away the most because it's listed on a lot of ABE instances with large supply caps. so it's kind of like a it's like mev of a sense where like because like these lending markets were making it a very enticing target to to hack i mean it's a hundred percent mev in the sense that like it's i'm literally changing the ordering that the client is reading things it's just a weird form of mev because i can't tell why the thing was accepted that that's the part i'm still like i still find the other thing is like what is the only real solution to this assume that you know people are going to just run these one-on-one things a you have some state root verification like every time and a lot of rpc providers offer the state verification like that part i thought was a little that that stuff can be fixed the other is like and i've seen some people in solana poster talk a lot about this about like verifiable builds like giving being able to like give if anyone changed the the binary that the rpc is running like you can detect from from a kind of verifiable build signature but all of these things slow things down a lot and like why did people love the layer zero yeah either sgx or like a verifiable build where like the binary outputs a signature of itself with the output like you give it input and the binary just says signs in a certain way so it doesn't need to be full sgx there's like ways of doing it that are simpler it's not necessarily giving you verifying that i did the right computation it's just verifying that the binary the exact instruction set is the same it hasn't been touched right so so you can do that more efficiently but it but the thing is like why did people want to use these of t things it's because of speed right they didn't want to use the canonical bridge they didn't want to wait right like and i think a lot of the compromises from the speed stuff are going to come back in we're going to come back to there was a long time right where everyone was debating like how long should the withdrawal period for an l2b i think we now have a lower bound like this attack gives you a time frame that like actually it needs to be more than x or even for these kind of non you know i don't know that i fully agree with that i mean if you look at like axelor or you look at you know the some of the zk bridges like the latency is not or even more much yeah or even more all the latency is not bad it gives you much stronger guarantees about the correctness of the state transition on the other chain i think this was just genuinely like this is a very yolo construction for a bridge right like you're just basically trusting one dude and the one dude is has two hats on or has one hat in his hand and one hat on his head so like this you know this was not a bridge this was like a single signer basically um who's just like yeah cool you know it's like that the meme of the guy checking the door like yeah moving is uh it was one of those now it's like if that were the case then like don't let people run this as a one-of-one or as soon as don't take payment for doing it right it's it's software maybe people can go run and do it but like generally i i do find it like kind of i don't know a bit shallow when when you developers say oh you know don't you shouldn't have done in this configuration it's like but you will ladder this configuration and like maybe if you have some insane warning that people have to prompt through several times as sometimes you do if you are doing something really insane with your computer that's okay but here it's like the developer also is taking payment say yeah this is great one of one is fine but you probably shouldn't be doing this and like that's kind of like the two-facedness of it. Yeah. That's one of the reasons why I think there is a public perception that layer zero is the most at fault, regardless of whether there is a strict legal liability that can be imposed on them. I think the view is that like, look, you guys got hacked. It's like North Korea got in your shit and you guys literally were being paid by them to run this bridge. A line in your documentation is not a sufficient kind of mollifier to say like, oh, well, clearly KelpDow was at fault. KelpDow was, you know, obviously to some extent at fault in making this choice. But I think it's massive extenuating circumstances for the fact that they were buying the service directly from Layer Zero and Layer Zero was supplying it and Layer Zero was the one that got popped. So now that said, I don't expect Layer Zero to pay back anything. I'd be very surprised if they did. I agree with Monet. The logic of the customer remediation is that, look, they don't feel any obligation to make Aave holders whole. Why would they do that? And Aave does. If Layer Zero doesn't pay anyone back, Layer Zero probably is not going to get punished except in public perception. Their business is going to continue on. But for Aave, if Aave doesn't pay people back, their business is in trouble. um so i think that i think there's a there's a there's a there's a there's a kind of real politics to like who's going to hurt the most if they don't give in to finding some remediation path and i think the answer there the reality is it's ave uh because of their proximity to the customer and because of the impairment of the core business so just just also to make this clear because i don't know that we underscored this quite so much uh if you're a depositor on ave right now you cannot withdraw because basically there's like the utilization on ave is 100 for the assets that people borrowed against. And so Aave, if you're a depositor in Aave, you're stuck until somebody figures out what to do here to put some money back into Aave and allow people to start withdrawing unless they allow rates to float really, really high, which they have not done. There is a now semi-liquid secondary market for AWEF and some other assets I've seen. You can sort of get a sense of what a haircut would be. It's not as much, I've been watching this over the weekend a little bit, as just a sentiment, like a gut check. It was as much as 10% or more, I think, at some point on Sunday. But now it's like 30 bps or something like this. So it's tightening up. It's almost nothing. Yeah, people are not expecting to lose a lot of money, at least on the Ethereum. 30 bps? That must have been after the arbitrum. Yeah, after the arbitrum. It was. And also, like you mentioned earlier, there's kind of like the L2 versus L1, like where does the loss get so high? We're also thinking there's a possibility. So the L2s are trading at a deeper discount. I imagine. I think there's not as much of a liquid market for most of the L2 chains. But yeah, there's got to be some sort of baked in, like, well, maybe L1 doesn't take any loss. Wow. Okay. So we've got a nice little prediction market going. So, okay. Market understands that the L1 depositors are going to get bailed out at the very least. I guess the question, and obviously the arbitrum yoink is certainly helping, right? It helps the math work much easier if that $70 million can be distributed back to the people who are facing losses. So I guess the next question, and this is – Galvin has a lot of conversation over the last 24 hours. What do we think about Arbitrum doing this special operation to extract the ETH? A lot of people dunking on them. I actually saw – I think relative to previous times this happened, so I think the last time we saw this happen was with SWE when their DEX CETIS was hacked. This must have been like a year and a half ago or something. But since then, we haven't really seen anything like this. My perception was that the sentiment was actually very positive about what Arbitrum did here, despite the fact that historically, I'd say the dunking ratio is usually like, call it two to one. Here, I think it was kind of the other way around, is that it was more positive than negative, at least what I saw in public sentiment. Wanted to get your guys' read, how you think about this. I think the first time I've seen this happen for a layer too. Tom, what was your reaction to the bailout? Yeah, I guess similarly saw pretty positive sentiment. I mean, I think it helps that 9 of 12 for the multi-state is like a pretty high threshold. Like I think it's 9 of 12, 9 twelves of validators in a network, you know, agreed to do an invalid state transition. I don't think people would totally question that. And this just happens to be the way Arbitrum is set up. And people know that when they use Arbitrum. I also think in this case, it's also very obviously North Korea bad. It's pretty bright line. It's not, oh, it should be socialized losses or, you know, who is this person or whatever. It's like, you know, do you want North Korea of the money or not? And I think in some respects, it's literally following the way that the contracts are written in a way that is very legible. So I don't know. I'm pretty supportive. I think it's, I appreciate the sort of immune system kicking in of saying, you know, hey, this is not, you know, decentralization. But ultimately, you know, anything is has some sort of threshold at which point that's consensus. And that's the way all these systems work. And in this case, this just happens to be the way consensus gets formed. okay so i'm gonna guess we're all gonna say this is good does anybody does anybody think it's not good man hey you're good uh i i think it's good you know there's uncomfortable precedence sort of issues there we're like so this taking back 70 million dollars i think we're all gonna just say yeah i think we're all just gonna say yeah we agree that's good because north korea but let me let me maybe um give the devil's advocate because i want i want to vitiate the debate a little bit. So I think the counterpoint would be, look, maybe in this case, you know that it's good, right? This is kind of like, let's throw somebody in jail without a trial because we know they did it. We know that O.J. Simpson is guilt or whatever, right? But once you do that, you open the Pandora's box that you cannot come back from. The principle is worth defending. And the principle, you might think that this case is a bright line case, very obvious. There's nobody in their right I would ever object to the fact that North Korea did it and North Korea shouldn't have the money. But when you start making that distinction, you will be surprised at who will come after you next, demanding that you do the same for them, whether it's a government, whether it's a regulator, or whether it's somebody who's claiming that North Korea has hacked them. And for all you know, we don't have confirmation yet that North Korea hacked them. We just have, you know, Lazio has attributed it to North Korea, but they haven't even confirmed, right? Drift, I think, confirmed through these auditing firms that, yes, it was in fact North Korea. We're just pretty sure it was North Korea, but we're not totally confident. So So take that counterpoint. Give me the response to that, Mané. I mean, I think we should be open to taking it in the other direction. Did this just de-risk the hyperliquid escrow for all of their USDC? Maybe it's even better than we think that they did this recovery because it is setting the precedent that they're going to bail out all these other things that we'd like. that's actually something that we've we sort of tiptoe into like a little bit of hyperliquid exposure here and there within the sky ecosystem and that's a big risk factor that we're not very comfortable with the um the three of four hyperliquid bridge but maybe it's maybe it's a bit safer now than it was i don't know i i don't really have like a like a strong philosophical take about censorship resistance on l2s like i think if if you really really value that like probably just work on l1 or bitcoin or something like this i think yeah there's an argument that like if you've built your roll-up around still needing a security council and and or like trap doors and upgradable proxy on the withdrawal unlike a lot of the the pure zk roll-ups for instance that are like the minimal zk roll-ups that guarantee that then that's almost like your terms of service with the user right like why do why do companies want to build their own l2 it's because they want to enforce some terms of service terms of service is a form of censorship in a lot of cases and i think that's a feature now i think it's a feature that people didn't realize like a lot of people probably accepted those terms of service like they do many other terms of service and didn't realize that was implied in right like i think like that's more the reckoning but yeah that being said i think like yeah if you're gonna if you really want censorship resistance you got to pay up fee and fees right like i think that's fundamentally that's kind of it i i think that there is a the the l2 dream of it kind of inheriting all these properties from l1 has always been kind of a nonsense claim because fine i have an l1 withdrawal hatch right like i can go take my money and withdraw but like what happens if in the withdrawal time window i get liquidated and then I don't get anything. Or someone sees my withdrawal request and MEVs me on the L2 such that I get sandwiched such that very little money is left. I can't guarantee any of these things anyway. So there's all this other form of loss. Or if the multi-figure wakes up and signs you out of existence before you... Yeah, exactly. I think it's just more the L2 users are too poor to care about this. Fundamentally. In some ways. in some ways. I think that is this dream of accessibility and being cheap. So the L2s are for the poors. That's your takeaway. I'm not saying that. I'm saying they're about accessibility, cheap fees, all of this stuff. You're not getting that for free. You're not getting that for free. You're giving up something for that. That's, I think, the thing, the uncomfortable truth people don't want to accept. Yeah. At least that's how I feel about it. Tom, you want to jump in? Yeah, I mean, I think it's funny how, I think like 10 years ago, it was very taboo for there to be multi-stakes and security councils. And it was always an expectation of the sort of maybe internal force pushing people to eventually move towards on-chain governance or true immutability. And this was kind of this weird adolescent phase, and you can be here for a little bit, but eventually you got to get out of here. And it feels like now we're just full of all these like adult children that have failed the launch and like all the governance systems have this kind of component in it. And like you know people have talked about you know decentralized you know sequencers and all sorts of other ways to you know again have true binding decentralized governance that mirrors maybe what we expect from an L1 And we just like haven really gotten it And the flip side is if you don't get it, then obviously you're going to be expected to do stuff like this. So I don't know. It's like if this was not the outcome that you wanted, then, you know, there are other ways to get about it. But if it's available and you built it, then of course you can be forced to use it at some point. And I think, you know, this kind of threshold isn't awful, but like maybe it's worth kind of questioning, like why are we sort of stuck in this adolescent phase still? So I actually embrace this. I think that this is the right answer, which is that, you know, the idea that the L2s are supposed to be exactly like the L1, I think was always, it's not just a fantasy. It's like, why would you want that? You actually don't want that. The cornerstone of capitalism and of the proliferation of products is that the products can be different from each other and they can offer different properties, right? If you basically got a state that just said, look, we are going to copy and paste all the laws of California, that is actually a failure of the American experiment, right? The whole idea of American experiment are these laboratories of democracy that each state chooses different laws, chooses different regulations, and they compete with each other. And actually people who prefer a certain set of laws go live in California. People for other laws go live in Nevada. People for other ones go live in New York. And in the same way, the L2s are at their best and that they're most valuable when they take some features of Ethereum, but they really have genuinely different properties around governance. And some of those properties are, look, this one will respond to court orders. And maybe you want that. I don't want that. But if you want that, go to that roll-up. But if you want the roll-up that's going to decide, hey, I think this hacker is a piece of shit and we're going to take their money away if we figure out that north korea was messing around in this chain i actually want to be on that chain i like that chain that's a good that's a set of values that i'm excited about so to the extent that you know singapore and dubai and you know all these different countries compete purely almost entirely over governance right these are small cities effectively that become these financial powerhouses because of their rule of law because of the particular choices they make to my point last week about how yeah to my point last week about how crypto is just like becoming a utility company and there's less innovation is the fact that we've gone from values to terms of service right like that's literally what the fuck has happened here and so it's like it's like unfortunate right like in in some ways and that like the real dream values are reflected in that right like if if arbitrum says guess what we are now going to respond to all court orders and we will freeze any addresses that court orders demand from us that is a value wrapped in any terms of like there's a value wrapped in yeah Right. If Arbitrum says we're not doing that, like Tempo will do that. Right. You're on Tempo. If a court demands that Tempo goes and freezes your stablecoin address, they're doing it instantly. Right. They're not they're not they're not going to die on their crosses or go pseudonymous in order to protect you. But Arbitrum Security Council, these are a bunch of crazy security guys on the Internet. Like they're going to do they're going to do what they're going to do. And if it's perceived that, oh, hey, now all of a sudden people realize the governments realize that this is an Achilles heel for Arbitrum. and you can use this to enforce whatever you want onto the arbitrage from state, then governance, which elects the people in Security Council, will vote those people out and vote in some pseudonymous people with cat avatars. And we'll say, you're now the Security Council. You guys go off and make your best guess of who you think North Korea is and kick them out of the chain. So I actually think that this is not an undesirable outcome because there are genuinely spaces where you want different properties, right? You want Fedwire. You also want Visa, you also want Ethereum and you want USCT. And they have different properties as systems that carry value. You don't just want one. It's not like, well, we only want Fedwire and nothing else should exist. And that's the optimal state. That's effectively the same thing as saying, everything should have the exact same properties as Ethereum. And if it doesn't, if it's not like Ethereum, but faster and nothing else, then we failed as a community. I think that's not the right way to think about layer twos. Yeah, I don't disagree. I think the problem is there is no frontier right they're like there is no state where truly this this idealistic version of what they were supposed to be yeah it's a theory there's no l2s like that but i think there was an idea that well we can do this you know in perpetuity and kind of keep extending no no i mean it's your point there's like the zkl2s or the the base roll-ups and there's like all this stuff that genuinely does not have security councils or governance in which case how would you even do this yeah i guess that's fair i mean maybe those have you know kind of died i guess i mean they do still have obviously deposit contracts and like i don't know what the you know time lock or what the upgrade process for for those are like but like ultimately they are still like multi-state controlled um right sure maybe maybe some of them are maybe there's one that isn't but you know to the earlier point you don't know because you don't care because you don't want that right if you if you wanted that you would go and be like hey can i find me an l2 that has these properties and the reality is like people might care a little bit but they don't care that much right mostly what they care about is that I want some good DeFi. I want good fees. I want a good UX. I want the products I want to do. And it's like, look, if Hyperliquid is using Arbitrum, I'll use Arbitrum. I'm fine with that. So on some level, the market is also speaking here. I would suspect, to Manet's point, is that Hyperliquid saw this and they're like, great, we're staying on Arbitrum. We're not moving because we need this. We need a venue that is going to decide if North Korea comes after us, they don't get the money that is actually a property we're looking for in a chain and if that may be a competitive advantage for arbitram for all we know is that they start winning more market share because people are like oh arbitram has this credible commitment to making judicious decisions about freezing uh the consequences of big hacks yeah look look look i better i'm not i i for the record i'm not i i think it made sense i'm just trying to say that there was a sort of there is still a sense in the world that like roll-ups are supposed to be this, the, the spawn of the L one and like a perfectly replicated, according to Vitalik six years ago or recently. No, no, no. It's like there, there is, I don't think, I think that that's, you have this impression that people have changed. I don't think that's not necessarily true. I think there is, there's a lot, there are a lot of people who are still very of this belief that the goal of a roll-up long-term is to be, a replica and i think basically i i posit there's like effectively an impossibility theorem result type thing of like you want the lower fees uh at some amount of time you're just reducing some other property like sensor it's you can't get everything for free and like right now it's like a rube goldberg machine to try to like get everything for free and it's like not it's clearly there's roll-ups base roll-ups anyway okay last thing before we wrap before we wrap. Let's talk about remediation. Every time something like this happens, we get punched in the face of an industry. The question is always, how do we get better? How do we prevent this from happening next time? Mané, let's start with you as a governance guru. What do you think we should do to prevent this situation from happening again? Yeah. There's a lot of stuff that we already know works. So rate limits as a bridge, you should be rate limiting how fast tokens can going in and coming out as a lending market, you should also be rate limiting how much people can put in new collateral. When does a legitimate user need to post $300 million of collateral in one transaction? They don't. They're going to be willing to drip it in over an hour. Are there protocols that already implement some of these things? Spark, the protocol I work for, we already have had basically rate limits on deposits and borrows. I believe there's some others. I think Fluid does this as well. And are those market-wide or are those per address? Per asset. So it's market-wide. I guess theoretically you could do as a dress, but we don't tend to value that a lot because people can just smurf it. But yeah, I think rate limits are super low-hanging fruit. Other than that, you get into tougher choices like, do you actually want to have four or five different liquid restaking tokens? Or do you just want to choose one or two that you feel really comfortable with? We recently parted ways with, and we're continuing to kind of slim down our collateral portfolio because there's a lot of assets that are not bringing unique value. And we're thinking if we just cut these like LRT number three, four, and five, our users will switch to the ones that we still have, which has mainly played out. So after the low-hanging fruit, you know, you have to take tougher choices. But I think there's, after all these hacks, it's worth it to think, what can we gain by subtracting a lot of what we're doing? So the market may kind of self-correct here by just people losing confidence in the liquidity or the borrowing capacity on these longer-tailed things. They dry up in TVL. TVL moves into the bigger assets. And that presumably means that there's more security in those assets. There's more safety. so if everything's in you know etherfi or whatever then okay you know they probably have a better bridge set up they probably have better underwritable caps is that one way in which you think this improves that's part of the thesis and then as so as like a stable coin or a lending protocol like we we look at a something we call like the surface of death which is like the number of individual dependencies that are big enough of exposures to like cause a catastrophic loss where the whole protocol just goes upside down and ends. And in some respects, you can actually be better off putting more of your exposure into a lower number of things. It also means that you have more time to give them proper ongoing due diligence. And you can kind of slim down to a fewer number of teams who potentially you can hold to a higher standard. So I think there's a lot of benefits to taking a more focused approach to collateral selection. So isn't that also true on the other side? So let's say next week, North Korea goes and hacks another liquid restating token and does the exact same thing. But now everybody has rate limits on borrowing. But there's fragmented pools across the layer twos and layer ones. And there's a thing over there and there's a thing over there. And there's Spark and there's Aave and there's Compound and there's this. And so I'm like, I start borrowing at the borrow cap for each protocol. But the protocols don't talk to each other. They don't look at each other's borrow caps. And maybe I can still saturate a pretty big hack over the course of just like the first day's borrow cap. How do you think about something like that? Because the market is fragmented. Yeah, I mean, risk is, you know, I think we need to approach it a little bit more as like a team effort within DeFi. Like everyone's been very siloed about their underwriting and kind of their risk review process and like mapping out the different dependencies. So yeah, I mean, I think we should be considering if there is a lot of open borrow cap for an asset, that means that it's a much bigger target to be hacked. You know, similar to like if there's maybe Spark has only a small amount of exposure to this one asset. So the leverage doesn't look that big, but then Aave and Compound might have huge lending positions against it. So the risk that we're seeing over here in our little silo is not actually capturing the whole market. So I think that's a very fair point that You have to look at everything holistically. And you can't control what the other protocols are doing. But if you see something that's way sort of overweighted or other people are kind of setting it up to be unsafe with their parameters and their integrations, then in some cases, maybe your only way to win the game is not play. All right, Tarun, I'll give you the last word given your Mr. Gauntlet remediation. And what do you think we ought to do differently beyond what Monea said? i mean i think when i probably covered most of it i think the main other things that are kind of important to keep in mind right is a lot of the biggest hacks just since 2019 have come from implicitly this implied peg aspect right of like this thing is pegged or like within some bounded regime of like one like these two things are constantly need to be equivalent like whether it's setting the oracle equal to one exactly whether it's a bridge treating the bridge asset as fungible with the the underlying whether it's when you're looping a lot of the looping security comes from the fact that i'm usually doing these things on very similar assets and i think the really building much stronger probabilistic intuition for these pegged like assets and thinking through the tail scenarios is actually really important because i do think like every time there's a bull market there's this sudden tendency to like be like oh okay it's pegged everything's great one-to-one let's go take 500 times leverage right like for you know i think that's not just true in crypto right i think that's true and outside of crypto as well it's just like crypto has a million pegged assets that are all sort of kind of the same thing that are different facets of the same thing. And to Monoia's point about shrinking that surface, it's like the more you shrink, the more you can trust the peg. This trade-off between how many different replicas versus how much I want to treat this as a pegged asset, and peg can come in, again, in many different forms. It's not just the Oracle saying these two assets are equal. It can be treating two things as like, like I was saying earlier, the L2 assets are junior to the mainnet assets, but the OFT token is treating them one-to-one on the mint and burns. Then it's you know, another implied peg. And I think having really thorough audits of what things are pegged and not pegged and being extremely clear about that. And like then isolating what happens when they de-peg. I think as a community, we all kind of know a little, like one facet here and there of that, but it's like, there's this huge diamond and we only know like six of the facets, but the other thing that blows up is like this other facet that we just didn't, didn't acknowledge was implying a peg. And I think to me, that's the source of almost every hack ends up looking like something like that. And so I think if you squint enough and like that's where I think really, really assessing what you want to allow to be sort of this kind of peg like asset is extremely important. And that that's this collateral selection thing that I think is never going to go away. This is true in TradFi. It's just that in TradFi, you don't have that many pegged assets. It is a small number. So at crypto, inevitably in a permissionless world, someone sees someone with a successful pegged asset, there'll be 10 guys standing outside telling Claude to make them the 11th one, right? Which is kind of what the LRT stuff was, right? That's the beauty of crypto. All right, Manet, where can people find you? At Twitter. Twitter X. Beautiful. Nice. Okay. Well, thank you for your service. And we'll be looking forward to the resolution of all this. Hopefully everybody makes it out okay with no more than 30 bips by next week. But until then, thanks, everybody. Thanks.