深度复盘 Kelp DAO 2.92 亿美元连环劫案：DeFi 风险与收益严重错配，加密资管的破局路在何方？

The Sword of Damocles in the DeFi Dark Forest has fallen again just weeks after the beginning-of-the-month $285 million Drift Protocol hack.

Recently, Kelp DAO, a leading project in the Liquid Restaking (LRT) sector, suffered a catastrophic hacker attack, with assets worth as much as $292 million completely looted. This storm not only drained Kelp DAO's treasury but, through the composability of DeFi (DeFi Lego), quickly spread to the lending giant Aave, saddling it with over $200 million in bad debt.

As the dust settles, the project teams have descended into a blame game of "Rashomon." As a team long dedicated to institutional-grade compliant custody of digital assets, Cactus Custody believes that peeling back the technical fog of "RPC Poisoning," this chain of heists poses an extremely serious, soul-searching question to the entire industry: Has the current DeFi landscape of extremely low yields and extremely high risks become severely mismatched? In the future wave of institutional asset management, has outright "decentralization" become a mere fig leaf for security vulnerabilities?

1. Reconstructing the Heist: Underlying Poisoning, Single-Signature Exposure, and the Hacker's Fiesta

According to post-mortem analyses from official sources and security experts, this attack was a meticulously planned "dimensional reduction strike."

1. Attack Vector: RPC Node Poisoning

Based on statements from LayerZero and analyses from experts like Cos(余弦) of SlowMist, the entry point of this attack was not a code vulnerability in the smart contract itself, but rather the underlying RPC nodes being hijacked or compromised. This caused LayerZero to receive and process forged, malicious data during cross-chain message transmission.

2. The Fatal Security Black Hole: The 1/1 Single-Signature Mechanism

However, pure node compromise alone is not enough to instantly drain nearly $300 million. As crypto KOL Richard Heart pointed out, the core links involved actually had a 1/1 (single-signature) permission setting. This means the vault door guarding hundreds of millions of dollars in liquidity was merely secured with a simple padlock. With no timelock and no multi-signature checks and balances, once the underlying data was poisoned, the hacker essentially obtained a "master key," achieving an epic transfer of funds with a single point of breach.

3. Fund Tracing: The Lazarus Group's Money Laundering Network

Trace analysis from well-known on-chain data firms like Chainalysis and Wu Blockchain further confirmed the attacker's identity: suspected to be the North Korean state-backed hacking group, Lazarus Group. Chainalysis data shows the stolen funds were systematically consolidated in a very short time and quickly moved to the Ethereum mainnet via typical North Korean hacker money laundering paths, such as cross-chain bridges and mixers. The involvement of such a state-level APT organization rendered the already fragile DeFi defenses as flimsy as paper.

2. The Domino Effect and "Rashomon": The Systemic Fragility of DeFi Lego

After the incident, a farce about "who is to blame" ensued.

• The Blame Game Between Kelp DAO and LayerZero: Kelp DAO pointed fingers at LayerZero, arguing that vulnerabilities in its cross-chain infrastructure led to the disaster. LayerZero, however, insisted the cross-chain protocol was fine, placing the blame on the project's blind trust in the data from the RPC nodes.
• The Innocent Victim Aave: The most dramatic and thought-provoking part was Aave's predicament. Because Kelp DAO's assets (like rsETH) were widely used as collateral on Aave, the hack of Kelp DAO instantly rendered this collateral worthless. As many industry observers noted, "Aave really shouldn't be blamed for this." Aave's defenses were dismantled externally by an ecosystem partner. Although Aave will use its Umbrella protection fund to cover the losses, this fully exposed the "contagion crisis" inherent in DeFi Lego.

This also echoes the warning from Chainlink community member Zach Rynes: The Restaking sector is piling excessive leverage onto Ethereum, and if the foundation collapses, the systemic destructive power would be immeasurable.

3. A Soul-Searching Question: Are DeFi Yields and Risks Severely Mismatched?

Amidst this turmoil, Yishi from OneKey raised a pertinent point: the market will soon reprice risk.

For a long time, retail and institutional participants in DeFi have been chasing single-digit APYs or illusory "Points," while silently bearing the 100% risk of total principal loss. This severe mismatch between risk and reward was masked by the bull market frenzy but has been laid bare by the hacker's blade.

The deeper reason is that DeFi protocols, competing for Total Value Locked (TVL), commonly adopt a "low-fee" model. The meager protocol revenue simply cannot support the high security investment needed to defend against state-sponsored hackers. Project teams managing hundreds of millions of dollars in assets with a minimal, "makeshift" architecture essentially operate on an unsustainable model of "privatizing profits and socializing risks."

4. The Future of Institutional Asset Management: Compliant Custody is Imperative

When smart contracts and decentralized governance cannot protect our principal, the industry must face a pragmatic question: For the massive institutional capital of the future, do we need to re-embrace independent, professional centralized compliant custody?

In the Web3 context, proposing "centralized custody" might seem politically incorrect. But the tragedies of Drift Protocol and Kelp DAO tell us that conflating business logic (smart contracts) with fund safekeeping (private key control) is extremely dangerous.

For DeFi project teams managing vast sums, public chain foundations, and institutional investors, introducing compliant custody (Qualified Custody) like Cactus Custody is not a step backward but a necessary evolution of financial infrastructure toward maturity:

Eliminate Single Points of Failure, Achieve Separation of Powers and Responsibilities

Protocol developers should focus on business logic innovation, while entrusting the safekeeping of treasuries and core assets to independent, compliant custodians. Custody service providers typically have robust enterprise-grade risk control frameworks and approval workflows, thoroughly eliminating absurd "single-signature exposure" scenarios like the 1/1 setup.

Intent-Based Risk Control Independent of On-Chain Logic

Hackers can deceive RPC nodes and exploit code vulnerabilities, but they cannot bypass an independent risk control engine of a compliant custodian. When the system detects an abnormal transfer instruction involving $292 million, the custodian's risk control policy will perform a strong interception based on transaction intent, mandating customer confirmation, compliance review, and multi-channel verification to guard funds at the last line of defense.

Bankruptcy Remoteness and Trust-Level Protection

As a licensed compliant custodian, Cactus Custody is subject to strict regulatory oversight. Client assets are completely segregated from the company's operational assets, both physically and legally (bankruptcy remoteness). This level of financial-grade trust protection provides a foundation of trust that no decentralized code can offer.

Conclusion

The $292 million lost by Kelp DAO not only bought a painful lesson but also burst the bubble of false prosperity in the restaking sector. As large institutional capital accelerates its entry, DeFi must bid farewell to its "workshop-style" asset management model.

Security and risk control require substantial investment and professional systems. In the future, DeFi protocols that cannot integrate compliant custody or provide institutional-grade asset protection will inevitably be abandoned by mainstream capital. Choosing a compliant custody solution is not only responsible for assets but is also the cornerstone for a protocol's long-term survival in the dark forest.