Arbitrum Froze $70M From North Korea? Griff Green on the Decision + Miguel Morel on the Hack
A deep dive into the LayerZero rSTETH exploit, Arbitrum’s unprecedented freeze to recover funds, and a $1M quadratic funding push to coordinate Ethereum security.
Key Takeaways
- Exploit summary: LayerZero-authorized fake rSTETH was minted and used as Aave collateral (≈$270M deposit, $228M withdrawn), triggering ~ $70M bad debt and a liquidity run.
- Detection & attribution: Arkham and Seal911 flagged anomalous nine‑figure rSTETH movements; Thorchain conversions and laundering patterns point to Lazarus-style activity.
- Intervention mechanics: Arbitrum’s Security Council used a Layer‑1 forced‑inclusion workaround to pause and send ~$70M to 0x0DAO, leaving final disposition to an ARB token‑holder vote.
- Governance tradeoffs: Council debated node‑upgrade risks, legal and narrative precedents, and advocated narrow, auditable remedies while calling for clearer future rules.
- Security coordination: Giveth launched a $1,000,000 quadratic funding round (Dallas Security Fund) to vet security projects, onboard experts, and fund shared tooling to lower collective costs.
- Key lessons: improve wallet UX, harden oracles and centralization points, monitor protocol TVL interdependencies, and invest in public‑good security funding to reduce systemic risk.
Original Source
Arbitrum Froze $70M From North Korea? Griff Green on the Decision + Miguel Morel on the Hack
Visit Source