Odysseus

Security is not an issue in TradFi more than it is an issue in most other services because of the long settlement, right?

You can go back, as we said, do a couple of meetings, pay a couple of millions or tens of millions, but you can fix the damage.

In crypto, a hack is a physics event.

It's closer to an aerospace, right?

Because if you have an issue in an airplane, people die.

In crypto, okay, if you have an issue, people don't die.

But it's still very severe, right?

And you have this irreversible damage.

And now we see like systemic even.

Yeah, so we're still getting information.

We still don't know how the attackers were able to actually get access to layer zero systems, but they seem to be able to have pretty deep access into the systems.

And what they did basically was to replace the RPC nodes they have deployed with a malicious RPC node, which showed fake data, right?

And this fake data were piped into the validator network, which was not a network, it was just one node, it was a one-of-one.

And based on this fake data, it said, oh, there is a deposit on Unichain of this amount of restaked ETH, of kelp-dous ETH.

So what I should do is send a message,

to the receiving end on Ethereum through withdrawal now, the ETH, right?

So on the receiving side, it received this message, validated it, and then released all this ETH that were then used in Aave to be able to exchange them for ETH, right?

Yes, exactly.

probably one of the most sophisticated exploits we have seen, I would say.

The level of access they had into Layer 0 systems, because not only they replaced the RPC nodes with a malicious version, but after performing the attack, they also replaced them again with the original binaries.