The $292M KelpDAO Exploit: A Step-by-Step Autopsy
A Shoal Signal conversation with Harry Donnelly, hosted by Gabe Tramble.
Transcript
Gabe (00:00) Nearly $300 million was lost in the KelpDAL hack with losses extending throughout the crypto ecosystem due to collateralization, leverage, and composability throughout the network. I'm here today with Harry from Circuit, former MIT financial engineering And we're going to go through the specifics and the cadence of what happened in the hack. and uncover a forensic deep dive of what's to come next. So Harry. Let's hop right into the hack and yeah, from your angle, you did a deep analysis assessment and posted online a retrospective. Could you take us through KelpDow, Layer 0 and all the specifics of what happened during the hack?
Harry Donnelly (Circuit) (00:40) Cool. So first things first, as Gabe was saying, $292 million lost, but not just that, a massive downstream impact on everything in DeFi, almost. We're still waiting to see everything resolve. So it's Monday. This happened on Saturday. It's not fully ironed out yet. But what we do know from the postmortem that got released today is how the root exploit happened. So Layer 0 released their statements. I've gone deeper into it and researched all around it. And hopefully today, you'll have a better understanding afterwards of what actually happened. So with that, we'll dive in. ⁓ So the way I broke it down the paper is to understand the hack you're gonna need to understand a little bit of context around both kelp and layer zero because what is kelp-dow? What is orraseath? There's a lot of acronyms, there's a lot of word salad. So pretty simply orraseath is... Staked ETH routed through Eigen layer. So you get double staked ETH. And in order to do that on different L2s, you have to stake, not just stake, you have to give funds to KelpDAO and then they will put it in different chains for you. And so while funds are on those layer 2s, they are not actually your real funds. Your real funds are kept on Ethereum main net and they're kept in a custody contract. And so the custody contract is where your real funds are. Think of the funds in the L2 as a receipt of that, almost like a deposit box. You put the funds in the deposit box, they give you a receipt. You can use that receipt and if you want to bring it back to Mainnet, then you get the funds out of the deposit box. So that's what was actually hacked. The deposit box was where all the funds were taken from. And how did they get access to that? Well, that's where Layer 0 comes in. So Layer 0 is a messaging chain. Think of it like people talk about like Swift for blockchain, but what it does is send messages back and forth between different chains so that they can talk to each other because normally blockchains don't talk to each other and when we talk about different L2s and being able to bridge funds back and forth they need to be able to talk to each other to coordinate on what's real and what's not. The problem is, in this case, layer 0 was part of the reason that it was exploited. And people were able to show something that wasn't actually real as being real, which allowed funds to be released. One of the key parts of layer zero security is something called a verifier. So what they do is they watch the different events and say that, yes, this happened on this chain, so you can do things on this other chain. So think of it like it's passing messages back and forth.
Gabe (02:45) Mm-hmm.
Harry Donnelly (Circuit) (03:00) And the big issue that happened and the consternation that everyone's talking about is that decentralized validator network is not really the case when it's a one of one. And it ended up being that layer zero's default setting is one of one. You basically need one person to verify it. So it's not really decentralized and neither is it a network, it's just a validator.
Gabe (03:19) this is the out of the box setup. Basically, if you, if you, you know, enroll with them, then you have this one of one DVN validator.
Harry Donnelly (Circuit) (03:27) And so they make it really easy for you out of the box to just get going. Here's a one-on-one setup, which is fine if you're wanting to do some testing and wanting to get things off the ground. The issue being with Kelp that there was more than a billion dollars of funds, which was then resting on this. And so you can see why one of one is fine as a basic setting, but the blame lies not just on the setting itself, but that people who didn't change it. So there's both the operational risk of you shouldn't have everything resting on a one of one verifier, but also what a lot of people are pointing fingers at as well as on layer zero is that they shouldn't even have that as an option.
Gabe (04:04) Mm-hmm.
Harry Donnelly (Circuit) (04:04) that if they're in rolling chains that they know won't really look at the settings and don't have the technical expertise and knowledge that they should just enforce the security for them. And so there's fingers pointed both ways at the moment.
Gabe (04:16) So right now, so kelp gets hacked. They're using layer zeros, one of one setup. And the kind of the presumptive explanation is like, okay, should they have had that one of one, but then also it's not secure ⁓ in the first place. So is that a good architecture of what's happening so far?
Harry Donnelly (Circuit) (04:34) So think of it that what actually got exploited was layer zero. And the reason that Kelp got targeted is because they had a one of one. And so think of it almost like kelp was the largest honeypot that they could go after, but layer zero was where the point that fun, not with the point, the point where the attackers got into. And so that goes into like the actual mechanics behind the attacks. Maybe I'll explain that and then we can bring it back out and help you understand a bit more on like why deviants matter. The root root cause, and I have a graph which is just like there's all these layers of dependencies of ⁓ who relies on And, The kelp custody contract basically relies on layer zero to verify messages back and forth. So layer zero will come and say, hey, someone's trying to send 50 ETH from this chain to this chain. the DVN, which is the verifier, will look at it and say, OK, yes, there is 50 ETH on this chain to be able to send to this other chain. I verify and attest to it. Comes together, layer zero says that's good, and it gets sent off. The issue is that for these DVNs, what they do is that they have to look at the blockchain to be able to understand what's actually happening. To do that, they use something called RPC nodes. And for the RPC nodes to see what's happening, it needs to make a query. What happened on the root root cause was that the RPC nodes that layer zero was running, two of them got compromised. And North Korea was able to infiltrate two RPC nodes and put in malicious code. And this malicious code was very, very smart. It wasn't just malicious code that anyone could see. It was malicious code that would only activate when the DVN was the one requesting from it. So if anyone else is trying to think of it like make a request of it, it would give the right information. But if that specific DVN was making the request, it would give false information. So think of it like I'm trying to scam you. I have a certain message that I will only tell to you about my intention. But to everyone else, I'll say something else. And so everyone else thinks that very trustworthy, everything is fine. But then when I say it to you, I'm not actually telling you the right thing. almost in a way how to think about it is that it was lying specifically to the DVN for the sole purpose of allowing a message to get signed that wasn't the right message.
Gabe (06:53) And we don't know yet the reason why it got hacked or how it got hacked in the first place, right?
Harry Donnelly (Circuit) (06:58) Yeah, so that's the kind of the big open question that we don't yet know how the RPC nodes got exploited and layer zero didn't release that in their postmortem. So that's something which there is no information about publicly. We may get more information in the future, but that is the root root cause is that that was where the exploit happened. And then everything is downstream of that. So that was kind of like the root as mentioned. So once the RPC node was compromised, what it would do is it would give the wrong information to the DVN. So once the DVN was given the wrong information, it could then send a message in sign for money that wasn't actually there. And so that's what happened in the case for KelpDAO where a message was sent. pretending to be unichained and saying, would like to move 116,500 or as ETH. And here you can verify and attest this. And so that's an. The also very clever thing that happened at the exact same time is that these two RPC nodes were the ones that were compromised. And so Lazarus Group, North Korea, the people behind the hack, they needed to make sure that it was those specific two RPC nodes which were chosen because they have a few different RPC nodes. They weren't sure which ones could be taken. So what they did is that the other RPC nodes, they DDoSed them. So they basically sent them an enormous amount of requests all at once, which overloaded them, which meant they weren't able to process anything, which means that at that exact moment, all of the messages were sent to those two nodes instead. So think of it like I have four different options and whenever a message comes through, I can pick one of those four options. I have logic behind the scenes that says if one of these options or two of these options or three of these options, however many are down, I will always send it to a different one. So what they did is they made sure that the only two available, the only two that weren't down were the two that they'd compromised.
Gabe (08:30) Mm.
Harry Donnelly (Circuit) (08:44) And because they compromised them, they could then give the wrong information, which said, yes, the money on that chain, the Oris Eith, is actually there. it's there, you can sign a message to then release those funds on this other chain and let it out. And so going back to what we were talking about in KelpDow is that all the funds on different layer twos are really just a receipt. All the funds are actually deposited on Mainnet. And so what they were able to do is forge a message to say, hey, release the funds from the custody contract on Mainnet and give it to me. And because it was a fake message, they were able to take out real money, but there wasn't anything backing it. And so that's then the problem is that you have all of these deposit tokens, which are deposits for tokens in a box, think of it like in a bank, but that box doesn't have as much money as it was supposed to. And so when people talk about a haircut, that's the big problem is that there's no longer enough money to give everyone 100 % of their money back. And so people are trying to figure out at the moment what to do about it. that then leads to the second part, is, once that exploit happened, they needed to figure out what to do with the funds.
Gabe (09:48) Okay, got it. So essentially KelpDow's DVN was kind of like the low hanging fruit and once they identified that, they compromised the two RPCs out of four and then forced the traffic into the two compromised RPCs and then were able to basically like double spend and collect real dollars for like these receipts that they essentially generated.
Harry Donnelly (Circuit) (10:12) Think of it like that. I'm not exactly sure how many other RPCs there were. So four I don't think is the correct number, but basically everything else is correct. And so once they had done that, they had real funds, which they'd been able to take out. All the funds in the L2 were no longer fully backed, and then they had to decide what to do with it.
Gabe (10:29) All right, so we covered KelpDAL, we covered Layer 0, the DVNs, the RPCs, and basically the mechanism in which they were able to compromise a system and exploit the protocol. How does this affect Aave and why is this such a big deal and what are the downstream impacts to the rest of these different protocols,
Harry Donnelly (Circuit) (10:50) Yeah. So think of it from the attacker's perspective is that they've now successfully been able to take out funds that weren't really there. It was for a token or as ETH, which doesn't have a lot of liquidity. So they had taken out a lot of the supply. If they tried to sell it all at once, they wouldn't get all the funds out. So they would have stolen, imagine it, $300 million, but maybe only gotten 50 to 80 million actually out of it, which wouldn't have been great. They put an enormous amount of time and effort into actually doing the compromising and the exploit. They need to try and get as much money as possible out. So what they did is that they went and used those funds and put them as collateral in AVE. And so think of it like they put them down as collateral and they took a loan out against it. And the unfortunate timing is that Aorus ETH had just been recently upgraded within Aave to not require as much. Think of it like you could take out a much bigger loan than previously you would have been able to. So was like 93%. So 93 % of the value of the collateral you deposit, you were able to take out in a different token. So what they took out is wrapped ETH. So that's really liquid. could kind of do whatever they wanted with that. There is a very liquid market. And once they had that in hand, they weren't constrained anymore. The issue then being is that they put all this ORS ETH as collateral and we know that that collateral is not worth as much as it's supposed to be because what they did is that they minted a bunch of it out of thin air and so that's been the big problem for AVE right now is that that collateral is going to cause bad debt. And because Kelpdow hasn't decided what they're going to do, or they haven't at least publicly announced what they're going to do, the liquidators on AVE, the people who will, if the bad debt is there, liquidate the funds, aren't entirely certain how to liquidate. So if I take a step back. How does Aave work? Aave is a lending and borrowing market. So you put funds in and you can take funds out. And the reason that you can trust that you can take out a loan against it is that you're putting more funds in than you're taking out. To protect against the value of the money you're putting in, going below the value of the money you've taken out, they monitor it. So they use oracles to check the price. And if the price of the value of the token you've put in goes too low, they liquidate it. So once they liquidate it, they sell it, and they then basically cancel the loan out. The issue now is that because the collateral that's been put in, we're not entirely sure what the right price should be, liquidators aren't liquidating it. Because they might try to liquidate it, but actually lose money in the process of doing so. So they're just stuck. Everyone who's been able to withdraw has withdrawn. So all the markets that are at 100 % utilization. So there's no way to basically take money out at all. Until the situation gets further resolved and we figure out what's going to happen with the ORC, those markets are going to stay exactly as they are. Once it gets resolved, AVE has just put out a plan, this kind of... two scenarios that could accrue. First one is that the losses are socialized equally. So every ORS ETH holder gets an equal amount of loss and that'll cause a certain situation and a certain impact on AVE pools. The other one is that... all of the main net ETH, RS ETH holders, they get 100 % of their funds and all the people on the L2s who hold RS ETH, they get a much bigger haircut and that'll cause a different impact to AVE. And so based on those two different situations, there's a different amount of bad death and we'll be able to see what the outcome is going to be. Aave has paused the markets in the meantime to try and figure out and understand what's happening. And until everyone comes together, decides on what the outcome should be, decides, are people going to put money behind it? Are people going to repay the bad debt? We're still waiting in limbo. And so that's the situation we're at at the moment.
Gabe (14:18) And for you, how do you look at the socialization of the losses? Do you think that people who are on these different chains should bear the full weight? Do you think that if you're on the L1, maybe you're doing that on purpose because there's risk, right? There's like L2 risk and even additional smart contract risk on L2. So, yeah, how are you looking at it personally? And if you're in this situation, how would you want to see the losses socialized.
Harry Donnelly (Circuit) (14:45) Yeah, there's two sides to it. So the first side is saying everyone who put funds in an L2 should be aware that there's much higher risk associated with it and they're to blame themselves. And as a result, they should take a much bigger haircut because the people who kept their funds on Mainnet ETH were being safe and being secure. And so they shouldn't have to be bothered by it. The other side of it is saying, most users have no idea about the underlying technical risks of what's happening, which I'd say is probably true most of the time. And from what I understand from reading in the AVE forums, everyone has the same right to the underlying token, regardless of what chain you're on. And so think of it like an investment asset. that? The difference chains doesn't actually matter. It's the asset itself that matters. And so if there is going to be a haircut, it should impact all asset holders equally, regardless of underlying technical infrastructure. And right now, they're trying to figure out which way it's going to go. I don't have a proper opinion either way, I think. think if people were truly security conscious, they probably would keep things on layer one, on Ethereum. And I think there's going to be a lot of unhappy people on Ethereum who, if the losses are socialized to them, will complain. But equally, the socialization of losses is going to be much, much greater if everyone at L2 is cut. I think off the top of my head, it'll be about a 15 % haircut to everybody if Mainnet ETH is also taken into account. But if it isn't taken into account, I think it's like a 75 % haircut. So people lose 75 % of the value of their funds. Not exactly. That's off the top of my head, what I can remember. So that choice is going to be a very, very big one because it ultimately impacts tens of millions, hundreds of millions of dollars and also these other downstream markets as well.
Gabe (16:27) Yeah, and it also sets the precedent too, where if you're operating with a protocol on mainnet, then you basically assume the risks across the other chains, which this will kind of be a big deal to set into motion if they socialize the losses across the L1.
Harry Donnelly (Circuit) (16:42) Yeah, I guess I can't think of another example of that. it'll be a precedent. It's a pretty unprecedented situation because AVE has been regarded as the gold standard. It's been regarded that nothing could happen. Smart layer zero bridges were regarded as pretty safe. Normals amounts of volume were going through them. staked ETH was regarded as an incredibly safe asset and all of those assumptions are all falling apart at once because of something that happened downstream. So it shows you the nature of DeFi where the composable Lego bricks of money that you can put together to construct all these really, really cool things also has these really terrible downstream cascade impacts where if something specific and small goes wrong, it can impact everything else. And really it is this where we have two RPC nodes were injected with a bit of code. And now we're talking about a situation where hundreds of millions of dollars have been lost and we're discussing socialization across probably thousands of token holders. and lots of people's lives are going to be affected. And not just that, but I think AVE has had its TVL withdrawn by like $8 billion or so. So there's been a lot of funds being withdrawn from DeFi. It's had a massive, massive impact across everywhere and all because of two different RPC nodes which have been compromised. So it shows, if you're familiar with like the XKCD comic of, there's like a leaning tower of bricks all the way and there's like one tiny one at the bottom. It was kind of like that. That one got knocked. and everything's kind of collapsing in various states at the moment.
Gabe (18:04) Yeah, and this is like very kind of on point with. crypto and DeFi in general, like with the Terra exploit, we have this composability that builds up and builds up and then if something happens we have these detrimental outcomes. Hopefully these things can be resolved over time and I can see online there's depression in the sense of why does this continuously keep happening and even it's interesting that this arguably could be a central And on that point, I'm curious for you, how do you see kind of the responsibility stacking? Where do you think layer zero is at fault here because they have a maybe quote unquote a weak, guard rails against the configuration? Or do you think it's more of a KelpDow issue where they took the configuration and, did not apply it according to the TVL, you know, over a billion dollars of assets.
Harry Donnelly (Circuit) (19:03) Yeah, I don't think anyone's faultless here. So layer zero was the one that was, their RPCs were compromised ultimately. Like Lazarus Group was able to get into their RPCs and exploit it and basically sent messages for things that didn't exist. So that was massive issue and ultimately caused everything downstream. Kelptoe. should have not had just a one of one DVN and shouldn't have just relied on a single party for it. And so that was negligence on their part if they're going to be managing and in charge of billions of dollars of other funds. Both of them are now kind of pointing fingers at the other, seems. So there are zeroes saying, hey, we expressly told everyone that you shouldn't use a one of one. It's noted in the docs. If you did it, that's on you. And then Kelpdow is saying, well, like, look, was your RPC nodes that were compromised. And a one of one is fine if the verifier is doing the thing that it's supposed to do. Both of them are to some extent a bit at fault. think Aave, you can also point towards, recently, just enabled ORS ETH as a market, had just enabled the 93 % utilization rate, or sorry, 93 % LTV to allow a lot more funds to be withdrawn. So it's kind of a perfect storm of multiple factors coming together with all of these different dependencies. And now it's at a massive downstream impact as a result.
Gabe (20:20) Yeah, yeah, I 100 % agree. This is very, very complex exploit, right? And it kind of relies on multiple stages of weakness, even like getting the funds, in a place where like Lazarus Group can spend them and not freeze the assets on chain, right? So for them specifically, yeah, could you speak a little bit more about... like the pattern in which they, after they perform these exploits, secure the funds. think Aave was an interesting case where they took the loan and left the bad debt. But historically, like what happens from here? Like what do they typically do with the funds? And is it common to basically put these loans up?
Harry Donnelly (Circuit) (21:02) Yeah, the loans not common. And the reason that they did it in this case is because the collateral they were able to deposit, they knew wouldn't be worth what it's supposed to be. And so they took out better assets. Think of it like they put in a bad asset and got out a good asset. And so the good asset is worth a lot more than the bad asset. And that's why they did it, which means that they're happy if the bad asset gets liquidated, if it disappears, they don't really care because they now have funds which they can use and disperse elsewhere. Generally, the pattern of what they do is that super sophisticated, like in the wake of the Bybit hack, what they start doing is they start sending funds across hundreds or thousands of different wallets to try and stop people tracking the trail of it. They put it through mixers, things like tornado cash, again, trying to obfuscate the trail further. They can do a bunch of different things with it. Like sometimes they've gone to like pump.fun. In other cases, they've tried to do trading. think people have been able to see that their trading hasn't been so good. They send it to decentralized exchanges to it out. Eventually what they end up doing is getting it out in lots of different directions and a lot of the time what it does it goes to sanctioned countries and they'll try and off ramp it there. So there's a lot of Chinese OTC desks and money launderers who will allow them to off ramp the funds and then they then use it and bring it back to North Korea where it's then actually used to fund the nuclear missile program. So we do have our world where Magic Internet Money is being used to fund North Korea's missiles and it's just a kind of like very long convoluted train to get there.
Gabe (22:26) Yeah, yeah, yeah, that's, it's a tough hit on the ecosystem, right? Cause I'm sure no one foresees the like these cascading events kind of leading to geopolitical issues. And it definitely is this downstream impact of managing customers' funds and this type of environment, right? Where we can't just like turn off the lights
Harry Donnelly (Circuit) (22:45) can't do that. I think it's like, you know, ultimately dealing with billions of dollars here. And generally what people look towards is traditional finance and there's an enormous amount of checks and balances and layers of independent control. And we just don't have that a lot of the time in crypto. And this is a very clear case of it where hundreds of millions of dollars is gone because there was just no independent checks. And that is kind of inexcusable in a way as an industry that we need to be able to fix this better because if we do think this is going to be the future of finance, these things need to be solved. And this isn't going to be the last hack. Like it's not even the last time the first hack this month, like Drift protocol happened earlier in the month and was also. And so they're exploiting all of these things incredibly intelligently. Like these are really, really, really sophisticated attacks which require them to know. incredibly well all the niche details of DeFi and crypto and how these things fit together. Like this is an incredible example where they were able to take advantage of a bridge and a staked ETH protocol and a lending protocol and mix them all together to get out several hundred million dollars on the other side. You don't do that by accident. So we have a nation state adversary who wants to take all of the money. If any of it's exposed, you can expect that if it gathers in large enough quantities, if there's a weakness, eventually it's going to be exploited. And so it to be solved. People need to put the right controls in place. People need to manage the risk properly. Eventually there needs to be insurance around it. And then that's when actual traditional capital will be able to enter en masse and people will be able to be more confident in the space.
Gabe (24:24) So we covered the hack, the method, the fund recovery and the conundrum there of how the funds will be distributed or socialized across the different users. What else is next after this? ⁓ What are the next things that we're waiting on and who's basically up next to say something?
Harry Donnelly (Circuit) (24:46) So Aave has just released, I think about an hour or two ago, they released something in the governance forum about how they're thinking about it. I think KelpDow just released a statement which was blaming Layer Zero, but not actually talking about the next steps. what everyone is hoping for is that all of the different parties can come together in some way and figure out a plan, which is able to be a good one because Aave does have a large treasury, KelpDow does have other user funds. There is an insurance fund called the Umbrella Fund. and what is available. So people want to ideally have a way to make most people whole, if not all people whole. Whether that happens or not would require people to stop pointing fingers at each other and basically trying to blame each other, which it seems is the case now. But if they're able to do that and come together and successfully coordinate, then that's the ideal next step of what we find out. If not, what's going to happen is we're going to get a statement from Kelp at some point and how they're planning on distributing the funds or ⁓ performing the haircut. That'll then impact AVE and will impact how the different markets settle. And then eventually everything will clear and the bad debt will happen. People will lose some funds and then things will continue. Obviously. Things won't be the same as previously. The total trust that people would have had in AVE, I'm sure will be decreased as a result. And people will be much more wary of the space because there's a lot of different hacks happening all the time. So it's net negative, ultimately. It's positive in the sense that we now have a better awareness of what happened, but it's net negative ultimately for the space.
Gabe (26:11) I'm curious for you, do you think there's like a... a unfillable incentive where the Lazarus Group is sitting because essentially they have huge monetary benefit, right, to exploit these unique paths, like highly complex paths. But for like a white hat, right, or someone to be like an adversary, you know, for DeFi and the ecosystem, there's almost not the same incentive to deploy maybe the scale of resources. What do you think is kind of like the way to combat this where Like these exploits kind of fall into almost like a valley, right? Where no one is really looking or kind of has the incentive to harden. Yeah, how are you looking about that? I is there like an opportunity for some type of consortium or, yeah, curious how you kind of look through this.
Harry Donnelly (Circuit) (27:00) Yeah. So I'm not a bridge expert, but I'm pretty sure there's been people kind of like for a while pointing at the one of one verification and saying that it's eventually going to end in tears. you know, those people have been validated to that extent, obviously don't know the history there. A lot of the stuff, you know, exploit of or PC nodes aside. Most things you can drill into and you can say, okay, if this goes wrong, what happens? If this goes wrong, what happens? If this goes wrong, what happens? And do that very granularly for every step along the chain. And so with the RPC nodes, for example, it's a case of, okay, if someone sends the wrong information to the verifiers, how can we make sure that that is protected? It's don't just have one verifier, have multiple points checking it independently to ideally prevent that from happening. And so at every single point along the What you ideally have is not just a single point of failure, because the thing that's going to be exported every single time is a single point of failure, which in this case is what happened. So what we need is multiple checks and balances. We need the ability to have independent controls at every step. We need the ability for people to have better security measures, protecting things like the keys and things like the verifiers. Everything should be distributed. We need to have monitoring. People need to be able to see what's happening in real time. They need to be able to detect these risks ideally. We need to have automated response, which is basically what we're doing at Circuit because between the point when Kelp was able to take an action and the attack actually happened, it was 48 minutes. Circuit wouldn't have been applied in this situation, but it's representative of that. Humans can't react quickly enough to these attacks because they're happening at machine speed. So you need to be able to automate the response because you can map out in gameplay what are the different scenarios that can cause an attacker and alert B and then take an action based on those. And then you need to be able to ideally just recover if things go bad. So if shit hits the fan, if the different infrastructure that using goes down, how can we get our funds back? So those are kind of like different nested layers you can put together. And at every point along the way that you're looking at where things could go wrong, ideally you can have as many of those together as possible to stop it from happening. What ideally would then happen is that if you're able to say, the proper security controls are in place, we're very confident we spend the right money on the right tools and the right people to make sure that these are there, then you can have insurance on top. And that's what ultimately gives people much more reassurance is that even if things go wrong, you'll get your funds back. The issue being is that insurers look at hacks like that and say, wow, that's a bit crazy. How could I insure that? Which they'd be quite right, because they'd be insuring something six layers deep, which they don't have the technical expertise to go and find. So it's a mixture of people in the space who do have the technical expertise really being handed about it and being pretty clear with folks that you can't just let it fit there. You need to actually spend money on it. The space maturing enough for people to say, OK, we can't just move fast and break things. We need to actually make sure that the breaking things doesn't lose us hundreds of millions of dollars. And when that happens, it allows the proper controls to be there to allow actual capital to then stand behind it, which then allows people to get much more confidence in actually doing things at scale. So that's the way I view it.
Gabe (30:06) ⁓ yeah, Harry, you explain to us what your customers are saying and how you see this sort of thing at your
Harry Donnelly (Circuit) (30:15) I think a lot of it is just uncertainty, ultimately, because what you've done with crypto is that you've taken the most complex, difficult parts of both computer science and finance and then mingle them together in such a way that almost no one can understand either, which leaves you with a lot of unknown unknowns. And I think that's scary for people. Not I think, it is scary for people. that ultimately, if you're unsure of are the different risks and the different attack vectors that can happen, and new things can pop up all the time, such as this. sure, I'm not just sure, I know that the different curators, for example, in the different vaults, our chaos labs, I think, who's a risk manager, these things weren't flagged as a big of risk as ultimately they ended up being. And so when you have financial risk managers who are also in charge of technical risk, sometimes things can be missed or sometimes things can't be seen as clearly. And so... Ultimately, you need people who do understand both sides. You need people to understand the financial side. You need people to understand the technical side. And you need to have tools that solve for both things. And that's part of what we're doing at Circuit is that we've built a incredible team of people who understand both the kind of deep engineering side of it, but also the financial engineering and how these things get impacted downstream. And what we've built is think of it like automated controls or automated asset extraction that allows you to sweep funds to safety before humans have the chance to react. One of the biggest patterns that we saw across these attacks is that they happen so quickly people can't respond in time. So Kelp is an example of what happened in 48 minutes. We wouldn't have been able to help in this case but it's representative of people are not able to move at machine speed and the attacks that we're seeing are just getting quicker and quicker and quicker. And so if you just stand a chance of getting funds out, even for example, with Aave, if you had wanted to get funds out before everything froze, it happened really, really quickly. And this is where we could have come in and allowed you to sweep those funds and withdraw those funds automatically before they got trapped. And so that's what Circuit's doing. And we're working with some of the best folks in the space, particularly on the insurance side, to help. make it possible to de-risk the space and ultimately make it insurable and then make it possible to move real institutional capital on chain and then have the future of finance actually be defi.
Gabe (32:26) amazing. Well, Harry, thanks for coming on and take us through the forensics of the hack and hope to have you on soon.
Harry Donnelly (Circuit) (32:32) Sounds good, man. Appreciate you having me.
Gabe (32:34) So