Can DeFi Bounce Back? | Sam MacPherson & monetsupply

**Mike Ippolito** (0:00)
Hey, everyone, quick disclaimer before we get into today's episode. Nothing said on Bell Curve is a recommendation to buy or sell securities or tokens. This podcast is for informational purposes only, and the views expressed by anyone on the show are solely our opinions, not financial advice. Our guests and I may hold positions in the company's funds or projects discussed.
All right, everyone, welcome back to another episode of Bell Curve. Today, I'm joined by Monet Supply and Sam MacPherson of Spark, and Excellence Dao.

**monetsupply** (0:32)
Welcome, welcome to this program.

**Sam MacPherson** (0:34)
Yeah, thanks for having us.

**Mike Ippolito** (0:36)
It's been a week.
It's been a week.
But obviously, we're going to be talking about the honestly, probably talking a lot about the Kelp Dao slash Aave situation that's unfolding in real time. But also wanted to just take this opportunity to kind of set the stage and talk about DeFi as a whole here, because it's been a tough months, a tough at least last 30 days or so. There's been about $500 million in hacks, mostly between the Kelp Dao situation and Drift. So let's focus on the Kelp, like what actually happened here? Because it seems like the sophistication of these attacks are getting much, much better. I don't know if it feels that way to you guys, but can we just start with like an overview of what actually happened here? Who were the actors? There's kind of a Kelp Dao part of this. There's also a Layer Zero. There's a DVN, potentially an operator error, potentially. Also, guys, I don't know anything. No one from any of these places yell at me. But what actually happened here?

**Sam MacPherson** (1:36)
Yeah.
So you're absolutely right, Mike, that North Korea is really upping its game. The like sophistication of these attacks is getting quite alarming.
Starting with the Drifthack and now this RSEETH one, as the postmortems have come out, we've learned how deep these penetrations are into these organizations. So yeah, just a quick overview of what happened with the RSEETH exploit. So what happened is that there is a bridging mechanism for RSEETH to go to other chains. This is called a lock-and-mint bridge. So basically, the RSEETH is natively issued on Ethereum. And so if you want to go to another chain like Arbitrum, you would then lock the RSEETH in the layer bridge on Ethereum, and then it would send a message which would mint the RSEETH. It's like an IOU for the backing that's sitting on Ethereum. So what happened is that there was a forged message from the security mechanism within the layer ecosystem. Again, North Korea was able to penetrate deeply into the infrastructure layer here. And there's a number of issues that could have been improved here.
So they were able to basically forge a message, take all of the backing of the RSEETH on Ethereum, and then they moved it out to various places, but the majority of it went into the Aave core instance, which was then used to borrow ETH in the market, and then they were able to exit into ETH. And the name of the game here for North Korea is they really want these non-rate-limited large pools of money they can get, and then once they have it, they need to exit. And so exiting at size, this is why Aave was a big target here, because of the ability to move over hundreds of millions and able to exit into ETH, which is viewed. ETH on Ethereum is a very decentralized collateral. There's no way to freeze it or anything. And this is why they've chosen to go through this mechanism.

**Mike Ippolito** (3:44)
Okay, so I'm going to follow up here with the obvious and maybe naive question that I feel like everyone's asking, which is, why is there so much money being secured by very small multisigs essentially? And also, how difficult would it be to implement something like rate limits? This has been something that's been discussed for a while. I also know in the theme of, say, on the show a lot that Cosmos was kind of got everything right here. And I know that protocols like Osmosis actually did this.
They, you know, limited the amount that you could bridge out of that protocol many years ago. But maybe it's more complicated because there's composability within at least Ethereum-based DeFi. Like, why have some of these fixes not been implemented here, I guess?

**monetsupply** (4:30)
So I've heard, at least from, like, you know, public posts from different projects who are using various bridge infrastructure, maybe Layer OFTs and such, that they've, you know, people have implemented manual kind of, like, rate limits.