加密老和尚
1.1K posts
This response was hidden in the twitter thread so QRT'ing here
Bryan Pellegrino (臭企鹅)@PrimordialAA
A ton of this is just completely untrue. 1) Kelp originally used the defaults which were MultiDVN or DeadDVN and manually migrated to a 1/1 config later 2) Almost 100% of the volume on a 1/1 config was rsETH 3) Not using a 1/1 for production applications is mentioned many times in the documentation. The defaults Kelp is referencing in their screenshot were multiDVN or DeadDVN, which force-rejects an application using the defaults at all and requires them to manually set configuration. rsETH was originally configured to use the default LayerZero configuration of a multiDVN setup of LayerZero Labs + Google: Here are the exact transactions where that happens Ethereum → Arbitrum: etherscan.io/tx/0xd7c864adb… at 2024-02-06 03:09:47 UTC Ethereum → Optimism: etherscan.io/tx/0x7075bfe9a… at 2024-02-06 03:09:59 UTC KelpDAO then manually changed these to 1/1 configs: For the original Feb 6 Ethereum routes to Arbitrum/Optimism, KelpDAO’s Ethereum contract switched from defaults to manual OApp-scoped config on 2024-04-01: Send-side manual config: etherscan.io/tx/0x7485c16c9… 2024-04-01 07:12:11 UTC Receive-side manual config: etherscan.io/tx/0x21e967c99… 2024-04-01 07:12:23 UTC From this point on, Kelp began deploying all of their configurations as 1/1 configs. Here is Kelp’s deployment on Unichain: Unichain → Ethereum was opened on 2025-04-01 18:55:41 UTC. Pathway-open / setPeer tx: uniscan.xyz/tx/0x31ea2b10a… The manual ULN config followed 6 seconds later in uniscan.xyz/tx/0xd8ef5416a…. During this time the Unichain -> Ethereum and Ethereum -> Unichain defaults were set to DeadDVN which is a contract which makes it impossible for any application to transact without manually configuring their DVNs, this was not possible on the defaults of this pathway. Here is the code in the DeadDVN (#code" target="_blank" rel="nofollow noopener">etherscan.io/address/0x747C…
) that specifically prohibits this. (Screenshot 1) This is called out many many times in the docs: 1. Integration Checklist — "Do" list - Last edited: 2025-11-26 (Nazreen) - Content: "Do: … Use more than one DVN for each production pathway instead of relying on a single DVN." - File: v2/tools/integration-checklist.mdx:244 - URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 2. Integration Checklist — "Don't" list - Last edited: 2025-11-26 (Nazreen) - Content: "Don't: … Configure only one DVN for a pathway and treat it as production‑ready." - File: v2/tools/integration-checklist.mdx:251 - URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 3. Integration Checklist — Defaults are not safe - Last edited: 2025-09-25 (Tino Martínez Molina) - Content: "Do not assume defaults are safe for production. Always check explicitly: getSendLibrary, getReceiveLibrary, and getConfig. If these resolve to defaults, confirm whether the defaults are valid for the intended pathway. Unintentional fallbacks to defaults are a common cause of blocked or failing pathways." - File: v2/tools/integration-checklist.mdx:126-128 - URL: #explicitly-set-message-libraries" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 4. Integration Checklist — Default fallback warning - Last edited: 2026-02-26 (migration; same wording predates it) - Content: "Warning: If no configuration is set, the OApp will fallback to the default settings set by LayerZero Labs." - File: v2/tools/integration-checklist.mdx:222-238 - URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ… 5. ONFT Quickstart — Production guidance - Last edited: 2025-02-20 (Radek Sienkiewicz) - Content: "DVN Settings: Use multiple DVNs in production to ensure message verification is robust." - File: v2/developers/evm/onft/quickstart.mdx:700 - URL: #security-considerations" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/… 6. ONFT Quickstart — Strong recommendation to configure - Last edited: 2025-03-10 (Radek Sienkiewicz) - Content: "We strongly recommend reviewing these settings carefully and configuring your security stack according to your needs and preferences." - File: v2/developers/evm/onft/quickstart.mdx:366 - URL: #configure-the-onft" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/… 7. Starknet FAQ — "Should I use multiple DVNs?" - Last edited: 2026-01-21 (Nazreen) - Content: ▎ Should I use multiple DVNs? ▎ Recommended for production. Multiple DVNs provide: ▎ - Increased security (multiple independent verifiers) ▎ - Resilience (no single point of failure) ▎ - Trust minimization - File: v2/developers/starknet/troubleshooting/faq.mdx:290-296 - URL: #should-i-use-multiple-dvns" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/… Here are the exact recommendations we gave KelpDAO when asked about DVNs (typically 2/3) (Screenshot 2) Other LayerZero applications speaking on exactly what is advised by the team x.com/mitchellftracy… x.com/jasperflux/sta… For how much volume was actually configured on 1/1 here is the exact data. (Screenshot 3) We will publish a complete post-mortem as soon as the external security firms have completed it. English
A ton of this is just completely untrue.
1) Kelp originally used the defaults which were MultiDVN or DeadDVN and manually migrated to a 1/1 config later
2) Almost 100% of the volume on a 1/1 config was rsETH
3) Not using a 1/1 for production applications is mentioned many times in the documentation.
The defaults Kelp is referencing in their screenshot were multiDVN or DeadDVN, which force-rejects an application using the defaults at all and requires them to manually set configuration.
rsETH was originally configured to use the default LayerZero configuration of a multiDVN setup of LayerZero Labs + Google:
Here are the exact transactions where that happens
Ethereum → Arbitrum:
etherscan.io/tx/0xd7c864adb…
at 2024-02-06 03:09:47 UTC
Ethereum → Optimism:
etherscan.io/tx/0x7075bfe9a…
at 2024-02-06 03:09:59 UTC
KelpDAO then manually changed these to 1/1 configs:
For the original Feb 6 Ethereum routes to Arbitrum/Optimism, KelpDAO’s Ethereum contract switched from defaults to manual OApp-scoped config on 2024-04-01:
Send-side manual config:
etherscan.io/tx/0x7485c16c9…
2024-04-01 07:12:11 UTC
Receive-side manual config:
etherscan.io/tx/0x21e967c99…
2024-04-01 07:12:23 UTC
From this point on, Kelp began deploying all of their configurations as 1/1 configs. Here is Kelp’s deployment on Unichain:
Unichain → Ethereum was opened on 2025-04-01 18:55:41 UTC.
Pathway-open / setPeer tx:
uniscan.xyz/tx/0x31ea2b10a…
The manual ULN config followed 6 seconds later in uniscan.xyz/tx/0xd8ef5416a….
During this time the Unichain -> Ethereum and Ethereum -> Unichain defaults were set to DeadDVN which is a contract which makes it impossible for any application to transact without manually configuring their DVNs, this was not possible on the defaults of this pathway.
Here is the code in the DeadDVN (#code" target="_blank" rel="nofollow noopener">etherscan.io/address/0x747C…) that specifically prohibits this.
(Screenshot 1)
This is called out many many times in the docs:
1. Integration Checklist — "Do" list
- Last edited: 2025-11-26 (Nazreen)
- Content: "Do: … Use more than one DVN for each production pathway instead of relying on a single DVN."
- File: v2/tools/integration-checklist.mdx:244
- URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ…
2. Integration Checklist — "Don't" list
- Last edited: 2025-11-26 (Nazreen)
- Content: "Don't: … Configure only one DVN for a pathway and treat it as production‑ready."
- File: v2/tools/integration-checklist.mdx:251
- URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ…
3. Integration Checklist — Defaults are not safe
- Last edited: 2025-09-25 (Tino Martínez Molina)
- Content: "Do not assume defaults are safe for production. Always check explicitly: getSendLibrary, getReceiveLibrary, and getConfig. If these resolve to defaults, confirm whether the defaults are valid for the intended pathway. Unintentional fallbacks to defaults are a common cause of blocked or failing pathways."
- File: v2/tools/integration-checklist.mdx:126-128
- URL: #explicitly-set-message-libraries" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ…
4. Integration Checklist — Default fallback warning
- Last edited: 2026-02-26 (migration; same wording predates it)
- Content: "Warning: If no configuration is set, the OApp will fallback to the default settings set by LayerZero Labs."
- File: v2/tools/integration-checklist.mdx:222-238
- URL: #set-security-and-executor-configurations-on-every-pathway" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/tools/integ…
5. ONFT Quickstart — Production guidance
- Last edited: 2025-02-20 (Radek Sienkiewicz)
- Content: "DVN Settings: Use multiple DVNs in production to ensure message verification is robust."
- File: v2/developers/evm/onft/quickstart.mdx:700
- URL: #security-considerations" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/…
6. ONFT Quickstart — Strong recommendation to configure
- Last edited: 2025-03-10 (Radek Sienkiewicz)
- Content: "We strongly recommend reviewing these settings carefully and configuring your security stack according to your needs and preferences."
- File: v2/developers/evm/onft/quickstart.mdx:366
- URL: #configure-the-onft" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/…
7. Starknet FAQ — "Should I use multiple DVNs?"
- Last edited: 2026-01-21 (Nazreen)
- Content:
▎ Should I use multiple DVNs?
▎ Recommended for production. Multiple DVNs provide:
▎ - Increased security (multiple independent verifiers)
▎ - Resilience (no single point of failure)
▎ - Trust minimization
- File: v2/developers/starknet/troubleshooting/faq.mdx:290-296
- URL: #should-i-use-multiple-dvns" target="_blank" rel="nofollow noopener">docs.layerzero.network/v2/developers/…
Here are the exact recommendations we gave KelpDAO when asked about DVNs (typically 2/3)
(Screenshot 2)
Other LayerZero applications speaking on exactly what is advised by the team
x.com/mitchellftracy…
x.com/jasperflux/sta…
For how much volume was actually configured on 1/1 here is the exact data.
(Screenshot 3)
We will publish a complete post-mortem as soon as the external security firms have completed it.
English
【客户端版本更新说明】
很抱歉,临时上线的退款功能此前没有固定入口,只能通过消息中心进入,给您带来了不便。
此前我们说明过,会在 5 月 5 日的新版本中增加固定入口来解决这个问题。目前,我们已经如期发布新版本,固定入口已在新版本中上线,您可以访问 letsvpn.world 下载安装。
如您受到近期服务变化影响,无论是准备申请退款,还是已经提交过退款申请,都可以更新到新版本后,通过客户端固定入口冻结账户时长、自助提交退款申请,并查看退款处理状态。
我们正在持续处理已经提交的退款申请,同时也在持续优化相关流程。
如果遇到无法处理的问题,您仍然可以联系人工客服解决。无论您是否申请退款,我们都会努力做好服务。
中文
很多人还没意识到,@aave 现在的情况有多糟
所有核心市场的利用率都已经打满到 100%,其中包括被卡住的 30 亿 USDT 和 20 亿 USDC
这意味着你根本提不出自己的钱
下面详细说说,事情为什么会变成这样,又是怎么一步步走到这一步的
当 rsETH 被利用,AAVE 出现坏账之后,Justin Sun、MEXC 交易所,还有其他鲸鱼用户,第一时间就从 AAVE 里撤走了数十亿美元
这一下直接抽干了 ETH、USDT、USDC 等核心市场里原本就有限的流动性。先跑的人跑掉了,慢一步的人直接被困住
最开始是 ETH 市场先打到 100% 利用率,也就是你已经没法从 AAVE 提出 ETH
更糟的是,这还意味着一旦 ETH 价格下跌或者闪崩,协议连 ETH 清算都处理不了。ETH 卖不出去,债务就没法靠清算来覆盖
也就是说,只要这些市场继续卡死,AAVE 继续扩大坏账的风险就会越来越高
不过,ETH 存款用户至少还能在 Uniswap 之类的聚合器上,以小幅折价卖掉 aETHwETH 代币。这算是 AAVE 上 ETH 存款人最后一扇还能走的门
但 USDT 和 USDC 的存款人就没这么幸运了,他们是真的被锁死了
因为过去 24 小时里,AAVE 已经流失了超过 60 亿美元的流动性。鲸鱼大额撤资之后,USDT 和 USDC 也双双冲到 100% 利用率
这些市场现在同样陷入卡死,资金被锁在里面。恐慌正在扩散,人在绝境时,往往会开始用极端手段自救
有些用户选择拿被锁住的 USDT 或 USDC 去抵押借款,再从其他市场撤出去,即便要承受 10% 到 25% 的损失也认了,对应大概是 90% 到 75% 的 LTV。说白了,就是拿锁死的 USDT 或 USDC 去借 GHO、DAI、USDe 之类的资产,然后想办法撤离
但随着越来越多流动性从 AAVE 流出,更多市场也会冲到 100% 利用率,然后因为流动性太低被锁死卡住
这场连锁反应,正在快速蔓延到几乎所有还能动的市场
好在今天加密市场整体波动还算平,清算压力暂时不算特别大。可一旦行情变了,AAVE 里现在有数十亿美元的稳定币和其他资产被锁着,连清算都执行不了,那就等于更多坏账会继续砸出来
如果那些被困住的用户,或者同样卡在里面的相关协议,急需这笔钱去避免爆仓,或者维持某些关键功能,那他们现在是真的麻烦大了
更别提,现在也没人愿意往这些市场里继续存钱或者补流动性。毕竟谁都不想把自己的 ETH、BTC、USDC、USDT 扔进去以后,不知道要被卡多久
只要市场里稍微出现一点可提的流动性,就会立刻被机器人抢光。就在我写这段话的时候,我看到 USDC 市场里刚冒出来的 25 万流动性,几秒钟就被抽干
然后还有坏账这个问题
AAVE 因 rsETH 事件已经背上了超过 2 亿美元坏账,这东西现在就像一颗烫手山芋,谁都不知道最后到底由谁来埋单
如果你还没把资产从 AAVE 里拿出来,你就有可能要以某种形式分摊这笔账。拿不到自己的钱,本身就是风险的一部分
传染风险也非常高
很多协议和应用的收益机制本来就是建立在 AAVE 之上的。现在这些协议和它们的用户也一起被困住了,哪怕他们自己什么都没做错,也可能被迫吞下坏账
10 月 10 日那次是中心化交易所引发的暴跌,而这一次,是一次规模离谱的 DeFi 风控失效
AAVE 根本就不该把 rsETH 作为抵押品上线,至少不该把规模放大到几亿美元这种程度,让黑客可以靠假抵押物借走超过 2 亿美元的 ETH
现在还有传言说,rsETH 能被 AAVE 上线,是因为某个服务提供方存在利益冲突和游说行为。要是这事是真的,那 AAVE 的治理结构就是一次重大失灵,当然,这种事也不算新鲜
负责管理 rsETH 的 @KelpDAO 团队现在也面临一个很难的决定,这次 2 亿美元漏洞造成的损失,到底该由谁来承担。AAVE 用户。L2 上的 rsETH 用户。还是所有受影响的人一起被统一削减资产来填坑
AAVE 团队他们现在手里的问题很大,因为整个协议都处在风险里
市场对 AAVE 的 TVL 正在以数十亿美元的速度流失,甚至把所有核心市场都抽到了 100% 利用率
也许接下来会有一些行业里的关键角色出手补流动性,帮 AAVE 稳住市场,避免事情继续恶化
谁知道呢,最近都成黑客提款机了,不玩了
中文
之前刷过背包@Backpack,进行验证一下,不然领不到空投!只需要扫脸,验证地址(互相转告):backpack.exchange/join/44f63751-…
中文
终极出金教程:我跑通了从Kraken交易所出金到港卡的最优路径!
出金一直都是币圈的最大痛点问题。
很多人都是走交易所的C2C(个人对个人转账),不但磨损高,而且收到黑钱的话有冻卡风险。
这里介绍一个安全合规且磨损低的出金渠道:
我从 Kraken 出金1000美元至众安银行,实测总损耗约1.5%。出金金额比较大时,损耗可以继续压低,最低可以到0.4%左右。
1️⃣ Binance → Kraken 1000 USDT,收费0.04 USDT,到账999.96 USDT(选了一条费用很低的链)
2️⃣ kraken 999.96 USDT → 美元(USD),手续费0.2%(约1.99 USDT),到账约997.92 USD(按实时汇率换算)
3️⃣ kraken 997.92 USD → 众安银行(美元直汇通道),跨境转账手续费约 13 USD(Kraken美元跨境转账固定费用),到账约 984.92 USD
4️⃣ 最后在众安银行APP中将美元换为港币,众安银行换汇手续费约0.1%-0.2%,无额外中转费
每一步拆解的具体操作可以看以下内容 ⬇️
中文
欢迎使用Aave App在您的稳定币上赚取高达 6.50% 。APY 可能因地区而异,每秒赚取利息,享受行业领先的利率和高达 $1M 的账户保护。
iOS抢先体验加入 ,aave.com/r/703440
中文
很多借贷平台出现提款潮,对于新人提示一下:
当资金利用率飙升到了90%以上,说明池中资金已经快被提空,此时根据大部分借贷协议的利率曲线模型,借款利率会飙升来逼迫borrower还款,这种情况下关注市场的抵押品:
正常情况下,如果抵押品没有坏账,borrower是不会抛弃抵押品的,等待还款即可。
如果抵押品池中有你不信任的抵押品,或者风险已经暴露的,那么就要时刻关注池中资产情况,一旦有流动性就是大家抢着逃生了。另外如果是混合型的市场,抵押品坏账有交叉感染的可能。
最后说一下,在抵押品正常的情况下,不会出现无法回收的问题,这个跟银行不一样,提款是提不垮市场的。
当然在这种情况下,我也同样建议大家提款,同时正确的理解风险也很重要。
中文
