TheBlock
LayerZero published a public apology Friday, three weeks after a $292 million exploit drained Kelp DAO — acknowledging that allowing its DVN to act as a sole verifier for high-value cross-chain transactions was a fundamental security failure. The protocol attributed the attack to North Korea's Lazarus Group, which it says compromised internal RPC nodes and DDoS'd external ones to forge a cross-chain message.
In the same disclosure, LayerZero surfaced a previously unreported incident from roughly three and a half years ago in which a multisig signer used their production hardware wallet to execute a personal trade — a separate operational security lapse that had not been made public until now.
On the remediation side, the company announced it is ending support for the 1/1 DVN configuration entirely, alongside a broader package of security changes. The admission that a single-verifier…
CryptoSlate
Lookonchain
WuBlockchain