LayerZero admits fault in $292M hack, shifts blame from Kelp DAO
LayerZero acknowledged it made a mistake by allowing its own decentralized verifier network (DVN) to secure high-value crypto transfers in a vulnerable '1-of-1' configuration, which contributed to a $292 million hack attributed to North Korean attackers. The admission marks a reversal from its earlier stance that blamed Kelp DAO for the exploit, which LayerZero had initially framed as an application-level configuration failure. LayerZero said its DVN will no longer service 1-of-1 configurations, and defaults are being migrated to 5-of-5 or at least 3-of-3 multisig setups. The company emphasized that its core protocol was not compromised, but the attack targeted internal RPC infrastructure alongside distributed denial-of-service attacks on external providers. Additionally, LayerZero disclosed a separate security lapse where a multisig signer used a corporate hardware wallet for personal trading, leading to the signer's removal and new security measures. The incident has eroded trust in LayerZero's security model. Kelp DAO has already moved its rsETH bridge to Chainlink's Cross-Chain Interoperability Protocol, and Solv Protocol is migrating over $700 million in tokenized bitcoin infrastructure away from LayerZero. Competitors like Chainlink are leveraging the fallout to attract protocols rethinking their security providers. For wallet and key holders, the event underscores the risks of relying on cross-chain bridges with centralized or low-threshold verification, highlighting the need for diversified security assumptions and careful due diligence on infrastructure providers.
Key facts
- LayerZero admitted fault for allowing its DVN to secure high-value transfers in a 1-of-1 configuration.
- The $292 million hack was initially blamed on Kelp DAO but now owned by LayerZero.
- LayerZero will no longer support 1-of-1 DVN setups and is migrating defaults to 5-of-5.
- A multisig signer was removed for using a corporate hardware wallet for personal trades.
- Competitors like Chainlink are gaining clients as protocols seek alternative security providers.