•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
LayerZero Labs said on Friday that its internal infrastructure was compromised by North Korean hackers during the KelpDAO breach, alongside a simultaneous distributed denial-of-service (DDoS) attack. The company also disclosed that it issued a three-week period of communication silence after the incident.
In an official update, LayerZero said attackers “poisoned the source of truth” for internal remote procedure calls (RPCs) used by the LayerZero Decentralized Verifier Network (DVN). The RPC poisoning coincided with a DDoS attack targeting the firm’s external RPC provider.
LayerZero said the impact was limited to a small portion of its ecosystem. It reported that the incident affected a single application, equivalent to 0.14% of total applications and 0.36% of the total value locked on the protocol.
Since April 19, LayerZero said it has been working with external security partners to finalize a comprehensive post-mortem report. The company also acknowledged what it described as significant oversight in allowing its DVN to act as a solo verifier for high-value transactions.
LayerZero further said it did not adequately police what the DVN was securing, creating what it called a “single point of failure” risk.
To address the issues, LayerZero said it is educating developers on safe configurations and will no longer service 1/1 DVN setups. The company also said it is recommending that developers pin their configurations rather than rely on defaults, and set block confirmations at levels where reorganizations are nearly impossible.
LayerZero also disclosed a separate security lapse involving a multisig signer. It said that about three and a half years ago, an individual mistakenly used a multisig hardware wallet for a personal trade. The signer has since been removed.
LayerZero said it has implemented a custom-built multisig solution called “Onesig,” designed to prevent unauthorized backend transactions by hashing and merklizing transactions locally on the user’s side. The company added that it is increasing its multisig threshold from 3/5 to 7/10 across all chains where Onesig is supported.
Despite the breach, LayerZero said more than $9 billion in volume has moved across the network since April 19. It also stated that the architecture has facilitated over $260 billion in total transfers to date.
LayerZero maintained that the underlying protocol was not affected by the RPC poisoning, arguing that its modular design helped keep the rest of the recent traffic secure.
LayerZero said it is developing a second DVN client written in Rust to increase client diversity. It also described additional upgrades, including a more robust RPC quorum configuration that allows DVNs to select granular quorums across internal and external providers.
The company added that it is launching “Console,” a unified platform for asset issuers to manage security and monitor for anomalies.
LayerZero’s disclosure comes after several DeFi projects chose to leverage Chainlink’s CCIP. Separately, earlier this week, North Korea’s Foreign Ministry, via state media KCNA, rejected U.S. and international claims linking it to cryptocurrency thefts and cyberattacks, calling the accusations “absurd slander,” “false information,” and a politically motivated smear campaign.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
