•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
LayerZero is facing a new security controversy after it was revealed that its 2-of-5 production multisig keys on Gnosis Safe were used to execute operations on Uniswap involving the memecoin McPepes. The disclosure has raised concerns about operational security and key isolation in critical infrastructure.
According to screenshots of an internal discussion that circulated on X, three of the five signers of LayerZero’s Gnosis Safe 2-of-5 carried out transactions on decentralized exchanges using the same keys that custody the production multisig. The activity was not related to multisig management, and critics argue it violates the principle of isolating keys for different operational purposes.
One signer, identified by the address 0x1f5E377a3ADBe6f3289ADb6b21eae6427dfbb553, executed a transaction on March 1, 2023. The operation involved swapping 0.198548073 ETH for approximately 1.73 million McPepes tokens through Uniswap V3.
Other signers were described as having custody or involvement in additional activities: one signer held around $12 million in the wallet while staking on Stargate, and another was engaged in liquidity provision on platforms including Curve, PancakeSwap, and SpookySwap.
The multisig reportedly had no timelock, and the keys were not rotated for several years. The article notes that the multisig controls DVN configurations and libraries for LayerZero-compatible protocols, and argues that exposure to malicious contract attacks and phishing schemes would be especially dangerous. It states that compromising just two keys would have been sufficient to drain the entire multisig.
LayerZero CEO Bryan Pellegrino responded to the accusations by attributing the transactions to former signers who had already been removed. He also described the activity as OFT tests rather than speculation. The community response was mixed, with critics rejecting the explanation and pointing out that swapping ETH for a memecoin on Uniswap does not align with typical testing descriptions.
Zach Rynes from Chainlink characterized the security practices as “terrifying” and warned that users relying on LayerZero’s default configuration could face supply chain attack risks.
In a related development, Solv Protocol announced the migration of over $700 million in tokenized BTC from LayerZero to Chainlink’s CCIP. The announcement cited security reviews and concerns with bridges.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
