TechFlow News, May 9: LayerZero’s official Twitter account announced that LayerZero Labs has issued a public apology regarding the security incident and insufficient communication over the past three weeks.
Regarding the incident: an internal RPC of LayerZero Labs was compromised by the North Korean hacker group Lazarus Group, contaminating the data source for its Decentralized Verification Nodes (DVNs). Concurrently, external RPC providers also suffered DDoS attacks. This incident affected only a single application—0.14% of all applications—and involved assets valued at approximately 0.36% of LayerZero’s total assets. Importantly, the LayerZero protocol itself remained unaffected; over $9 billion in assets continued to flow across chains normally following the incident.
LayerZero Labs acknowledged that previously permitting its DVNs to operate under a “1/1” single-node configuration for high-value transactions introduced single-point-of-failure risks, for which it accepts managerial oversight responsibility. Additionally, LayerZero disclosed that, three-and-a-half years ago, one of its multi-signature signers had mistakenly used a multi-sig hardware wallet for personal transactions; that signer has since been removed, and the associated wallet has been rotated.
As remedial measures, LayerZero Labs announced the following actions: it has discontinued support for 1/1 DVN configurations; it is migrating all paths’ default configurations to 5/5 multi-signature setups, with a minimum threshold of 3/3; it has developed a second DVN client written in Rust to enhance client diversity; it has launched OneSig, a dedicated multi-signature tool designed to improve signing security; and it has rolled out Console, a unified management platform supporting asset issuance configuration and anomaly detection.
