Unbiased AI-powered news
LayerZero published a blog on May 9, 2026 reversing its position on the April hack tied to North Korean attackers. The company acknowledged allowing its own decentralized verifier network to secure high-value assets in a risky 1-of-1 configuration. Major clients including Kelp and Solv Protocol are shifting to competitors.
medium.comU.S. time on May 9, 2026 admitting it made a mistake after initially framing a $292 million exploit as a developer configuration failure by Kelp DAO. The company reversed weeks of blaming Kelp for the April 2026 hack tied to North Korean attackers.
LayerZero CEO Bryan Pellegrino's firm said its protocol was not compromised. "First things first: an overdue apology," LayerZero wrote in the blog. The company acknowledged it made a mistake by allowing its own verifier network to secure high-value assets in a risky configuration.
"We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions," it stated. "We didn't police what our DVN was securing, which created a risk we simply didn't see. " The exploit was an attack on internal RPC infrastructure used by the LayerZero Labs DVN.
External RPC providers were hit with distributed denial-of-service attacks at the same time. LayerZero had initially framed the exploit as a developer configuration failure by Kelp, which chose a 1-of-1 configuration using only a single decentralized verifier network. A DVN is part of the infrastructure that verifies whether a transaction moving assets between blockchains is legitimate.
Cross-chain bridges act like digital transfer rails between otherwise separate blockchain networks. LayerZero maintained that developers remain responsible for their own security settings even as it accepted responsibility for not restricting its DVN. In response, the LayerZero Labs DVN will no longer service 1/1 DVN configurations.
All defaults on all pathways are being migrated to 5/5 where possible and no less than 3/3 on any chain where only 3 DVNs are available. The changes follow the company's admission three and a half years after an earlier internal security lapse. Three and a half years ago one of LayerZero's signers on its multisig used their multisig hardware wallet to perform a personal trade.
"This is obviously not ok," LayerZero stated. The signer was removed from the multisig, wallets were rotated after the multisig signer incident, and the company updated its security practices around signing devices, added localized anomaly detection software on each device, and created a custom-built multisig called OneSig.
The fallout from the April 2026 hack has driven major clients to rivals. Kelp shifted its rsETH bridge to Chainlink’s Cross-Chain Interoperability Protocol. Solv Protocol is migrating more than $700 million in tokenized bitcoin infrastructure away from LayerZero following a fresh security review.
CoinDesk reported that the admission marks a notable shift after weeks of public finger-pointing between LayerZero and Kelp over responsibility for the hack. LayerZero had argued the protocol had chosen a risky “1-of-1” configuration in which only a single decentralized verifier network needed to approve cross-chain transfers, creating a single point of failure.
Single source — no framing comparison available.
yna.co.krThe KOSPI closed at 6,856.83 on Tuesday after reversing from an intraday low of 6,448.86. Technology stocks led the gains while investors watched Middle East developments and awaited U.S. inflation data.
cnbc.comFederal Reserve Governor Christopher Waller said an above-target core inflation reading this week would require the FOMC to consider raising rates soon. He added that several months of cooler data are needed before he would view inflation as clearly declining toward the 2 percent…
middleeasteye.netHome Secretary Shabana Mahmood on 13 July 2026 announced the proscription of Iran's Islamic Revolutionary Guard Corps along with two other groups. Support for the organizations will become a criminal offense carrying up to 14 years in prison. The measures also expand police and i…