LayerZero Issues Public Apology for Kelp DAO Exploit Response, Admits DVN Single-Verifier Fault

ZRO1.30%

According to LayerZero, the protocol issued a public apology on Friday for its handling of the April 18 exploit that drained $292 million in rsETH from Kelp DAO's cross-chain bridge, marking a significant tonal shift from its earlier post-mortem. LayerZero acknowledged that its Decentralized Verifier Network (DVN) should not have served as the sole verifier for high-value transactions, stating: "We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions." The company revealed that North Korea's Lazarus Group had compromised its internal RPC nodes while simultaneously launching a DDoS attack against external providers, forcing the DVN to rely on poisoned infrastructure.

LayerZero outlined remediation steps: its DVN will no longer service 1/1 configurations, default settings are migrating to require at least five verifiers where possible, and the company plans to upgrade its multisig threshold from 3-of-5 to 7-of-10 using OneSig. The exploit affected approximately 0.14% of applications on the network and 0.36% of total assets, with more than $9 billion having moved across the protocol since April 19.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments