PANews reported on May 8th that, according to a post by crypto KOL Fishy Catfish, LayerZero Labs co-founder and CEO Bryan Pellegrino had a heated debate with security researchers in the ETHSecurity Community Telegram group. The core controversy included: LayerZero Labs can immediately upgrade a default library contract without time limits to forge messages (similar to the rsETH hack), putting over $3 billion worth of LZ OFT at risk of being stolen; researcher Banteg pointed out that mainstream projects like Ethena and EtherFi were still using this default library contract weeks ago, and $178 million worth of these funds remain exposed to risk, originating from projects still using this default library. On-chain data shows that LayerZero Labs multisignature signers participated in non-multisignature signing activities such as Meme coin transactions, DEX exchanges, and cross-chain bridging, meaning that multisignature keys in the official environment were connected to websites, increasing the risk of phishing attacks.

Regarding the alleged use of production environment keys for transactions by LayerZero multisignature signers, Bryan confirmed that the transactions were completed by members of the multisignature team, but denied that they were "meme coin transactions," explaining that they were "testing PEPE on the LZ OFT token standard," and stated that the members involved have been removed. Bryan also advised projects to "directly use a fixed configuration" instead of using the default configuration to reduce risk. Banteg subsequently flagged a long list of LayerZero users still using the default library contracts, pointing out that these projects should migrate to a fixed configuration as soon as possible.