PANews reported on May 9th that LayerZero Labs issued an apology on its X platform regarding a security incident and disclosed corrective measures. The team acknowledged poor communication over the past three weeks and disclosed details of the recent security incident: internal RPC was attacked by Lazarus Group, and the external RPC provider was simultaneously subjected to a DDoS attack, resulting in the contamination of the data source used by its DVN. The protocol itself was not affected, but the team mistakenly allowed DVN to process high-value transactions with a 1/1 configuration and failed to oversee the content protected by DVN, constituting an undetected risk. This issue only affected one application, representing approximately 0.14% of the total number of applications on LayerZero and 0.36% of the asset value.

The team also acknowledged that three and a half years ago, a multi-signature signer mistakenly used a multi-signature hardware wallet for personal transactions. This signer has been removed, the wallet has been rotated, and a dedicated multi-signature system, OneSig, has been developed. Remedial measures include migrating all default paths to a 5/5 or 3/3 signature configuration, developing a second DVN client written in Rust, and launching a unified management platform with built-in anomaly detection and OneSig integration. The team recommends that developers fix configurations, set reasonable block confirmation counts, configure at least two-party DVNs, and consider running their own DVN to ensure security.

Earlier reports yesterday indicated that LayerZero had used a multisignature wallet to trade Meme coins, and that its default library contract upgrade mechanism posed a risk .