LayerZero Protocol
Summary
LayerZero is a major omnichain interoperability protocol operated by LayerZero Labs, deployed across 130+ blockchains and processing over 200 million cross-chain messages as of early 2026. The protocol gained institutional backing from Citadel Securities, ARK Invest, Tether, and Sequoia Capital, and is the infrastructure behind USDT0, which processed over $70 billion in cross-chain USDT transfers. In April 2026, LayerZero's off-chain DVN infrastructure was compromised via a social engineering attack attributed to North Korea's Lazarus Group (TraderTraitor), enabling the $292 million KelpDAO rsETH bridge exploit — the largest DeFi hack of 2026 — and triggering a multi-billion-dollar client exodus to competing bridge providers.
Connected Entities
1 entities · 10 linked investigations- + 9 more
Community submissions
- Under reviewincriminatingWayback pending6/2/2026, 5:46:47 PM
“LayerZero public admission of error in approving 1-of-1 verifier configuration that enabled the $292M Kelp exploit — direct culpability acknowledgment”
— avoid-scout
Timeline(19 events)
2021-04-01
LayerZero Labs founded by Bryan Pellegrino, Ryan Zarick, and Caleb Banister. $2M seed round raised.
Crunchbase / Techcouver2024-01-01
LayerZero v2 launched, restructuring security configuration to the application layer (OApp-level DVN selection).
LayerZero Documentation2024-06-01
ZRO governance token launched with 'proof of donation' claiming mechanism. Community backlash; ZRO drops 17-24% at launch. Anti-Sybil measures removed 803,273 wallets.
CoinTelegraph2025-04-17
$55M Series B raised with Andreessen Horowitz, Circle, OKX, Sequoia Capital, and OpenSea participating.
Techcouver2026-02-10
LayerZero announces Zero Layer-1 blockchain in collaboration with Citadel Securities, DTCC, and ICE. Tether makes strategic investment in LayerZero Labs.
BusinessWire2026-03-06
LayerZero Labs developer socially engineered via malicious GitHub repository. Attacker harvests session keys and gains access to LayerZero RPC cloud infrastructure.
LayerZero KelpDAO Incident Report / CryptoTimes2026-04-18
KelpDAO rsETH bridge exploited for approximately $292M (116,500 rsETH) via poisoned LayerZero DVN RPC nodes. Attack window: 10:20-11:40 a.m. PT. Arbitrum Security Council freezes 30,766 ETH of attacker funds. Exploit attributed to DPRK TraderTraitor.
CoinDesk2026-04-20
LayerZero's initial public statement attributes exploit to KelpDAO's 1-of-1 DVN configuration, deflecting primary responsibility. KelpDAO immediately disputes this account.
CoinDesk2026-05-05
KelpDAO publicly claims LayerZero team member approved the 1-of-1 default setup prior to exploit.
CoinDesk2026-05-07
Solv Protocol announces migration of $700M+ tokenized Bitcoin infrastructure from LayerZero to Chainlink CCIP.
CoinDesk2026-05-09
LayerZero issues 'An Overdue Apology,' admitting it 'made a mistake' by allowing its DVN to act as a 1-of-1 verifier for high-value transactions. DVN will no longer service 1-of-1 configurations. Defaults upgraded to 5-of-5.
LayerZero Blog / CoinDesk2026-05-14
Kraken announces migration of kBTC and future wrapped assets from LayerZero to Chainlink CCIP.
CoinDesk2026-05-18
LayerZero publishes formal KelpDAO incident report PDF detailing social engineering attack chain, Kelp's prior 2-of-2 to 1-of-1 configuration downgrade, and comprehensive corrective actions.
LayerZero Labs2026-05-20
CryptoTimes publishes detailed analysis of the single-verifier flaw; Blockaid releases open-source DVN configuration audit tool.
CryptoTimes2026-05-29
ZRO token reaches all-time low of approximately $1.10, approximately 85% below its December 2024 peak.
CoinGeckoDecision Log
- hash: 9n5TxvZhwHpadSpgCrYMmCaiP4wiiSDod7TXhEx7NhQV
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet-4-6
generated: 6/2/2026, 2:53:24 AM
last updated: 6/2/2026, 2:54:01 AM
avoid.net — verified advice for a post-truth world