Skip to main content
Sign in
LayerZero Protocol1 decision on this page

Audit log

Every state-changing event for LayerZero Protocol: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-06-02 02:54:01Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,722,712
    sig
    4rjyjdqoeCcH…hvMZwueiexplorer ↗
    hash
    9n5TxvZhwHpa…hEx7NhQVsha256 → base58
    verifying row…full verify ↗
    canonical bytes (34582 B) ▸
    {"actor":"system:backfill","investigation_id":"ae4c060a-cd45-41d5-8a93-fd8e8e6ac8d9","kind":"publish","page_slug":"layerzero-protocol","published_at":"2026-06-02T02:54:01.669Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"LayerZero Protocol","sections":[{"content":"LayerZero is an omnichain messaging protocol developed by LayerZero Labs, incorporated in Vancouver, Canada. The protocol enables developers to build cross-chain applications ('OApps') and omnichain fungible tokens ('OFTs') that operate across more than 130 blockchains. LayerZero v2, launched in 2024, restructured security from the protocol layer to the application layer: integrators select which Decentralized Verifier Networks (DVNs) attest to their messages and which executors deliver them, with the LayerZero Endpoint contract enforcing only that chosen verifiers agree.\n\nAs of April 2026, LayerZero has processed over 200 million cross-chain messages and more than 50 DVN operators participate in the network, including LayerZero Labs, Google Cloud, Polyhedra Network, Nethermind, and Animoca. The protocol's OFT standard powers USDT0, an omnichain version of Tether's USDT launched in January 2025, which processed over $70 billion in cross-chain transfers within its first year across 23 networks.\n\nIn February 2026, LayerZero Labs announced 'Zero,' a new Layer-1 blockchain targeting institutional financial markets and aiming for up to 2 million TPS using zero-knowledge proofs. Institutional backers for Zero include Citadel Securities, DTCC, Intercontinental Exchange, Google Cloud, ARK Invest, and Tether. ZRO is LayerZero's native governance token, with a total supply of 1 billion and circulating supply of approximately 252 million as of June 2026. The ZRO token was trading at approximately $1.13, representing an all-time high decline of about 85% from its December 2024 peak of $7.47, according to CoinGecko data as of late May 2026.","heading":"Protocol Overview","severity":"low","sources":[{"credibility":1,"name":"LayerZero Documentation - Protocol Overview","type":"official","url":"https://docs.layerzero.network/v2/concepts/protocol/protocol-overview"},{"credibility":1,"name":"LayerZero Announces Zero Blockchain - BusinessWire","type":"news_article","url":"https://www.businesswire.com/news/home/20260210491975/en/LayerZero-Announces-Zero-Blockchain-to-Build-Global-Market-Infrastructure-In-Collaboration-with-Citadel-Securities-The-Depository-Trust-Clearing-Corporation-Intercontinental-Exchange-With-Strategic-Investment-in-ZRO-from-Citadel-Securities"},{"credibility":2,"name":"Tether-Backed USDT0 Surpasses $70 Billion in Cross-Chain Transfers - The Block","type":"news_article","url":"https://www.theblock.co/post/380434/tether-pegged-usdt0-omnichain-stablecoin-passes-50-billion-in-cumulative-transfers"},{"credibility":2,"name":"ZRO Price and Market Cap - CoinGecko","type":"other","url":"https://www.coingecko.com/en/coins/layerzero"}]},{"content":"On April 18, 2026, KelpDAO's rsETH bridge, powered by LayerZero's OFT infrastructure, was exploited for approximately 116,500 rsETH worth roughly $292 million — the largest DeFi hack of 2026. The attack window ran from 10:20 a.m. to 11:40 a.m. Pacific Time.\n\nAccording to LayerZero's incident report published May 18, 2026, the attack chain began on March 6, 2026, when a LayerZero Labs developer was socially engineered to clone a malicious GitHub repository, which installed macOS malware providing remote access to the developer's machine. The attacker harvested session keys and used them to access LayerZero's RPC cloud infrastructure via commercial VPNs, remaining dormant for approximately six weeks.\n\nOn April 18, the attacker injected malicious code into op-geth — the software LayerZero's DVN used to read blockchain state — on two Kubernetes clusters. Simultaneously, a denial-of-service attack was launched against an external RPC provider, forcing DVN signing to rely exclusively on the two compromised internal nodes. The compromised nodes were patched to return false data to the DVN (reporting token burns on Unichain that never occurred) while displaying accurate information to monitoring tools. The malicious software self-destructed to erase forensic evidence.\n\nBecause KelpDAO's rsETH bridge was configured in a 1-of-1 DVN setup, with LayerZero Labs' DVN as the sole verifier, the single compromised signer set was sufficient to authorize arbitrary cross-chain messages. An attempted secondary theft of 40,000 rsETH (~$95 million) was blocked through rapid contract pausing. The Arbitrum Security Council subsequently froze 30,766 ETH of attacker-controlled funds.\n\nLayerZero and multiple security firms (Mandiant, CrowdStrike) attributed the attack to TraderTraitor, also known as UNC4899, a North Korean state-sponsored threat group within the Lazarus Group. This represented the second major DeFi attack by the same unit within 18 days of a broader campaign totaling over $575 million in losses.","heading":"April 2026 KelpDAO Bridge Exploit ($292M)","severity":"critical","sources":[{"credibility":1,"name":"LayerZero KelpDAO Incident Report PDF","type":"official","url":"https://layerzero.network/publications/kelpdao-incident-report.pdf"},{"credibility":1,"name":"LayerZero Blames Kelp's Setup for $290M Exploit, Attributes It to North Korea's Lazarus - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"credibility":2,"name":"Inside the KelpDAO Bridge Exploit - Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"credibility":2,"name":"LayerZero Details Single-Verifier Flaw Behind $292M KelpDAO Exploit - CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/20/layerzero-details-single-verifier-flaw-behind-292m-kelpdao-exploit/"},{"credibility":2,"name":"LayerZero Labs KelpDAO Incident Report Summary - Lazarus.day","type":"research","url":"https://lazarus.day/reports/post/layerzero-labs-kelpdao-incident-report-qmVL5"}]},{"content":"The exploit's root cause involved two compounding factors: LayerZero's compromised infrastructure and the 1-of-1 DVN configuration used by KelpDAO's bridge.\n\nIn LayerZero v2's security model, application-layer configuration is the integrator's responsibility. However, a public dispute emerged about whether LayerZero Labs bore responsibility for allowing its DVN to serve as a sole verifier for high-value bridges without enforcement of minimum security standards.\n\nLayerZero's initial post-exploit statement on April 20, 2026 attributed blame primarily to KelpDAO, stating the protocol had 'chosen to utilize a 1/1 DVN configuration' and had received prior warnings about DVN diversification best practices. LayerZero's incident report further stated that Kelp had previously operated a 2-of-2 DVN configuration but downgraded to 1-of-1 before the exploit; however, LayerZero did not specify when the change occurred or whether a LayerZero employee reviewed it.\n\nKelpDAO disputed this account. On May 5, 2026, Kelp publicly stated that a LayerZero team member had said 'No problem on using defaults either' when Kelp expanded to layer-2 networks, and that the 1-of-1 LayerZero Labs DVN was the documented default for new deployments. Kelp argued that LayerZero effectively approved the vulnerable configuration.\n\nOn May 9, 2026, following several weeks of public criticism and a significant client exodus, LayerZero issued a formal admission titled 'An Overdue Apology.' The company stated: 'We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions. We didn't police what our DVN was securing, which created a risk we simply didn't see. We own that.' LayerZero also acknowledged it 'did a terrible job on comms over the past three weeks' by delaying the post-mortem release rather than communicating immediately.\n\nA secondary disclosure in the same statement revealed that, approximately three and a half years prior, a LayerZero multisig signer had used a multisig hardware wallet to execute a personal trade — an action LayerZero called 'obviously not ok.' The signer was removed and wallets rotated.\n\nThe dispute illustrates a structural tension in permissionless infrastructure design: when a protocol operator allows flexible security configurations, the boundary of responsibility between the protocol operator's DVN and the integrating application is not always clear to integrators.","heading":"1-of-1 DVN Configuration: Root Cause and Responsibility Dispute","severity":"high","sources":[{"credibility":1,"name":"LayerZero Says It 'Made a Mistake' in $292 Million Kelp Exploit - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"},{"credibility":1,"name":"Kelp Says LayerZero Approved Setup It Blamed for $292 Million Bridge Hack - CoinDesk","type":"news_article","url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"credibility":1,"name":"Kelp DAO Hits Back at LayerZero for Trying to Shift the Blame - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/kelp-dao-claims-layerzero-s-default-settings-are-what-actually-caused-the-usd290-million-disaster"},{"credibility":1,"name":"LayerZero 'An Overdue Apology' Blog Post","type":"official","url":"https://layerzero.network/blog/an-overdue-apology"},{"credibility":2,"name":"LayerZero Incident Report Says Kelp Downgraded From 2-of-2 to 1-of-1 - The Defiant","type":"news_article","url":"https://thedefiant.io/news/hacks/layerzero-s-incident-report-says-kelp-downgraded-from-2-of-2-to-1-of-1-before-usd292m-exploit"},{"credibility":1,"name":"LayerZero KelpDAO Incident Statement","type":"official","url":"https://layerzero.network/blog/kelpdao-incident-statement"}]},{"content":"The KelpDAO exploit triggered a significant departure of protocols from LayerZero's infrastructure. By mid-May 2026, multiple protocols with a combined TVL estimated at over $4 billion had announced migrations to Chainlink's Cross-Chain Interoperability Protocol (CCIP).\n\nKelpDAO was among the first to announce a migration, shifting its rsETH bridge to Chainlink CCIP on or around May 5, 2026. Solv Protocol, which managed approximately $700 million in tokenized Bitcoin infrastructure, announced its migration on May 7, 2026, citing both the security incident and LayerZero's initial blame-shifting response. Re.xyz followed. On May 14, 2026, Kraken announced it would replace LayerZero with Chainlink CCIP as the exclusive cross-chain infrastructure for kBTC and future wrapped assets.\n\nTotal reported migrations to Chainlink CCIP following the incident exceeded $4 billion across KelpDAO, Solv Protocol, Re.xyz, Kraken, and Lombard, per reporting by Crypto.news.\n\nDespite the departures, several major token issuers remained on LayerZero infrastructure as of May 2026, including USDT0 (Tether), USDe/sUSDe (Ethena), weETH (Etherfi), WBTC (BitGo), and thBILL (Theo).","heading":"Client Exodus and Competitive Fallout","severity":"high","sources":[{"credibility":1,"name":"The $700 Million Migration: Why Solv Protocol Is Ditching LayerZero for Chainlink - CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration"},{"credibility":1,"name":"Kraken to Replace LayerZero with Chainlink for kBTC, Future Wrapped Assets - CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/05/14/kraken-to-replace-layerzero-with-chainlink-to-bridge-assets-across-blockchains"},{"credibility":2,"name":"Chainlink CCIP Draws $4B from LayerZero Exodus - Crypto.news","type":"news_article","url":"https://crypto.news/chainlink-ccip-draws-4b-from-layerzero-exodus/"},{"credibility":2,"name":"LayerZero Fallout Pushes $2B Crypto Protocols to Chainlink - CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/11/layerzero-fallout-pushes-2b-crypto-protocols-to-chainlink/"},{"credibility":2,"name":"LayerZero Blamed the Victim for a $292 Million Hack, Then Apologized After Clients Left - CyberNews","type":"news_article","url":"https://cybernews.com/crypto/layerzero-292-million-hack-apology-clients-leave/"}]},{"content":"Following the KelpDAO incident and public acknowledgment of its mistake, LayerZero Labs announced a series of security and policy changes.\n\nOn the DVN configuration policy: LayerZero's DVN will no longer service applications running 1-of-1 DVN configurations. All default pathway configurations are being migrated to 5-of-5 where possible, and no less than 3-of-3 on chains where only three DVNs are available. LayerZero stated it is actively contacting all applications using 1-of-1 configurations to migrate to redundant multi-DVN setups.\n\nOn infrastructure: All affected RPC nodes were deprecated and replaced. A complete cloud infrastructure restructuring was performed, implementing hardened baselines, credential removal, time-limited access, multi-person IAM approval processes, and enhanced device and session validation. LayerZero implemented localized anomaly detection software.\n\nOn multisig governance: LayerZero removed the signer implicated in the prior hardware wallet misuse and rotated wallets. The team developed custom multisig infrastructure called 'OneSig' with enhanced security protocols. The multisig threshold is being upgraded from 3-of-5 to 7-of-10.\n\nOn operator tooling: LayerZero launched 'Console,' described as a unified platform with automated anomaly detection for asset issuers.\n\nNotably, LayerZero's own incident report acknowledged that the LayerZero protocol itself functioned as designed — the smart contracts were not exploited — and stated 'there is zero contagion to any other cross-chain assets or applications.' The exploit was categorized as an off-chain infrastructure attack, though the 1-of-1 configuration created the structural condition that made the off-chain compromise sufficient to drain bridge funds.\n\nAs of late May 2026, Blockaid released an open-source diagnostic script for auditing DVN configurations that flags 1-of-N pathways. A Github Gist associated with Blockaid's post-incident work indicated that some pathways on Dinari and Skale still listed LayerZero Labs as the only available DVN attestor, suggesting residual 1-of-1 risk on certain chains even after the policy change.","heading":"Security Changes and Corrective Actions","severity":"medium","sources":[{"credibility":1,"name":"LayerZero Says It 'Made a Mistake' - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"},{"credibility":1,"name":"LayerZero 'An Overdue Apology'","type":"official","url":"https://layerzero.network/blog/an-overdue-apology"},{"credibility":2,"name":"LayerZero Details $292M KelpDAO Exploit and Tightens Bridge Security - Crypto.news","type":"news_article","url":"https://crypto.news/layerzero-details-292m-kelpdao-exploit-and-tightens-bridge-security/"},{"credibility":2,"name":"LayerZero OFT/OApp DVN Configuration Audit (Blockaid GitHub Gist)","type":"research","url":"https://gist.github.com/IdoBn/7753f16fdb6810b11c5c87cdf11f8aa0"},{"credibility":2,"name":"How a Single LayerZero DVN Compromise Drained $292M from KelpDAO - Blockaid","type":"research","url":"https://www.blockaid.io/blog/how-a-single-layerzero-dvn-compromise-drained-292m-from-kelpdao"}]},{"content":"LayerZero launched its ZRO governance token in June 2024, distributing to approximately 1.28 million wallets with 8.5% of the total 1 billion supply distributed on day one, with the remainder released over a 36-month schedule.\n\nPrior to the launch, LayerZero implemented aggressive anti-Sybil measures, using both on-chain analysis and a self-reporting mechanism whereby Sybil accounts could report themselves in exchange for 15% of their intended allocation. According to LayerZero, 803,273 wallets (59% of potential recipients) were removed before distribution.\n\nThe launch drew significant community backlash due to a 'proof of donation' claiming mechanism: recipients were required to donate $0.10 in USDC, USDT, or native ETH per ZRO token claimed, with proceeds directed to the Protocol Guild. Critics objected to calling the mechanism an 'airdrop' while imposing a claiming cost. ZRO dropped 17-24% within 24 hours of launch amid the controversy. CEO Bryan Pellegrino defended the mechanism, stating no user was entitled to the tokens and those unwilling to donate could forgo the claim.\n\nZRO reached an all-time high of approximately $7.47 in December 2024. By late May 2026, the token was trading near its all-time low of approximately $1.10, representing an approximately 85% decline from peak, attributable to a combination of broader market conditions and reputational damage from the KelpDAO incident.","heading":"ZRO Token Launch and Airdrop Controversy (2024)","severity":"low","sources":[{"credibility":2,"name":"ZRO Token Falls 17% Amid Controversy Over LayerZero's 'Not an Airdrop' - CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/layerzero-zro-cryptocurrency-token-donation-launch-controversy"},{"credibility":2,"name":"LayerZero Fought the Sybils and Airdropped Its Token - Unchained","type":"news_article","url":"https://unchainedcrypto.com/layerzero-fought-the-sybils-and-airdropped-its-token-did-the-team-win/"},{"credibility":2,"name":"ZRO Price and Market Cap - CoinGecko","type":"other","url":"https://www.coingecko.com/en/coins/layerzero"}]},{"content":"The KelpDAO exploit revealed a structural risk inherent in LayerZero's architecture: security ultimately depends on the integrity of off-chain DVN infrastructure. While the on-chain protocol executed as designed, the off-chain signing infrastructure for LayerZero Labs' DVN was successfully compromised by a sophisticated nation-state actor.\n\nLayerZero's own incident report acknowledged this is 'a fundamental limitation of all offchain services.' However, security researchers and community commentators have noted that this limitation is particularly acute in cross-chain bridge infrastructure, where a single compromised signing layer can authorize irreversible fund transfers across chains. The adversary's ability to remain dormant for six weeks after initial compromise, patch memory at the RPC level to evade monitoring, and self-destruct forensic evidence demonstrates a capability level consistent with attributed DPRK TraderTraitor operations.\n\nSince the incident, Blockaid's audit tool identified that some chain pathways may still present only one available DVN attestor, meaning that even with LayerZero's policy change to refuse 1/1 signing, the underlying infrastructure concentration risk may persist on certain chains until additional DVN operators are deployed.\n\nThe $292 million loss occurred despite LayerZero having communicated DVN diversification best practices to integrators, indicating that a gap between best-practice documentation and enforcement was itself a risk that LayerZero Labs has since acknowledged. The broader ecosystem of 200+ protocols using LayerZero infrastructure represents a persistent attack surface where any integration using a minimally-diversified DVN setup could be targeted via similar infrastructure-level attacks.","heading":"Off-Chain Infrastructure Risk and Nation-State Threat Surface","severity":"high","sources":[{"credibility":1,"name":"LayerZero KelpDAO Incident Report PDF","type":"official","url":"https://layerzero.network/publications/kelpdao-incident-report.pdf"},{"credibility":3,"name":"Crypto Community Slams LayerZero - TradingView/NewsBTC","type":"news_article","url":"https://www.tradingview.com/news/newsbtc:484aac8e4094b:0-crypto-community-slams-layerzero-more-verifiers-won-t-stop-the-next-290m-hack/"},{"credibility":2,"name":"Inside the KelpDAO Bridge Exploit - Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"credibility":2,"name":"LayerZero OFT/OApp DVN Configuration Audit (Blockaid)","type":"research","url":"https://gist.github.com/IdoBn/7753f16fdb6810b11c5c87cdf11f8aa0"}]},{"content":"LayerZero Labs has raised approximately $318 million in total funding across six rounds from 53 investors, achieving a $3 billion valuation. Key funding milestones include a $2 million seed round in April 2021, a $135 million Series A+ in 2022 co-led by Sequoia Capital, a $120 million round in April 2023 led by a16z crypto at a $3 billion valuation, and a $55 million Series B in April 2025 with participation from Andreessen Horowitz, Circle, OKX, Sequoia Capital, and OpenSea.\n\nIn February 2026, Tether announced a strategic investment in LayerZero Labs coincident with the Zero blockchain announcement. Zero also secured investment and collaboration commitments from Citadel Securities, DTCC, Intercontinental Exchange (ICE), Google Cloud, and ARK Invest, indicating continued institutional confidence in the infrastructure layer despite the subsequent KelpDAO incident.","heading":"Funding, Valuation, and Institutional Backing","severity":"low","sources":[{"credibility":1,"name":"LayerZero Labs Valued at $3B After $120M Funding Round - Fortune","type":"news_article","url":"https://fortune.com/crypto/2023/04/04/blockchain-interoperability-firm-layerzero-labs-valued-at-3b-after-120m-funding-round/"},{"credibility":2,"name":"Bryan Pellegrino on Conviction, Culture, and Capital: How LayerZero Built a $3B Startup - Techcouver","type":"news_article","url":"https://techcouver.com/2025/05/28/bryan-pellegrino-layerzero-3b-startup/"},{"credibility":1,"name":"Tether Announces Strategic Investment in LayerZero Labs","type":"official","url":"https://tether.io/news/tether-announces-strategic-investment-in-layerzero-labs-creator-of-the-interoperability-infrastructure-used-by-usdt0/"},{"credibility":1,"name":"Citadel Securities and Cathie Wood Back Zero Blockchain - Fortune","type":"news_article","url":"https://fortune.com/2026/02/10/layerzero-blockchain-ark-citadel-cathie-wood-nyse-dtcc-ice-tokenization-crypto/"}]}],"sources_used":[{"credibility":1,"name":"LayerZero KelpDAO Incident Statement","type":"official","url":"https://layerzero.network/blog/kelpdao-incident-statement"},{"credibility":1,"name":"LayerZero KelpDAO Incident Report PDF","type":"official","url":"https://layerzero.network/publications/kelpdao-incident-report.pdf"},{"credibility":1,"name":"LayerZero 'An Overdue Apology'","type":"official","url":"https://layerzero.network/blog/an-overdue-apology"},{"credibility":1,"name":"LayerZero Says It 'Made a Mistake' in $292 Million Kelp Exploit - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"},{"credibility":1,"name":"LayerZero Blames Kelp's Setup for $290M Exploit, Attributes It to North Korea's Lazarus - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"credibility":1,"name":"Kelp Says LayerZero Approved Setup It Blamed for $292M Bridge Hack - CoinDesk","type":"news_article","url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"credibility":1,"name":"Kelp DAO Hits Back at LayerZero for Trying to Shift the Blame - CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/kelp-dao-claims-layerzero-s-default-settings-are-what-actually-caused-the-usd290-million-disaster"},{"credibility":1,"name":"The $700 Million Migration: Why Solv Protocol Is Ditching LayerZero for Chainlink - CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration"},{"credibility":1,"name":"Kraken to Replace LayerZero with Chainlink for kBTC - CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/05/14/kraken-to-replace-layerzero-with-chainlink-to-bridge-assets-across-blockchains"},{"credibility":2,"name":"Inside the KelpDAO Bridge Exploit - Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"credibility":2,"name":"LayerZero Details Single-Verifier Flaw Behind $292M KelpDAO Exploit - CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/20/layerzero-details-single-verifier-flaw-behind-292m-kelpdao-exploit/"},{"credibility":2,"name":"LayerZero Fallout Pushes $2B Crypto Protocols to Chainlink - CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/11/layerzero-fallout-pushes-2b-crypto-protocols-to-chainlink/"},{"credibility":2,"name":"Chainlink CCIP Draws $4B from LayerZero Exodus - Crypto.news","type":"news_article","url":"https://crypto.news/chainlink-ccip-draws-4b-from-layerzero-exodus/"},{"credibility":2,"name":"How a Single LayerZero DVN Compromise Drained $292M from KelpDAO - Blockaid","type":"research","url":"https://www.blockaid.io/blog/how-a-single-layerzero-dvn-compromise-drained-292m-from-kelpdao"},{"credibility":2,"name":"LayerZero Labs KelpDAO Incident Report Summary - Lazarus.day","type":"research","url":"https://lazarus.day/reports/post/layerzero-labs-kelpdao-incident-report-qmVL5"},{"credibility":2,"name":"LayerZero Admits Mistake in 1/1 DVN Setup - The Defiant","type":"news_article","url":"https://thedefiant.io/news/security/layerzero-labs-security-incident-multisig-violation-rjuv1s"},{"credibility":2,"name":"LayerZero Blamed the Victim for a $292M Hack, Then Apologized After Clients Left - CyberNews","type":"news_article","url":"https://cybernews.com/crypto/layerzero-292-million-hack-apology-clients-leave/"},{"credibility":2,"name":"LayerZero Concedes 1/1 DVN Mistake as Chainlink Gains - AMBCrypto","type":"news_article","url":"https://ambcrypto.com/layerzero-concedes-1-1-dvn-mistake-as-chainlink-gains-from-bridge-security-fears/"},{"credibility":2,"name":"ZRO Token Falls 17% Amid Controversy - CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/layerzero-zro-cryptocurrency-token-donation-launch-controversy"},{"credibility":1,"name":"Tether Announces Strategic Investment in LayerZero Labs","type":"official","url":"https://tether.io/news/tether-announces-strategic-investment-in-layerzero-labs-creator-of-the-interoperability-infrastructure-used-by-usdt0/"},{"credibility":1,"name":"LayerZero Labs Valued at $3B After $120M Funding Round - Fortune","type":"news_article","url":"https://fortune.com/crypto/2023/04/04/blockchain-interoperability-firm-layerzero-labs-valued-at-3b-after-120m-funding-round/"},{"credibility":1,"name":"Citadel Securities and Cathie Wood Back Zero Blockchain - Fortune","type":"news_article","url":"https://fortune.com/2026/02/10/layerzero-blockchain-ark-citadel-cathie-wood-nyse-dtcc-ice-tokenization-crypto/"},{"credibility":2,"name":"LayerZero OFT/OApp DVN Configuration Audit (Blockaid GitHub Gist)","type":"research","url":"https://gist.github.com/IdoBn/7753f16fdb6810b11c5c87cdf11f8aa0"},{"credibility":2,"name":"ZRO Price and Market Cap - CoinGecko","type":"other","url":"https://www.coingecko.com/en/coins/layerzero"},{"credibility":1,"name":"LayerZero Documentation - Protocol Overview","type":"official","url":"https://docs.layerzero.network/v2/concepts/protocol/protocol-overview"},{"credibility":1,"name":"LayerZero v2 GitHub","type":"official","url":"https://github.com/LayerZero-Labs/LayerZero-v2"}],"summary":"LayerZero is a major omnichain interoperability protocol operated by LayerZero Labs, deployed across 130+ blockchains and processing over 200 million cross-chain messages as of early 2026. The protocol gained institutional backing from Citadel Securities, ARK Invest, Tether, and Sequoia Capital, and is the infrastructure behind USDT0, which processed over $70 billion in cross-chain USDT transfers. In April 2026, LayerZero's off-chain DVN infrastructure was compromised via a social engineering attack attributed to North Korea's Lazarus Group (TraderTraitor), enabling the $292 million KelpDAO rsETH bridge exploit — the largest DeFi hack of 2026 — and triggering a multi-billion-dollar client exodus to competing bridge providers.","timeline":[{"date":"2021-04-01","event":"LayerZero Labs founded by Bryan Pellegrino, Ryan Zarick, and Caleb Banister. $2M seed round raised.","source":"Crunchbase / Techcouver","source_url":"https://techcouver.com/2025/05/28/bryan-pellegrino-layerzero-3b-startup/"},{"date":"2022-01-01","event":"LayerZero v1 mainnet launched; $135M Series A+ raised co-led by Sequoia Capital.","source":"Fortune","source_url":"https://fortune.com/crypto/2023/04/04/blockchain-interoperability-firm-layerzero-labs-valued-at-3b-after-120m-funding-round/"},{"date":"2023-04-04","event":"$120M fundraise announced at $3B valuation, led by a16z crypto.","source":"Fortune","source_url":"https://fortune.com/crypto/2023/04/04/blockchain-interoperability-firm-layerzero-labs-valued-at-3b-after-120m-funding-round/"},{"date":"2024-01-01","event":"LayerZero v2 launched, restructuring security configuration to the application layer (OApp-level DVN selection).","source":"LayerZero Documentation","source_url":"https://docs.layerzero.network/v2/concepts/protocol/protocol-overview"},{"date":"2024-06-01","event":"ZRO governance token launched with 'proof of donation' claiming mechanism. Community backlash; ZRO drops 17-24% at launch. Anti-Sybil measures removed 803,273 wallets.","source":"CoinTelegraph","source_url":"https://cointelegraph.com/news/layerzero-zro-cryptocurrency-token-donation-launch-controversy"},{"date":"2024-12-06","event":"ZRO token reaches all-time high of approximately $7.47.","source":"CoinGecko","source_url":"https://www.coingecko.com/en/coins/layerzero"},{"date":"2025-01-01","event":"Tether and LayerZero launch USDT0, an omnichain USDT built on OFT standard.","source":"The Block","source_url":"https://www.theblock.co/post/380434/tether-pegged-usdt0-omnichain-stablecoin-passes-50-billion-in-cumulative-transfers"},{"date":"2025-04-17","event":"$55M Series B raised with Andreessen Horowitz, Circle, OKX, Sequoia Capital, and OpenSea participating.","source":"Techcouver","source_url":"https://techcouver.com/2025/05/28/bryan-pellegrino-layerzero-3b-startup/"},{"date":"2026-02-10","event":"LayerZero announces Zero Layer-1 blockchain in collaboration with Citadel Securities, DTCC, and ICE. Tether makes strategic investment in LayerZero Labs.","source":"BusinessWire","source_url":"https://www.businesswire.com/news/home/20260210491975/en/LayerZero-Announces-Zero-Blockchain-to-Build-Global-Market-Infrastructure-In-Collaboration-with-Citadel-Securities-The-Depository-Trust-Clearing-Corporation-Intercontinental-Exchange-With-Strategic-Investment-in-ZRO-from-Citadel-Securities"},{"date":"2026-03-06","event":"LayerZero Labs developer socially engineered via malicious GitHub repository. Attacker harvests session keys and gains access to LayerZero RPC cloud infrastructure.","source":"LayerZero KelpDAO Incident Report / CryptoTimes","source_url":"https://www.cryptotimes.io/2026/05/20/layerzero-details-single-verifier-flaw-behind-292m-kelpdao-exploit/"},{"date":"2026-04-18","event":"KelpDAO rsETH bridge exploited for approximately $292M (116,500 rsETH) via poisoned LayerZero DVN RPC nodes. Attack window: 10:20-11:40 a.m. PT. Arbitrum Security Council freezes 30,766 ETH of attacker funds. Exploit attributed to DPRK TraderTraitor.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"date":"2026-04-20","event":"LayerZero's initial public statement attributes exploit to KelpDAO's 1-of-1 DVN configuration, deflecting primary responsibility. KelpDAO immediately disputes this account.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"date":"2026-05-05","event":"KelpDAO publicly claims LayerZero team member approved the 1-of-1 default setup prior to exploit.","source":"CoinDesk","source_url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"date":"2026-05-07","event":"Solv Protocol announces migration of $700M+ tokenized Bitcoin infrastructure from LayerZero to Chainlink CCIP.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration"},{"date":"2026-05-09","event":"LayerZero issues 'An Overdue Apology,' admitting it 'made a mistake' by allowing its DVN to act as a 1-of-1 verifier for high-value transactions. DVN will no longer service 1-of-1 configurations. Defaults upgraded to 5-of-5.","source":"LayerZero Blog / CoinDesk","source_url":"https://layerzero.network/blog/an-overdue-apology"},{"date":"2026-05-14","event":"Kraken announces migration of kBTC and future wrapped assets from LayerZero to Chainlink CCIP.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/05/14/kraken-to-replace-layerzero-with-chainlink-to-bridge-assets-across-blockchains"},{"date":"2026-05-18","event":"LayerZero publishes formal KelpDAO incident report PDF detailing social engineering attack chain, Kelp's prior 2-of-2 to 1-of-1 configuration downgrade, and comprehensive corrective actions.","source":"LayerZero Labs","source_url":"https://layerzero.network/publications/kelpdao-incident-report.pdf"},{"date":"2026-05-20","event":"CryptoTimes publishes detailed analysis of the single-verifier flaw; Blockaid releases open-source DVN configuration audit tool.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/05/20/layerzero-details-single-verifier-flaw-behind-292m-kelpdao-exploit/"},{"date":"2026-05-29","event":"ZRO token reaches all-time low of approximately $1.10, approximately 85% below its December 2024 peak.","source":"CoinGecko","source_url":"https://www.coingecko.com/en/coins/layerzero"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 71e0c33f-1302-4d6a-a68e-a1503a3df2e9
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.