Verify a decision

{"actor":"system:backfill","investigation_id":"ac519952-403c-434a-97fb-c421abbef480","kind":"publish","page_slug":"layerzero","published_at":"2026-06-03T17:05:33.826Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"LayerZero","sections":[{"content":"LayerZero is an omnichain interoperability protocol built and maintained by LayerZero Labs, a Canadian company incorporated as LayerZero Labs Canada Inc. The protocol provides immutable smart contracts deployed on each supported blockchain that serve as entry and exit points for cross-chain messages. As of early 2026, LayerZero is deployed on more than 90 blockchains and has processed over 200 million messages with a cumulative volume exceeding $50 billion. Its V2 architecture, launched in 2024, separates message verification from execution and places security configuration at the application layer: developers select their own Decentralized Verifier Networks (DVNs) to attest to messages and choose executors to deliver them. Stargate Finance, LayerZero's flagship native bridge, routes native USDC and USDT across 30+ chains using the protocol's OFT (Omnichain Fungible Token) standard. LayerZero Labs raised a $120 million Series B in April 2023 at a $3 billion valuation, with investors including a16z Crypto, Sequoia Capital, Christie's, Circle Ventures, Lightspeed, OKX Ventures, OpenSea Ventures, and Samsung Next, for a total of approximately $318 million raised across six rounds.","heading":"Protocol Overview","severity":"low","sources":[{"credibility":1,"name":"What is LayerZero? — LayerZero Docs","type":"official","url":"https://docs.layerzero.network/v2/concepts/getting-started/what-is-layerzero"},{"credibility":1,"name":"LayerZero Labs Closes $120 Million Series B — PR Newswire","type":"news_article","url":"https://www.prnewswire.com/news-releases/layerzero-labs-closes-120-million-series-b-funding-round-raising-its-valuation-to-3-billion-301789138.html"},{"credibility":1,"name":"LayerZero reaches $3 billion valuation in Series B — The Block","type":"news_article","url":"https://www.theblock.co/post/224762/layerzero-series-b"}]},{"content":"On April 18, 2026, at 17:35 UTC, attackers drained 116,500 rsETH tokens — valued at approximately $292 million, representing roughly 18% of rsETH's circulating supply — from KelpDAO's LayerZero-powered cross-chain bridge. The attack is the largest DeFi exploit of 2026. The KelpDAO bridge used a 1-of-1 DVN configuration, meaning a single DVN (operated by LayerZero Labs) was the sole required verifier for cross-chain messages. According to LayerZero's subsequent incident report, attackers used social engineering on a LayerZero Labs developer as early as March 6, 2026, to obtain session keys, then infiltrated LayerZero's RPC cloud infrastructure. They patched RPC memory so that LayerZero's own tools reported normal activity while DVN signing responses were secretly altered. A concurrent denial-of-service attack against external RPC providers forced the DVN to rely exclusively on two compromised internal nodes. With those nodes under attacker control, the DVN issued a valid attestation for a completely fabricated cross-chain message — one claiming to originate from KelpDAO's Unichain deployment when no corresponding source transaction existed on Unichain at all. On that false attestation, the Ethereum-side OFTAdapter released 116,500 rsETH to an attacker-controlled address. KelpDAO's emergency multisig paused core contracts 46 minutes after the initial drain, blocking two subsequent attempted drains each targeting approximately $100 million. Downstream protocols including Aave, SparkLend, and Fluid enacted emergency market freezes due to concerns about rsETH backing. The Arbitrum Security Council coordinated with law enforcement to freeze over 30,000 ETH of attacker downstream funds. Blockchain security firm Blockaid independently confirmed that no vulnerability existed in LayerZero's on-chain contracts, the rsETH token contract, or KelpDAO's OFTAdapter — the entire attack surface was the off-chain DVN signing infrastructure enabled by the 1-of-1 configuration.","heading":"KelpDAO Exploit: $292 Million Stolen via Compromised DVN (April 2026)","severity":"critical","sources":[{"credibility":1,"name":"Kelp DAO exploited for $292 million with wrapped ether stranded across 20 chains — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains"},{"credibility":1,"name":"Inside the KelpDAO Bridge Exploit — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"credibility":2,"name":"How a Single LayerZero DVN Compromise Drained $292M from KelpDAO — Blockaid","type":"research","url":"https://blockaid.io/blog/how-a-single-layerzero-dvn-compromise-drained-292m-from-kelpdao"},{"credibility":2,"name":"LayerZero Details Single-Verifier Flaw Behind $292M KelpDAO Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/20/layerzero-details-single-verifier-flaw-behind-292m-kelpdao-exploit/"},{"credibility":1,"name":"KelpDAO Incident Statement — LayerZero","type":"official","url":"https://layerzero.network/blog/kelpdao-incident-statement"},{"credibility":1,"name":"LayerZero Labs KelpDAO Incident Report (PDF) — LayerZero","type":"official","url":"https://layerzero.network/publications/kelpdao-incident-report.pdf"}]},{"content":"LayerZero attributed the KelpDAO exploit with preliminary confidence to TraderTraitor (also identified as UNC4899), a North Korean state-sponsored threat group that operates as a subunit of the Lazarus Group. The attribution relied on analysis from Mandiant, CrowdStrike, and other security firms. The attack pattern — social engineering targeting developers, sophisticated RPC infrastructure compromise, and rapid laundering — is consistent with prior TraderTraitor operations. The KelpDAO exploit followed a separate Drift Protocol exploit attributed to Lazarus Group on April 1, 2026, meaning the same threat actor allegedly drained more than $575 million from DeFi in 18 days through two structurally different attack vectors. Law enforcement agencies are involved in the ongoing investigation and asset freezing efforts. As of the date of this report, no law enforcement charges have been publicly filed in connection with the KelpDAO incident specifically.","heading":"Attribution to North Korea's TraderTraitor / Lazarus Group","severity":"high","sources":[{"credibility":1,"name":"LayerZero blames Kelp's setup for $290 million exploit, attributes it to North Korea's Lazarus — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"credibility":2,"name":"LayerZero Points to Lazarus Subgroup in KelpDAO Hack — BeInCrypto","type":"news_article","url":"https://beincrypto.com/layerzero-kelpdao-hack-lazarus-north-korea/"},{"credibility":2,"name":"LayerZero Ties KelpDAO Exploit to Lazarus Subgroup TraderTraitor — Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/markets/crypto/articles/layerzero-ties-kelpdao-exploit-lazarus-071321486.html"}]},{"content":"LayerZero's initial public response on April 20, 2026 placed responsibility on KelpDAO, stating: 'KelpDAO chose to utilize a 1/1 DVN configuration. A properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective even in the event of any single DVN being compromised.' The company asserted that 1-of-1 configurations 'directly contradict the multi-DVN redundancy model that LayerZero has consistently recommended to all integration partners.' KelpDAO disputed this account on May 5, 2026, releasing Telegram screenshots showing LayerZero team members acknowledging the 1-of-1 setup over approximately 2.5 years and eight integration discussions without flagging it as a security risk. KelpDAO's materials also noted that security researcher Sujith Somraaj — a prior LayerZero auditor — had submitted a bug bounty report describing the exact attack pattern, which LayerZero rejected on the grounds that 1-of-1 configurations were 'out of scope of the bug bounty program' as an 'application-level configuration choice.' Somraaj wrote publicly: 'My bug bounty: not a vuln, requires all DVNs. Their deployment: removes the \"all\" part. Hackers: collects $295M bounty instead.' On May 9, 2026, following the departure of major clients, LayerZero issued a public apology, stating: 'We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions' and 'We didn't police what our DVN was securing, which created a risk we simply didn't see. We own that.' This reversal came after, rather than before, significant reputational and business damage.","heading":"Blame-Shifting, Retraction, and Public Apology","severity":"high","sources":[{"credibility":1,"name":"Kelp DAO hits back at LayerZero for trying to shift the blame — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/kelp-dao-claims-layerzero-s-default-settings-are-what-actually-caused-the-usd290-million-disaster"},{"credibility":1,"name":"Kelp says LayerZero approved setup it blamed for $292 million bridge hack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"credibility":1,"name":"LayerZero says it 'made a mistake' in $292 Million Kelp exploit — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"},{"credibility":1,"name":"LayerZero issues public apology for Kelp DAO exploit response — The Block","type":"news_article","url":"https://www.theblock.co/post/400629/layerzero-issues-public-apology-for-kelp-dao-exploit-response-admits-fault-in-single-verifier-setup"},{"credibility":2,"name":"KelpDAO & LayerZero: Incident Report — Nexus Mutual","type":"research","url":"https://nexusmutual.io/blog/kelpdao-layerzero-incident-report"}]},{"content":"The KelpDAO exploit and LayerZero's initial blame-shifting triggered a significant departure of high-value clients. KelpDAO migrated its rsETH bridge infrastructure to Chainlink CCIP. On approximately May 7, 2026, Solv Protocol announced it would migrate more than $700 million in tokenized bitcoin infrastructure — including SolvBTC and xSolvBTC — from LayerZero to Chainlink CCIP, deprecating LayerZero bridge support across Corn, Berachain, Rootstock, and TAC. The combined Kelp and Solv migrations shifted nearly $1 billion in assets to Chainlink. Within 48 hours of the exploit becoming public, at least 14 additional protocols reportedly paused or ceased using LayerZero bridges, including Re, Tydro, and Huma Finance. Protocols including Beefy, Ethena, BitGo, and Lombard were reported to be reconsidering integrations. The ZRO token traded at approximately $1.13 on April 21, 2026 — below its June 2024 launch range — reflecting market reaction to the incident. (Price figures are volatile; see live sources for current figures.)","heading":"Client Exodus and Business Impact","severity":"high","sources":[{"credibility":1,"name":"The $700 million migration: Why Solv Protocol is ditching LayerZero for Chainlink — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration"},{"credibility":1,"name":"Solv Protocol drops LayerZero in favor of Chainlink for $700 million tokenized bitcoin — The Block","type":"news_article","url":"https://www.theblock.co/post/400520/solv-protocol-layerzero-chainlink"},{"credibility":2,"name":"KelpDAO & Solv Protocol Exit LayerZero for Chainlink After $292M rsETH Hack — EGW News","type":"news_article","url":"https://egw.news/crypto/news/34682/mass-exodus-from-layerzero-kelpdao-and-solv-protoc-yumh0TAIl"},{"credibility":2,"name":"Solv Protocol Will Dump LayerZero, Migrate $700M Tokenized Bitcoin Tech to Chainlink — Decrypt","type":"news_article","url":"https://decrypt.co/367154/solv-protocol-dump-layerzero-migrate-700m-tokenized-bitcoin-chainlink"}]},{"content":"Following the May 9, 2026 admission of fault, LayerZero announced a set of policy and infrastructure changes. The LayerZero Labs DVN will no longer service any application running a 1-of-1 configuration — refusing to act as the sole signer on any channel. Default security settings are being migrated to a 5-of-5 verifier configuration where possible, with a minimum 3-of-3 configuration on chains with only three available DVNs. Infrastructure changes include a complete overhaul of the cloud environment with hardened baselines, removal of standing credentials, implementation of just-in-time privileged access, multi-person IAM approval, and enhanced device and session validation. The company is also developing a custom multisig infrastructure called 'OneSig.' These changes are prospective and do not address the $292 million in losses from the April 2026 exploit, for which no victim compensation mechanism has been publicly announced.","heading":"Security Changes Announced Post-Exploit","severity":"medium","sources":[{"credibility":1,"name":"LayerZero says it 'made a mistake' in $292 Million Kelp exploit — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"},{"credibility":2,"name":"LayerZero details $292M KelpDAO exploit and tightens bridge security — Crypto.news","type":"news_article","url":"https://crypto.news/layerzero-details-292m-kelpdao-exploit-and-tightens-bridge-security/"},{"credibility":2,"name":"LayerZero Details Single-Verifier Flaw Behind $292M KelpDAO Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/20/layerzero-details-single-verifier-flaw-behind-292m-kelpdao-exploit/"}]},{"content":"Before the KelpDAO incident, LayerZero faced earlier security criticism. In early 2023, the protocol's production 2-of-5 Gnosis Safe multisig keys were observed executing Uniswap trades in the McPepes memecoin. Chainlink's Zach Rynes publicly characterized the practice as 'horrifying' OPSEC. Bryan Pellegrino denied that multisig keys were used for memecoin speculation, stating the transactions originated from former multisig members who had been removed and represented OFT testing — a characterization that critics disputed given the nature of ETH-to-memecoin swaps via Uniswap V3. A separate January 2023 incident involved concerns about LayerZero's bridge integration with Uniswap regarding trusted third-party vulnerabilities; Pellegrino denied that these constituted critical vulnerabilities. In May 2023, Spearbit security researcher and prior LayerZero auditor Sujith Somraaj submitted a bug bounty report describing the single-DVN attack vector. LayerZero rejected the report, classifying 1-of-1 DVN configurations as an application-level configuration choice outside the protocol's bug bounty scope. This decision proved consequential when the exact attack pattern executed against KelpDAO in April 2026. LayerZero's V2 architecture has undergone multiple security audits from firms including Ackee Blockchain (2022), ChainSecurity, Zellic, Paladin Blockchain Security (2024), and Dedaub (2025). No critical on-chain vulnerabilities in the core protocol have been publicly confirmed.","heading":"Prior Security and OPSEC Concerns","severity":"high","sources":[{"credibility":2,"name":"LayerZero multisig keys caught trading McPepes memecoin — Cryptopolitan","type":"news_article","url":"https://www.cryptopolitan.com/layerzero-multisig-trading-mcpepes-memecoin/"},{"credibility":1,"name":"LayerZero CEO denies accusations of critical trusted third-party vulnerabilities — The Block","type":"news_article","url":"https://www.theblock.co/post/206770/layerzero-ceo-denies-accusations-of-critical-trusted-third-party-vulnerabilities"},{"credibility":1,"name":"Kelp says LayerZero approved setup it blamed for $292 million bridge hack — CoinDesk","type":"news_article","url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"credibility":2,"name":"LayerZero OFT/OApp Security Audit — ChainSecurity","type":"other","url":"https://www.chainsecurity.com/security-audit/layerzero-oft-oapp"}]},{"content":"In June 2024, LayerZero distributed the ZRO governance token to approximately 1.28 million wallets, representing 8.5% of the total 1 billion token supply. The distribution was accompanied by a significant anti-Sybil campaign that eliminated approximately 803,273 wallets (59% of eligible addresses) through on-chain analysis and a community bounty program. The claiming mechanism — named 'Proof of Donation' — required recipients to pay $0.10 in USDC, USDT, or ETH per ZRO token claimed, with proceeds directed to the Protocol Guild (an Ethereum core developer collective). The mandatory donation requirement generated substantial backlash, as many users characterized the mechanism as an improper condition on an airdrop. ZRO lost approximately 24% of its value in the 24 hours following launch. Bryan Pellegrino acknowledged the team 'didn't give people a heads up on' the donation requirement. The token launched with a $3 billion fully diluted valuation at the time of distribution.","heading":"ZRO Token Airdrop Controversy (June 2024)","severity":"low","sources":[{"credibility":2,"name":"LayerZero ZRO token airdrop goes live with a controversial claiming mechanism — FXStreet","type":"news_article","url":"https://www.fxstreet.com/cryptocurrencies/news/layerzero-zro-token-tumbles-24-in-24-hours-hit-by-airdrop-related-controversy-202406210930"},{"credibility":2,"name":"ZRO token falls 17% amid controversy over LayerZero's 'not an airdrop' — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/layerzero-zro-cryptocurrency-token-donation-launch-controversy"},{"credibility":2,"name":"LayerZero Airdrop Retrospective Shows What Worked and What Didn't — Crypto News Navigator","type":"news_article","url":"https://www.cryptonewsnavigator.com/academy/article/layerzero-airdrop-retrospective-shows-what-worked-and-what-didnt"}]}],"sources_used":[{"credibility":1,"name":"Kelp DAO exploited for $292 million — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains"},{"credibility":1,"name":"LayerZero blames Kelp's setup, attributes to Lazarus — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"credibility":1,"name":"Kelp says LayerZero approved setup — CoinDesk","type":"news_article","url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"credibility":1,"name":"LayerZero says it 'made a mistake' — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"},{"credibility":1,"name":"Kelp DAO hits back at LayerZero — CoinDesk","type":"news_article","url":"https://www.coindesk.com/tech/2026/04/20/kelp-dao-claims-layerzero-s-default-settings-are-what-actually-caused-the-usd290-million-disaster"},{"credibility":1,"name":"Inside the KelpDAO Bridge Exploit — Chainalysis","type":"research","url":"https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/"},{"credibility":1,"name":"The $700 million migration: Solv ditches LayerZero for Chainlink — CoinDesk","type":"news_article","url":"https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration"},{"credibility":1,"name":"Solv Protocol drops LayerZero in favor of Chainlink — The Block","type":"news_article","url":"https://www.theblock.co/post/400520/solv-protocol-layerzero-chainlink"},{"credibility":1,"name":"LayerZero issues public apology — The Block","type":"news_article","url":"https://www.theblock.co/post/400629/layerzero-issues-public-apology-for-kelp-dao-exploit-response-admits-fault-in-single-verifier-setup"},{"credibility":2,"name":"LayerZero Details Single-Verifier Flaw Behind $292M KelpDAO Exploit — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/05/20/layerzero-details-single-verifier-flaw-behind-292m-kelpdao-exploit/"},{"credibility":2,"name":"How a Single LayerZero DVN Compromise Drained $292M from KelpDAO — Blockaid","type":"research","url":"https://blockaid.io/blog/how-a-single-layerzero-dvn-compromise-drained-292m-from-kelpdao"},{"credibility":2,"name":"LayerZero details $292M KelpDAO exploit and tightens bridge security — Crypto.news","type":"news_article","url":"https://crypto.news/layerzero-details-292m-kelpdao-exploit-and-tightens-bridge-security/"},{"credibility":2,"name":"KelpDAO blames LayerZero — AMBCrypto","type":"news_article","url":"https://ambcrypto.com/kelpdao-blames-layerzero-as-294-mln-hack-kelps-own-systems-were-not-involved/"},{"credibility":1,"name":"LayerZero Labs Closes $120 Million Series B — PR Newswire","type":"news_article","url":"https://www.prnewswire.com/news-releases/layerzero-labs-closes-120-million-series-b-funding-round-raising-its-valuation-to-3-billion-301789138.html"},{"credibility":1,"name":"LayerZero reaches $3 billion valuation in Series B — The Block","type":"news_article","url":"https://www.theblock.co/post/224762/layerzero-series-b"},{"credibility":2,"name":"ZRO token falls 17% amid controversy — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/news/layerzero-zro-cryptocurrency-token-donation-launch-controversy"},{"credibility":2,"name":"LayerZero multisig keys caught trading McPepes memecoin — Cryptopolitan","type":"news_article","url":"https://www.cryptopolitan.com/layerzero-multisig-trading-mcpepes-memecoin/"},{"credibility":1,"name":"LayerZero CEO denies critical trusted third-party vulnerabilities — The Block","type":"news_article","url":"https://www.theblock.co/post/206770/layerzero-ceo-denies-accusations-of-critical-trusted-third-party-vulnerabilities"},{"credibility":1,"name":"KelpDAO Incident Statement — LayerZero","type":"official","url":"https://layerzero.network/blog/kelpdao-incident-statement"},{"credibility":1,"name":"LayerZero Labs KelpDAO Incident Report (PDF)","type":"official","url":"https://layerzero.network/publications/kelpdao-incident-report.pdf"},{"credibility":1,"name":"What is LayerZero? — LayerZero Docs","type":"official","url":"https://docs.layerzero.network/v2/concepts/getting-started/what-is-layerzero"},{"credibility":2,"name":"KelpDAO & LayerZero: Incident Report — Nexus Mutual","type":"research","url":"https://nexusmutual.io/blog/kelpdao-layerzero-incident-report"},{"credibility":2,"name":"Containing our LayerZero DVN in response to KelpDAO — Brale","type":"other","url":"https://brale.xyz/blog/containing-our-layerzero-dvn-in-response-to-the-kelpdao-incident"},{"credibility":2,"name":"LayerZero Price — CoinGecko","type":"other","url":"https://www.coingecko.com/en/coins/layerzero"}],"summary":"LayerZero is an omnichain messaging protocol developed by LayerZero Labs that enables cross-chain communication across 90+ blockchains. On April 18, 2026, a $292 million exploit of the KelpDAO rsETH bridge — the largest DeFi hack of 2026 — exposed a critical single-point-of-failure in the protocol's Decentralized Verifier Network (DVN) configuration, attributed by LayerZero to North Korea's TraderTraitor (Lazarus Group). LayerZero initially blamed KelpDAO for the configuration before reversing course in May 2026 and admitting fault, triggering a mass client exodus exceeding $1 billion in migrated assets.","timeline":[{"date":"2022-03-01","event":"LayerZero Labs raises $135 million Series A co-led by a16z Crypto, Sequoia Capital, and FTX Ventures.","source":"The Block","source_url":"https://www.theblock.co/post/224762/layerzero-series-b"},{"date":"2022-03-15","event":"Ackee Blockchain completes first public security audit of LayerZero v1 protocol.","source":"LayerZero-Labs GitHub","source_url":"https://github.com/LayerZero-Labs/LayerZero-v1/blob/main/audit/Ackee%20Audit%20Report%20-%20LayerZero-2022.03.15.pdf"},{"date":"2023-01-31","event":"Security concerns raised over LayerZero's bridge integration with Uniswap regarding trusted third-party reliance; Pellegrino denies critical vulnerabilities.","source":"The Block","source_url":"https://www.theblock.co/post/206770/layerzero-ceo-denies-accusations-of-critical-trusted-third-party-vulnerabilities"},{"date":"2023-03-01","event":"LayerZero's production 2-of-5 multisig keys are observed executing McPepes memecoin trades on Uniswap V3; Pellegrino attributes transactions to former multisig members and OFT testing.","source":"Cryptopolitan","source_url":"https://www.cryptopolitan.com/layerzero-multisig-trading-mcpepes-memecoin/"},{"date":"2023-04-04","event":"LayerZero Labs closes $120 million Series B at $3 billion valuation with 33 investors including a16z, Sequoia, Samsung Next, Christie's, and Circle Ventures.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2023/04/04/crypto-protocol-layerzero-raises-120m-series-b-at-3b-valuation"},{"date":"2024-06-20","event":"ZRO token distributed to approximately 1.28 million wallets; 'Proof of Donation' claiming mechanism triggers community backlash and 24% price drop in 24 hours.","source":"CoinTelegraph","source_url":"https://cointelegraph.com/news/layerzero-zro-cryptocurrency-token-donation-launch-controversy"},{"date":"2026-03-06","event":"Alleged start of the KelpDAO attack chain: social engineering used against a LayerZero Labs developer to obtain session keys, per LayerZero's May 2026 incident report.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/05/20/layerzero-details-single-verifier-flaw-behind-292m-kelpdao-exploit/"},{"date":"2026-04-18","event":"KelpDAO's LayerZero-powered rsETH bridge exploited for 116,500 rsETH (~$292 million) at 17:35 UTC. Attacker forged a cross-chain message authenticated by compromised LayerZero Labs DVN nodes. KelpDAO pauses contracts 46 minutes later, blocking two additional ~$100 million attempted drains.","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/04/19/2026-s-biggest-crypto-exploit-kelp-dao-hit-for-usd292-million-with-wrapped-ether-stranded-across-20-chains"},{"date":"2026-04-20","event":"LayerZero publicly blames KelpDAO's 1-of-1 DVN configuration for the exploit and attributes the attack with preliminary confidence to North Korea's TraderTraitor (Lazarus Group).","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/04/20/layerzero-blames-kelp-s-setup-for-usd290-million-exploit-attributes-it-to-north-korea-s-lazarus"},{"date":"2026-05-05","event":"KelpDAO publicly disputes LayerZero's account, releasing Telegram screenshots showing LayerZero personnel approved the 1-of-1 setup over 2.5 years and eight integration discussions. KelpDAO announces migration to Chainlink CCIP.","source":"CoinDesk","source_url":"https://www.coindesk.com/web3/2026/05/05/kelp-claims-that-layerzero-approved-the-setup-it-blamed-for-usd292-million-bridge-hack"},{"date":"2026-05-07","event":"Solv Protocol announces migration of over $700 million in tokenized bitcoin infrastructure (SolvBTC, xSolvBTC) from LayerZero to Chainlink CCIP, deprecating LayerZero bridges on Corn, Berachain, Rootstock, and TAC.","source":"CoinDesk","source_url":"https://www.coindesk.com/business/2026/05/07/solv-drops-layerzero-for-chainlink-ccip-in-usd700-million-tokenized-bitcoin-migration"},{"date":"2026-05-09","event":"LayerZero issues public apology, admitting 'We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions.' Announces new minimum 3-of-3 and default 5-of-5 DVN configurations. Announces development of custom multisig infrastructure 'OneSig.'","source":"CoinDesk","source_url":"https://www.coindesk.com/tech/2026/05/09/layerzero-says-it-made-a-mistake-in-usd292-million-kelp-exploit"},{"date":"2026-05-20","event":"LayerZero releases detailed technical post-mortem of the KelpDAO incident, disclosing the March 6 social engineering attack chain and full infrastructure compromise timeline.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/05/20/layerzero-details-single-verifier-flaw-behind-292m-kelpdao-exploit/"}]},"v":1}