Cross-chain protocol LayerZero issued a public apology on May 9 (U.S. time), acknowledging a design flaw in the Kelp DAO hacker incident. CoinDesk, citing LayerZero’s official blog, wrote: “First things first: a belated apology. We allowed DVN to operate in 1/1 mode for high-value transactions—this is a mistake.” The position shifted from prior weeks’ accusations about “Kelp’s own configuration choices” to taking responsibility at the infrastructure layer itself. The attitude reversal occurred the day after Solv Protocol published on 5/8 that it was migrating tokenized BTC worth $700 million from LayerZero to Chainlink.
Apology details: 1/1 DVN configuration should not be allowed for high-value transactions
Key points in LayerZero’s public acknowledgement:
“We allowed DVN to provide service for high-value transactions in 1/1 mode—this is a mistake”
“We did not supervise what DVN was protecting, and we created a risk we did not see”
“The accusatory stance of ‘Kelp’s own configuration choices’ has been replaced by taking responsibility ourselves”
DVN (decentralized verifier network) is the verification layer for LayerZero cross-chain message passing. 1/1 DVN means that once a single verifier approves, it can authorize cross-chain transfers—single point of failure, whole bridge failure. In Kelp DAO’s April 18 hack, North Korea’s Lazarus Group exploited this single point and caused a loss of $292 million.
Policy change: DVN default upgrades from 1/1 to 5/5 (minimum 3/3)
LayerZero simultaneously released a technical policy update:
DVN will no longer provide service for 1/1 configurations
Default configurations across all routes will migrate to 5/5
If only three DVNs are available on-chain, the minimum threshold is 3/3
The change takes effect immediately
Upgrading from 1/1 to 5/5 means cross-chain messages now require collective approval from five verifiers to be released, and a single verifier compromise no longer results in full compromise. 3/3 is LayerZero’s minimum security floor, applicable to chains where the number of DVNs is limited.
Market reaction: customer migration is already a done deal
By the time LayerZero issued its apology, customer migration was already a done deal:
Kelp DAO has migrated the rsETH cross-chain bridge to Chainlink CCIP
Solv Protocol announced on 5/8 that its $700 million tokenized BTC infrastructure would move from LayerZero to Chainlink CCIP
A total of nearly $1 billion in tokenized BTC and related assets has been migrated to Chainlink CCIP
This apology is effectively LayerZero publicly admitting: the earlier stance accusing Kelp was an incorrect judgment. The timing of the attitude reversal came after large-scale customer migration, while the policy correction simultaneously faced the challenge of how to rebuild trust.
Specific follow-up events to track: the execution progress of 5/5 default migration for existing LayerZero customers (such as Stargate and other cross-chain applications), whether other protocols will follow in evaluating migration out of LayerZero, and the outcome of the competition between LayerZero and Chainlink CCIP when signing new contracts.
This article notes that LayerZero publicly apologized and acknowledged a 1/1 DVN configuration design flaw: a comprehensive upgrade to 5/5 appeared as early as in Chain News ABMedia.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
