According to LayerZero, the protocol issued a public apology on Friday for its handling of the April 18 exploit that drained $292 million in rsETH from Kelp DAO’s cross-chain bridge, marking a significant tonal shift from its earlier post-mortem. LayerZero acknowledged that its Decentralized Verifier Network (DVN) should not have served as the sole verifier for high-value transactions, stating: “We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions.” The company revealed that North Korea’s Lazarus Group had compromised its internal RPC nodes while simultaneously launching a DDoS attack against external providers, forcing the DVN to rely on poisoned infrastructure.
LayerZero outlined remediation steps: its DVN will no longer service 1/1 configurations, default settings are migrating to require at least five verifiers where possible, and the company plans to upgrade its multisig threshold from 3-of-5 to 7-of-10 using OneSig. The exploit affected approximately 0.14% of applications on the network and 0.36% of total assets, with more than $9 billion having moved across the protocol since April 19.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Microsoft Discovers macOS Phishing Campaign Targeting Exodus, Ledger, and Trezor Wallets Since Late 2025
According to Microsoft's security research team, since late 2025, attackers have been distributing fake macOS troubleshooting guides on platforms including Medium, Craft, and Squarespace to trick users into running malicious terminal commands. The commands download and execute malware designed to st
GateNews10m ago
LayerZero Issues Public Apology for Kelp DAO Exploit, Admits Single-Verifier Setup Was Mistake
According to LayerZero's official blog post on Friday, the protocol issued a public apology for its handling of the April 18 exploit that drained $292 million in rsETH from Kelp DAO's cross-chain bridge. LayerZero admitted it made a mistake by allowing its Decentralized Verifier Network to serve
GateNews6h ago
Crypto Wrench Attacks Surge 41% in 2026, Targeting Family Members
Crypto security firm CertiK estimates that cryptocurrency holders have lost approximately $101 million from wrench attacks in the first four months of 2026, according to the firm's analysis. If the trend continues at this rate, that equates to hundreds of millions of dollars lost for the full
CryptoFrontier7h ago
LayerZero Issues Public Apology on May 8, Admits Fault in Single-Verifier Setup for Kelp DAO Exploit
According to The Block, LayerZero issued a public apology on Friday for its handling of the April 18 exploit that drained roughly $292 million in rsETH from Kelp DAO's cross-chain bridge. The protocol acknowledged it made a mistake by allowing its Decentralized Verifier Network (DVN) to serve as the
GateNews12h ago
Crypto Wrench Attacks Rise: Victims Lose $101M in First Four Months of 2026, Families Increasingly Targeted
According to CertiK, crypto wrench attack victims lost approximately $101 million in the first four months of 2026, with the trend projected to reach hundreds of millions for the full year. The security firm verified 34 incidents globally, representing a 41% increase from the same period in 2025, wi
GateNews13h ago
Tether's USDT0 Unveils 3/3 Verification Mechanism, Launches $6M Bug Bounty Program After Kelp Incident
According to ChainCatcher, Tether's USDT0 protocol unveiled its security architecture following the Kelp incident, implementing a 3/3 verification consensus mechanism requiring three independent validators using separate codebases. Current validator nodes include USDT0's proprietary DVN,
GateNews15h ago
