According to PANews, LayerZero Labs’ default library contract upgrade mechanism poses risks to over $3 billion in LZ OFT on May 8, with $178 million currently exposed to projects still using the default configuration. Security researcher Banteg flagged that the contract lacks time restrictions, allowing LayerZero Labs to immediately upgrade it and forge messages, similar to the rsETH hack. On-chain data revealed that LayerZero Labs’ multisig signers participated in meme token trades, DEX swaps, and cross-chain bridge transactions, indicating production environment private keys were connected to external websites, increasing phishing risks. CEO Bryan Pellegrino confirmed the transactions were conducted by multisig team members, describing them as testing PEPE on the LZ OFT token standard rather than meme coin trading, and stated the involved members have been removed.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
BlockSec releases a stablecoin freeze risk white paper: 30 days of freezing over 960 addresses
According to the blockchain security firm BlockSec, in a May report titled “Stablecoin Issuer Freezing Risk and Treasury Security Management White Paper,” its USDT Freeze Tracker on-chain statistics show that as of May 7, over the past 30 days Tether has cumulatively added 384 addresses to the blacklist across the Ethereum and Tron networks, involving frozen funds of about $515 million.
MarketWhisper5h ago
California Man Gets 6½ Years as FBI Ties $250M Crypto Heists to Home Burglaries
A federal court has sentenced a California man to 78 months in prison for his role in a social engineering conspiracy that authorities say stole more than $250 million in cryptocurrency.
Key Takeaways:
Ferro received 78 months for a $250 million RICO scheme targeting U.S. cryptocurrency
Coinpedia7h ago
ZachXBT Posts $10K Bounty on LAB Founder Over Market Manipulation Allegations
Blockchain sleuth ZachXBT has accused Vova Sadkov, founder of AI trading terminal project LAB, of market manipulation and is offering a $10,000 bounty for information related to the alleged scam, according to The Block.
Bounty Details and Allegations
ZachXBT posted on X on Thursday: "$10K bounty
CryptoFrontier11h ago
Project Eleven CEO Warns $2.3T Bitcoin at Risk from Quantum Computers
At the Consensus conference in Miami, Project Eleven CEO Alex Pruden warned that approximately $2.3 trillion worth of Bitcoin is exposed to quantum computing threats, urging developers to adopt post-quantum cryptography signatures in advance. Pruden emphasized that Bitcoin's transition to quantum-re
GateNews15h ago
1inch liquidity provider TrustedVolumes hacked: $6.7 million stolen, former attacker returns
1inch liquidity provider TrustedVolumes was hacked on May 7, with losses of about $6.7 million. The attacker registered as an “authorized order signer” via a public function in its own RFQ proxy contract, then used existing token approvals to transfer funds out of users’ wallets without touching 1inch’s core contracts or users’ funds. DeFi users are advised to regularly revoke token approvals they no longer use.
ChainNewsAbmedia16h ago
