LayerZero Labs apologized for the security incident and disclosed corrective measures.

CoinFeed reported on May 9th that LayerZero Labs issued an apology on its X platform regarding a security incident and disclosed corrective measures. The team acknowledged poor communication over the past three weeks and disclosed details of the recent security incident: internal RPC was attacked by Lazarus Group, and the external RPC provider was simultaneously subjected to a DDoS attack, resulting in the contamination of the data source used by its DVN. The protocol itself was not affected, but the team mistakenly allowed DVN to process high-value transactions in a 1/1 configuration and failed to monitor the content protected by DVN, constituting an undetected risk. This issue only affected one application, representing approximately 0.14% of the total number of applications on LayerZero and 0.36% of the asset value. The team also acknowledged that three and a half years ago, a multi-signature signer mistakenly used a multi-signature hardware wallet for personal transactions. This signer has been removed, the wallet has been rotated, and a dedicated multi-signature system, OneSig, has been developed.