LayerZero has issued a notable reversal in its response to the $292 million Kelp DAO exploit, acknowledging that its Decentralized Verifier Network (DVN) should never have been used as the sole verifier for high-value cross-chain transactions.
Three weeks after the April 18 attack, the omnichain interoperability protocol admitted that its initial post-mortem failed to address the core concern raised by critics: that allowing a single verifier to secure hundreds of millions of dollars created a critical point of failure. In its first response, LayerZero maintained that the protocol had “functioned exactly as intended” and placed responsibility on Kelp DAO’s configuration choices.
In a new blog post published Friday and shared on X, LayerZero softened that stance, accepting that the system design was inadequate for transactions of that scale and conceding that its earlier explanation did not fully reflect what mattered most to users who lost funds.
The update also disclosed a previously unreported operational security lapse involving one of the company’s multisig signers, who used a production hardware wallet for a personal trade several years ago.
“We’ve done a terrible job on comms over the past three weeks,” the team wrote in the opening lines of the post, before adding that the company had wanted to lead with a comprehensive post-mortem but should have led with directness instead.
The directness, however overdue, arrives at what is arguably the worst possible moment for the protocol, with two of its largest integrators having already announced migrations to Chainlink’s CCIP, the rival cross-chain messaging standard.
At the same time, more than $700 million in tokenized bitcoin in the process of being moved off LayerZero’s rails entirely, even as the multi-party recovery effort set up to make affected users whole has had to lean on a contested governance vote from the Arbitrum DAO and a courtroom ruling on Friday simply to keep its funding pipeline intact.
What actually happened
According to the post, LayerZero’s internal RPC nodes, which the LayerZero Labs DVN relied on to read source-chain state, were compromised by North Korea’s Lazarus Group.
Attackers poisoned the data feeds on those nodes while simultaneously launching a DDoS attack against LayerZero’s external RPC providers, forcing the DVN to fall over to compromised infrastructure and attest to transactions that never actually occurred on the source chain.
The protocol had earlier attributed the attack to TraderTraitor, a Lazarus subgroup known for targeting crypto infrastructure.
LayerZero said the exploit impacted a single application, representing roughly 0.14% of total applications on the network and approximately 0.36% of the value of assets using the protocol. The team noted that more than $9 billion has moved across LayerZero since April 19.
The concession that matters
The most significant shift in the new post is LayerZero’s acknowledgement of its own role in the incident. “We believe developers should choose their own security configurations, but we made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions,” the company wrote. “We didn’t police what our DVN was securing, which created a risk we simply didn’t see. We own that.”
The framing matters because LayerZero’s initial incident statement had placed blame on Kelp DAO’s configuration, describing the 1-of-1 DVN setup as a decision made against guidance. Kelp DAO publicly disputed that account, citing LayerZero’s own documentation, quickstart guides, and developer examples as evidence that the single-verifier configuration was effectively the platform’s default onboarding path.
A Dune analysis cited by Kelp at the time found that 47% of roughly 2,665 active LayerZero OApp contracts were running the same configuration at the time of the attack.
A three-and-a-half-year-old multisig incident
The blog post also disclosed a previously unreported operational security incident. Roughly three and a half years ago, one of LayerZero’s multisig signers used their production hardware wallet to execute a personal trade, when they had intended to use a separate personal device.
“This is obviously not ok,” the team wrote. The signer was removed from the multisig, wallets were rotated, and the company added localized anomaly detection software to each signing device.
The disclosure lands amid ongoing scrutiny of LayerZero’s multisig operational security. Onchain researchers and Chainlink community liaison Zach Rynes had flagged evidence that production multisig keys had been used for unrelated DEX activity, including what appeared to be a swap for the memecoin McPepes on Uniswap. LayerZero CEO Bryan Pellegrino said the transactions were OFT testing by former signers who have since been removed from the multisig.
What LayerZero is changing
LayerZero outlined a series of changes already in motion:
The LayerZero Labs DVN no longer services 1/1 DVN configurations. Defaults on all pathways are being migrated to a 5/5 setup where possible, with a floor of 3/3 on chains where only three DVNs are available.
The team is also developing a second DVN client written in Rust for client diversity, and has reconfigured its RPC setup to allow DVNs to select granular quorums across internal, dedicated-external, and shared-external RPC providers.
On the signing side, LayerZero said it plans to raise its own multisig threshold from 3-of-5 to 7-of-10 across all chains where its custom-built multisig OneSig is supported. OneSig, introduced last year, allows signers to download transactions, then merklize and hash them locally before signing the root, preventing the backend from slipping in unauthorized transactions.
The team also said every OneSig signer has built a private security checker that runs on their specialised signing machine, with criteria kept private from the company and other signers to avoid a single point of compromise.
A new platform called Console is also in development, intended to give asset issuers a unified place to configure, deploy, and manage cross-chain security, with automated anomaly detection for unknown DVNs, ownership changes, block confirmation changes, and unsafe defaults.
Migrations and recovery pressure
The apology arrives at an awkward moment for LayerZero. Two major protocols have moved their cross-chain infrastructure off LayerZero in the weeks since the exploit, both citing security concerns and both migrating to Chainlink’s CCIP, the cross-chain interoperability protocol that requires 16 independent node operators to validate cross-chain transactions.
Kelp DAO announced its departure earlier this week, becoming the first major protocol to leave LayerZero following the hack. Solv Protocol followed shortly after, announcing the migration of more than $700 million in tokenized bitcoin off LayerZero infrastructure.
The DeFi United recovery initiative, formed in the immediate aftermath of the exploit, has raised more than $300 million in ETH and stablecoins. LayerZero contributed 10,000 ETH, split between a 5,000 ETH outright donation and a 5,000 ETH loan to Aave, the largest DeFi lending protocol, which faces an estimated $124 million to $230 million in bad debt tied to the incident.
The Arbitrum DAO voted to release 30,766 frozen ETH to the recovery effort, and a judge on Friday allowed the transfer to proceed despite a restraining notice filed by North Korea terrorism victims and creditors seeking to seize the funds.
What comes next
LayerZero said an official post-mortem will follow once its external security partners complete their review. In the meantime, the team is recommending that all applications pin their configurations rather than rely on defaults controlled by LayerZero Labs, set block confirmations high enough to make reorganisation effectively impossible, configure DVNs to include at least two parties (with three to five preferred), and consider running their own DVN as a required verifier.
Whether the directness of this apology is enough to slow the pace of migrations remains an open question. The protocol’s core architectural argument, that applications can fully own their security end-to-end, is not what’s being tested. What’s being tested is whether issuers trust the defaults and the team behind them. That’s a harder thing to rebuild.
Also Read: 40+ DeFi Protocols Shut Down in 2026: Inside the $770M Hack Crisis Reshaping Crypto
