LayerZero said a Lazarus Group-linked attack and DDoS disrupted one app tied to the Kelp DAO exploit, and acknowledged fault for relying on a single-verifier setup now being replaced with multi-DVN verification.
LayerZero Labs apologized over both its handling of the Kelp DAO exploit response and a security incident it said involved a Lazarus Group attack on its internal RPC plus a DDoS on an external RPC provider. The company said the disruption affected one app, about 0.14% of LayerZero apps and 0.36% of asset value, while user assets remained safe. LayerZero also acknowledged fault for relying on a single-verifier setup, describing it as a security weakness, and said it will end its 1/1 DVN service in favor of default routes using at least 3/3 or 5/5 multi-DVN verification. According to LayerZero, more than $9 billion has crossed the protocol since April 19.