LayerZero Labs released a detailed public apology Friday, admitting poor communication and operational security lapses involving its production multisig keys. The company acknowledged that internal RPCs used by its DVN were compromised by the Lazarus Group while an external RPC provider suffered a simultaneous DDoS attack.
- LayerZero Labs issues a formal apology on May 8, 2026, admitting production multisig lapses and Lazarus Group compromise of internal RPCs.
- The protocol removes 1/1 DVN configurations for $9 billion in volume, mandating a minimum of three participants for high-value transfers.
- Chainlink CEO Zach Rynes cites on-chain evidence proving production keys traded McPepes memecoins for years, contradicting the LayerZero Labs narrative.
LayerZero also confirmed that its own DVN acted as a 1/1 configuration for high-value transactions, creating a single point of failure. The company stated it will no longer allow 1/1 DVN setups and is migrating defaults to multi-DVN configurations with at least three participants.
LayerZero Admits Past Multisig Misuse
In the same post LayerZero addressed the meme coin trading controversy. The company revealed that three and a half years ago one multisig signer used a hardware wallet intended for personal trading on the production multisig. The signer was removed, wallets were rotated and LayerZero introduced a custom multisig called OneSig with enhanced anomaly detection.
The protocol itself remained unaffected according to LayerZero. The company emphasized that properly configured applications have full end-to-end security ownership and do not rely on LayerZero Labs.
Chainlink CEO Pushes Back On Narrative
Chainlink community liason Zach Rynes responded quickly to the LayerZero post. He argued that the new statement contradicts earlier claims by CEO Bryan Pellegrino that the multisig activity was simply testing PEPE’s OFT integration. Rynes posted on-chain evidence showing the signer engaged in multiple memecoin trades over the span of a year.
Genuine News Deserves Honest Attention.
High-conviction projects require an intelligent audience. Connect with readers who value sharp reporting.
👉 Submit Your PRRynes detailed that the signer remained on the multisig for nearly two years after the first McPepes trade. He also noted that three different signing addresses performed non-multisig activity including DEX swaps, bridging, and LP provisioning on a 2-of-5 Gnosis Safe. Billions of dollars in OFT value were exposed to these risks for years according to Rynes.
Impact And Ongoing Fallout
The controversy centers on the LayerZero Labs DVN and default configurations. Critics argue that applications using defaults placed excessive trust in LayerZero Labs infrastructure. LayerZero responded by recommending developers pin configurations, increase block confirmations, and use multiple DVNs
.The incident follows the recent rsETH exploit on LayerZero and renewed questions about the protocol’s security model. LayerZero stated that more than $9 billion has moved across the protocol since April 19 with no other applications affected.
Chain Street’s Take
LayerZero’s admission of the 1/1 DVN flaw and the wallet mix-up matters. It is rare to see a major protocol admit to such basic opsec failures.
The Rynes rebuttal changes the stakes. The on-chain data makes the isolated incident excuse look thin. It shows a pattern of multiple signers using production keys for personal trades over a long period. The gap between the blog post and the ledger hurts.
Users who stuck with default settings learned a hard lesson. Infrastructure protocols often prioritize convenience over safety until something breaks. LayerZero says OneSig and new DVN policies will fix the culture. The industry is watching the implementation, not the apology. Operational transparency counts more than a post-mortem.
Activate Intelligence Layer
Institutional-grade structural analysis for this article.
