LayerZero: Multi-signature security mechanism has been updated

Odaily Planet Daily News reports that LayerZero Labs posted on the X platform stating that the internal RPC used by LayerZero Labs had been attacked by the Lazarus Group over the past three weeks, causing damage to the actual source of its DVN (Decentralized Validation Network), while external RPC providers were also hit by DDoS attacks. The incident affected 0.14% of applications and approximately 0.36% of the value of assets. LayerZero Labs said that assets are currently secure, and since April 19, more than $9 billion in funds have been transferred across chains via the protocol.

In response to the security risks, LayerZero Labs has stopped providing DVN services for a 1/1 configuration, and all default routing configurations will be migrated to at least a 3/3 or 5/5 multi-DVN mode. In addition, regarding the incident three years ago in which multi-signature holders mistakenly used hardware wallets for personal transactions, LayerZero Labs has removed that signer and replaced the wallet, and has also developed a custom multi-signature system called OneSig. LayerZero Labs recommends that developers lock their configurations to avoid relying on default settings, and plans to launch an asset management platform, Console, to strengthen security monitoring.