LayerZero apologizes: Acknowledges DVN single verification as a serious mistake and plans to implement multiple security upgrades

ME News report: May 9 (UTC+8). LayerZero Labs’ official late apology statement regarding security incidents that occurred over the past three weeks acknowledged improper communication and said that its DVN internal RPC endpoint was compromised by the North Korea-linked hacker group Lazarus Group, resulting in contaminated data sources. At the same time, external RPC providers were hit by DDoS attacks. While LayerZero’s core protocol was not affected, it acknowledged that allowing single-validator mode for high-value transactions was a major blunder. The incident impacted 0.14% of the total number of applications on the network and 0.36% of asset value. LayerZero emphasized that its protocol design avoids single points of failure, with each application independently securing safety. LayerZero recommends that developers lock in configurations, increase the number of block confirmations, use at least 2–5 DVNs, run their own DVNs, and set them as required validators. In the future, it will stop using 1/1 DVN configurations and switch to 3/3 or 5/5 setups, develop a new Rust client, launch the OneSig multisignature system and the Console management platform, and further enhance security. (Source: MLion)