LayerZero says it ‘made a mistake’ in $292 Million Kelp exploit

LayerZero Labs has publicly apologized for its role in a $292 million exploit involving Kelp DAO, marking a significant shift from its previous stance of blaming the developer for configuration failures. The company admitted it made a mistake by allowing its own decentralized verifier network (DVN) to operate in a vulnerable "1-of-1" configuration for high-value transfers, which facilitated the attack. In response, LayerZero is mandating stricter multi-signature requirements for its DVN and has removed a signer from its internal multisig following a separate security policy breach. Despite the admission, LayerZero maintains that its core protocol was not compromised, though the incident has led some partners to migrate their infrastructure to competing providers like Chainlink.

(Source：CoinDesk)