LayerZero Labs has admitted it made a critical security mistake by allowing its decentralized verifier network [DVN] to operate in a 1/1 configuration for high-value applications, as several protocols continue migrating away from its infrastructure following April’s rsETH exploit.
In a lengthy statement published on 8 May, the company apologized for its communication around the incident. Also, it acknowledged that its own internal RPC infrastructure used by the LayerZero Labs DVN was compromised during the attack.
“We made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions,” the company said. “We didn’t police what our DVN was securing, which created a risk we simply didn’t see.”
The comments mark LayerZero’s clearest concession yet after weeks of criticism from protocols and security researchers following the roughly $292 million rsETH exploit linked to KelpDAO’s LayerZero bridge infrastructure.
LayerZero confirms RPC poisoning attack
According to the statement, attackers linked to North Korea’s Lazarus Group compromised internal RPC infrastructure used by the LayerZero Labs DVN. They also launched simultaneous DDoS attacks against external RPC providers.
LayerZero maintained that its core protocol remained unaffected throughout the incident.
The company argued that developers ultimately control their own security assumptions on LayerZero. However, it admitted that allowing 1/1 DVN configurations for production assets created unacceptable risks.
LayerZero also confirmed that its DVN no longer supports 1/1 configurations. The company said all default pathways are now moving toward 5/5 or minimum 3/3 verification setups where possible.
Protocols managing over $1B migrate to Chainlink CCIP
The fallout has already started reshaping bridge preferences across the industry.
KelpDAO became the first major protocol to announce a migration away from LayerZero. It said it would move rsETH cross-chain infrastructure to Chainlink CCIP after publicly blaming LayerZero infrastructure for the exploit.
Since then, other projects have followed.
Solv Protocol said it would migrate more than $700 million in tokenized Bitcoin infrastructure away from LayerZero to Chainlink CCIP after conducting a security review.
Meanwhile, Re Protocol, an onchain reinsurance platform with more than $475 million in total value locked, also announced plans to move reUSD cross-chain transfers exclusively to Chainlink CCIP.
The migrations suggest that bridge security architecture is becoming a major competitive battleground following the exploit.
Bridge security debate intensifies
The broader dispute has evolved beyond a single exploit.
Protocols, infrastructure providers, and security researchers are now openly debating how cross-chain systems should balance flexibility, decentralization, and operational security.
For years, bridge competition focused largely on speed and interoperability. The recent migration wave suggests protocols now place far greater emphasis on verification models, infrastructure isolation, and fault-domain separation.
Final Summary
- LayerZero admitted its 1/1 DVN setup for high-value assets created risks it failed to anticipate.
- Multiple protocols managing over $1B in infrastructure have since migrated toward Chainlink CCIP.