LayerZero acknowledged it mistakenly allowed a 1/1 DVN configuration that enabled a $292 million exploit tied to North Korean attackers. The firm says its core protocol was not compromised and attributes the attack to internal RPC infrastructure compromise plus DDoS on external RPCs. LayerZero will ban 1/1 DVNs, migrate defaults to 5/5 (or at least 3/3 where only three DVNs exist), removed a historically misused multisig signer, rotated wallets, added device anomaly detection and built a custom multisig (OneSig). Competitors are picking up clients: Kelp moved its rsETH bridge to Chainlink and Solv Protocol is migrating over $700M in tokenized-Bitcoin infrastructure away from LayerZero.

LayerZero admitted it 'made a mistake' by allowing a 1/1 DVN that facilitated a $292M hack (attributed to North Korean attackers), is changing defaults to stronger 5/5 or 3/3 multisigs, disclosed internal RPC compromise and DDoS vectors, removed a misused multisig signer, rotated wallets and built OneSig, while clients (Kelp, Solv) are moving large assets (rsETH, >$700M) to competitors — facts that reduce confidence and cause client migration.