BlockBeats News, May 9: LayerZero Labs officially issued a belated apology for the security incidents of the past three weeks, acknowledging its lack of communication and revealing that its DVN's internal RPC endpoint was compromised by the North Korean-linked hacker group Lazarus Group, resulting in data corruption, while an external RPC provider suffered a DDoS attack. Although the LayerZero core protocol itself was not affected, LayerZero admitted that allowing its in-house DVN to operate in a 1/1 single-validator mode for high-value transactions was a serious mistake. This incident only affected one application, which accounts for 0.14% of the total network applications and 0.36% of asset value.

LayerZero emphasized that its protocol's design philosophy is to eliminate single points of failure, allowing each application to independently control end-to-end security without relying on LayerZero Labs. This is also a key reason why the protocol is widely adopted by large asset issuers. LayerZero recommended that developers immediately fix their configurations, increase block confirmations, and configure at least 2-5 DVNs, preferably running their own DVNs and setting them as mandatory validators. In the future, LayerZero Labs will no longer support 1/1 DVN configurations, defaulting to migrate to 3/3 or 5/5 configurations, develop a new Rust client, introduce the OneSig multisig system, and the Console unified management platform to help developers strengthen security practices.