LayerZero RPC Compromised in Lazarus Group Attack

Severity: Medium (Score: 58.0)

Sources: Chaincatcher, Bitget

Summary

LayerZero Labs reported that its internal RPC was attacked by the Lazarus Group over the past three weeks, compromising the source of its Decentralized Verification Network (DVN). External RPC providers also faced DDOS attacks. The incident affected 0.14% of applications and approximately 0.36% of asset value, but LayerZero Labs confirmed that asset security remains intact. Since April 19, over $9 billion has been transferred across chains using the protocol. In response to the security risks, LayerZero Labs has ceased services for its DVN in a 1/1 configuration, migrating all channels to at least a 3/3 or 5/5 multi-DVN model. Additionally, they have removed a multisig signer involved in a previous incident and developed a custom OneSig multisig system. Developers are advised to lock configurations to avoid default settings, and an asset management platform called Console is in development to enhance security monitoring. Key Points: • LayerZero Labs' internal RPC was compromised by the Lazarus Group. • The attack affected 0.14% of applications and 0.36% of asset value. • LayerZero Labs has transitioned to more secure multi-DVN configurations.

Key Entities

• Lazarus Group (apt_group)
• DDoS (attack_type)
• LayerZero Labs (company)
• X (company)