Zach Rynes | CLG|5月 20, 2026 16:11
New post mortem confirms what we already knew: @LayerZero_Labs' centralized infrastructure was infiltrated by North Korean hackers, which resulted in the $292 million rsETH bridge exploit
Turns out this required only a single engineer to be socially engineered, whose laptop was fully compromised for over 6 weeks without detection before exploit was executed, an insane single point of failure and lack of adequate monitoring
This only builds on LZ Labs' extensive history of poor opsec, including trading memecoins like "McPepes" on production multisig keys, which weren't rotated for years and Bryan lied about and said was just "PEPE OFT testing" (3 keys on a 2-of-5 LZ Labs multisig were at risk of phishing attacks for years)
And nevermind the fact I called out the EXACT centralization risk that resulted in the rsETH exploit 2 years ago, directly to Bryan, who lied and said no project was using LZ Labs DVN in 1-1 config (in reality, multiple projects were)
Given it's now abundantly clear to anyone paying attention that LZ Labs' poor opsec was the root cause vulnerability in this situation, but its not clear to me why exactly LZ Labs is not footing the entire bill of the exploit given it was their infra that was compromised, which was used in a config they actively supported and monetized for years
Furthermore, LayerZero's extensive roster of VC backers have been awfully quiet during this whole incident, not contributing a single dime to the rsETH recovery fund, despite funneling more than $300 million in funding into the infra that was compromised, including a raise just a few months prior
I don't want to belabor the same points again, but I am so fucking tired of pointing out the risks of centralized, insecure VC-slop infra only to watch it inevitably get hacked and destroy DeFi’s reputation in the process
This entire situation could’ve been avoided if people had just listened to the warnings that I and many independent security researchers have shared over the years about LayerZero
We, as an industry, can do much better, I'm glad to see high quality teams migrate to secure-by-default infra(Zach Rynes | CLG)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink