News linked to both this project and an event.
LayerZero’s official tweet: LayerZero Labs has formally apologized for the security incident that occurred over the past three weeks and for insufficient communication. Regarding the incident, an internal RPC of LayerZero Labs was compromised by the North Korean hacking group Lazarus Group, contaminating the data sources for its Decentralized Verifier Nodes (DVNs). Concurrently, external RPC providers also suffered DDoS attacks. This incident affected a single application—0.14% of all applications—and involved assets valued at approximately 0.36% of LayerZero’s total assets. The LayerZero protocol itself remained unaffected; over $9 billion in assets continued to flow across chains normally following the incident. LayerZero Labs acknowledged that it previously permitted its DVNs to operate under a “1/1” single-node configuration to secure high-value transactions—a setup inherently vulnerable to single-point failure. LayerZero Labs accepts managerial oversight responsibility for this decision. Additionally, LayerZero disclosed that, three and a half years ago, one of its multi-signature signers had mistakenly used a multi-sig hardware wallet for personal transactions. That signer has since been removed, and the associated wallet has been rotated. As corrective measures, LayerZero Labs announced: - It has discontinued support for “1/1” DVN configurations; - It is migrating all paths to a default 5/5 multi-signature configuration, with a minimum threshold of 3/3; - It has developed a second DVN client written in Rust to ensure client diversity.
SlowMist CISO 23pds (@im23pds) disclosed that the Bitwarden CLI version 2026.4.0 was subjected to a Checkmarx supply-chain attack between 17:57 and 19:30 ET on April 22. During this window, attackers abused a GitHub Action within Bitwarden’s CI/CD pipeline to briefly distribute a malicious package via npm. The official statement confirmed that Vault data was not compromised and production systems remained unaffected; only users who installed this specific version via npm during the aforementioned time window were impacted. Affected users are advised to immediately uninstall version 2026.4.0, clear their npm cache, rotate sensitive credentials—including API tokens and SSH keys—investigate anomalous activity in GitHub and CI environments, and upgrade to the patched version 2026.4.1.
According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.