News linked to both this project and an event.
Agora, an automated testing framework jointly developed by 0G Labs and research teams from the National University of Singapore, Peking University, and Beijing University of Posts and Telecommunications, has been accepted to ICML 2026. Agora is the first framework to deeply integrate domain-specific knowledge from distributed systems with a multi-agent collaborative architecture for automated vulnerability detection in production-grade consensus protocols. According to the paper, Agora has uncovered 15 previously unknown deep logic bugs (“Deep Bugs”) across mainstream consensus protocols—including Raft, EPaxos, HotStuff, and BullShark—spanning critical security issues such as execution divergence, monotonicity violations, topology flaws, and signature verification failures. Experimental results show that leading large language models—including GPT-5.2 and Claude 4.5—failed to detect any protocol-level vulnerabilities under identical test scenarios. Agora employs hypothesis-driven testing and a multi-agent collaboration mechanism, enabling deep security analysis of complex distributed systems through automated attack-scenario generation, test execution, and dynamic refinement. Beyond consensus protocols, the framework is designed for future extension to domains including database concurrency control, operating system kernels, and Web3 smart contract auditing.
SUPERFORTUNE AI posted on X platform, stating that the team is investigating a GUA security incident that occurred on May 27. The incident led to drastic price fluctuations in the token. Preliminary investigations suggest the incident may involve address tampering during a multi-signature transaction.The announcement states that the original plan was to send additionally unlocked tokens to the airdrop claim contract address. However, during execution, the funds were mistakenly sent to a different hacker address. The team noted that this hacker address had never interacted with any SUPERFORTUNE-related addresses before, making an "address poisoning attack" less likely as the attack vector.Furthermore, SUPERFORTUNE stated that its internal processes include a multi-layered address verification mechanism. The team is continuing its investigation into the incident and will update the community on the latest developments subsequently.
LayerZero Labs posted on platform X, stating that the internal RPC used by LayerZero Labs had been attacked by the Lazarus Group over the past three weeks, compromising the true source of its DVN (Decentralized Verifier Network). Meanwhile, external RPC providers experienced DDoS attacks. The incident affected 0.14% of applications and approximately 0.36% of asset value. LayerZero Labs stated that assets are currently secure, and over $9 billion in funds have been bridged through the protocol since April 19.In response to the security risk, LayerZero Labs has ceased providing services for its DVN in a 1/1 configuration. Default configurations for all pathways will migrate to a multi-DVN model of at least 3/3 or 5/5 signatures. Additionally, regarding an incident from three years ago where a multi-sig holder mistakenly used a hardware wallet for personal transactions, LayerZero Labs has removed that signer and replaced the wallet, while developing a custom OneSig multi-sig system. LayerZero Labs advises developers to lock configurations to avoid reliance on default settings and plans to launch an asset management platform, Console, to enhance security monitoring.
Axelar Network stated that the hacker attack and theft of funds undermine users’ overall trust in blockchain systems and slow down the adoption of the global ledger it envisions. Axelar expressed its support for the LayerZero team in navigating this difficult situation and rebuilding trust. Regarding this approximately $290 million attack, Axelar emphasized that—pending final forensic findings—the incident once again highlights the need for multi-layered security in cross-chain bridge construction. This includes ensuring operational security for bridge operators, validators, and validating nodes; providing proper incentives and training; and removing validators whose technical capabilities are not adequately demonstrated. Additionally, operators must be sufficiently numerous, structurally heterogeneous, diverse, and geographically distributed to prevent ultimate control by a single entity.
According to GlobeNewswire, eToro, a trading and investment platform, announced it has signed an agreement to acquire Zengo, a leading self-custodial crypto wallet provider. This acquisition aims to deepen eToro’s digital asset capabilities and accelerate its strategic initiative to bridge traditional finance with on-chain infrastructure. Founded in 2018, Zengo builds its keyless wallet architecture on Multi-Party Computation (MPC) cryptographic technology. It currently serves over 2 million users across more than 180 countries and regions, and has never experienced a wallet breach since its inception. Following the acquisition, eToro will leverage Zengo’s technological expertise to further support decentralized trading use cases—including tokenized assets, prediction markets, and perpetual contracts. The transaction is subject to customary closing conditions.