The cross-chain communication protocol Layerzero Labs disclosed on Friday that its internal infrastructure was compromised by North Korean hackers and a simultaneous DDoS attack during the KelpDAO breach.
Key Takeaways:
Lazarus Group attacked Layerzero Labs internal RPCs and poisoned data sources in order to attack the KelpDAO DeFi project.The security breach impacted 0.14% of applications and roughly 0.36% of asset value associated with Layerzero.Layerzero Labs is migrating all defaults to a 5/5 DVN setup to improve cross-chain security.To rectify this, the lab is now educating developers on safe configurations and will no longer service 1/1 DVN setups. The disclosure also addressed a bizarre security lapse involving a multisig signer. Three and a half years ago, an individual mistakenly used a multisig hardware wallet for a personal trade.
The signer has since been removed, and the firm has implemented a custom-built multisig solution dubbed “Onesig.” Onesig is designed to prevent unauthorized backend transactions by hashing and merklizing transactions locally on the user’s side. Layerzero noted that it is also increasing its multisig threshold from 3/5 to 7/10 across all chains where Onesig is supported.
The architecture has facilitated over $260 billion in total transfers to date, according to the blog post. Moving forward, Layerzero recommends that developers pin their configurations instead of relying on defaults. The team also suggests setting block confirmations to levels where reorganizations are nearly impossible.
The team is currently developing a second DVN client written in Rust to foster client diversity. Additional upgrades include a more robust RPC quorum configuration. This, Layerzero detailed, allows DVNs to select granular quorums across internal and external providers. The team is also launching “Console,” a unified platform for asset issuers to manage security and monitor for anomalies.
