LayerZero

General Updated Jul 2026

What is LayerZero?

LayerZero is an omnichain messaging protocol that allows smart contracts on different blockchains to communicate with each other. It is not a bridge in the traditional sense — it is a messaging layer that applications use to build bridges, cross-chain swaps, and omnichain token transfers.

As of 2026, LayerZero connects over 100 blockchains and powers cross-chain infrastructure for major protocols including Stargate, Kelp DAO, and PancakeSwap.

How LayerZero Works

LayerZero relies on two independent components to verify cross-chain messages:

  1. Oracle — reports the block header from the source chain (Ultra Light Node)
  2. DVN (Decentralized Verifier Network) — confirms the transaction occurred on the source chain

A message is only delivered when both the Oracle and DVN confirm the source chain state. The receiving chain’s Endpoint contract executes the message only after both confirmations.

Source chain → Oracle confirms block header + DVN confirms transaction → LayerZero Endpoint on destination chain delivers the message → Application receives it

The DVN Security Model

DVNs are the critical trust assumption in LayerZero. Each application configures its own DVN set:

  • High security: Multiple independent DVNs, all must confirm (e.g., 3-of-3)
  • Balanced: Multiple DVNs, threshold required (e.g., 2-of-3)
  • Low security / fast: Single DVN (1-of-1) — minimal delay, minimal trust

The security of the entire system depends on how the application configures its DVN set.

The Kelp DAO Exploit (April 2026)

The largest DeFi hack of 2026 exploited LayerZero’s messaging layer — but the vulnerability was in Kelp DAO’s configuration, not LayerZero itself.

What Happened

  1. Kelp DAO configured their rsETH bridge with a 1-of-1 DVN — a single signer
  2. Attackers (attributed to DPRK’s Lazarus Group) compromised that single signer
  3. With the single DVN key, they forged a cross-chain message claiming rsETH was deposited
  4. The forged message passed both Oracle and DVN checks (because they controlled the DVN)
  5. The destination chain minted 116,500 unbacked rsETH (~$292M)
  6. Attackers redeemed the fake rsETH for WETH from Aave

$292 million gone in 46 minutes — because one signer was compromised on a 1-of-1 DVN.

Root Cause

Not a smart contract bug. Not a LayerZero protocol bug. A configuration error — Kelp DAO chose convenience over security by using a single-signer DVN instead of a multi-party threshold.

Lessons for LayerZero Integrators

PracticeWhy
Multi-party DVNNever use 1-of-1 — minimum 2-of-3 with independent signers
Hardware-secured DVN keysDVN signers should be HSM-backed, not hot wallets
Message-level validationApplications should validate message content, not just trust the delivery
Circuit breakersPause bridges when anomalous mint volumes are detected
Regular DVN auditsVerify the DVN set hasn’t been silently modified

LayerZero V2 Changes

After the Kelp DAO exploit, LayerZero V2 (mid-2026) introduced:

  • Default DVN security requirements (rejects 1-of-1 configurations)
  • On-chain DVN configuration transparency dashboards
  • Mandatory timelock for DVN set changes
  • Integration with LayerZero’s native security stack

Frequently Asked Questions

Q: Is LayerZero safe to use? A: LayerZero’s core protocol is well-audited. The risk is in how each application configures its Oracle/DVN set. Always check the application’s security configuration before trusting a LayerZero-powered bridge.

Q: What is a DVN? A: A Decentralized Verifier Network — a group of independent entities that confirm cross-chain messages. Think of them as the “validators” of LayerZero’s messaging layer.