According to PANews, LayerZero Labs’ default library contract upgrade mechanism poses risks to over $3 billion in LZ OFT on May 8, with $178 million currently exposed to projects still using the default configuration. Security researcher Banteg flagged that the contract lacks time restrictions, allowing LayerZero Labs to immediately upgrade it and forge messages, similar to the rsETH hack. On-chain data revealed that LayerZero Labs’ multisig signers participated in meme token trades, DEX swaps, and cross-chain bridge transactions, indicating production environment private keys were connected to external websites, increasing phishing risks. CEO Bryan Pellegrino confirmed the transactions were conducted by multisig team members, describing them as testing PEPE on the LZ OFT token standard rather than meme coin trading, and stated the involved members have been removed.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Wasabi Protocol Suffers $5.7M Loss to Spring Boot Actuator Misconfiguration on May 9
Wasabi Protocol disclosed a security incident today (May 9) in which attackers exploited a Spring Boot Actuator misconfiguration in its AWS infrastructure to steal private keys controlling EVM smart contracts. The breach resulted in approximately $4.8 million in user funds and $900,000 in protocol r
GateNews1h ago
Crypto Wrench Attacks Surge 41% in 2026, $101M Lost in First Four Months as Family Members Increasingly Targeted
According to CertiK, crypto wrench attacks have resulted in approximately $101 million in losses during the first four months of 2026, with 34 verified incidents globally representing a 41% increase from the same period in 2025. If the trend continues, the firm estimates hundreds of millions of
GateNews4h ago
Philippine Central Bank Warns Against Trading With Unauthorized VASPs on May 9
According to BusinessWorld, the Philippine central bank warned the public on May 9 against trading with unauthorized virtual asset service providers (VASPs), citing risks of fraud, security breaches, and operational failures that could result in fund loss. The central bank identified additional risk
GateNews7h ago
Lazarus Hides Malware Loaders in Git Hooks During Developer-Targeting Attacks on May 9
According to OpenSourceMalware research, North Korean hacking group Lazarus hid second-stage loaders in Git Hooks pre-commit scripts during developer-targeting attacks on May 9. The group used the technique in campaigns including 'Infectious Interview,' where it posed as cryptocurrency and DeFi
GateNews7h ago
Scammers Impersonate Iranian Authorities, Demand Cryptocurrency for Hormuz Strait Passage on April 21
According to MARISKS, a Greek maritime risk management company, unidentified individuals impersonating Iranian authorities sent messages to shipping companies on April 21 demanding cryptocurrency payments for safe passage through the Hormuz Strait. The company confirmed these messages are
GateNews7h ago
A former Navy captain in Singapore stole 1.7 million USDT and was sentenced to six years and ten months in prison
According to a report by The Straits Times on May 9, Singapore’s National Court judge Wang Qinru made a ruling on May 8 in the case of the defendant, Zhang Rongxuan (35, phonetic transliteration), sentencing him to six years and ten months in prison. Zhang Rongxuan, a former captain in the Naval Diving Unit’s elite diving unit, was found to have, while a friend was out, entered the apartment, photographed the cold wallet seed phrases, and later stole 1.7 million USDT held by the friend. Criminal
MarketWhisper8h ago
