Olivia
Online
Canuck
@ChainlinkV
Vancouver, Canada
Joined April 2020
939 Following
522 Followers
1.1K Posts
Pyth is not having a great year
Pythnet stopped producing blocks this morning, taking Pyth Core feeds offline for 4+ hours
Pyth’s “Oracle Integrity Staking” rewards were turned off earlier this year
Pythnet itself is being fully deprecated, replaced by a centralized signer operated by Douro Labs
That’s right, the whole “first party data publishers run the oracle nodes” model central to Pyth’s pitch is being killed
Pyth is pivoting to becoming just an unreliable, centralized data aggregator, how boring
After an extensive security review, @Lombard_Finance deprecates its legacy solution & is migrating to Chainlink CCIP to secure $1B+ in Bitcoin assets.
As Lombard’s exclusive cross-chain infra, CCIP is expanding the distribution of LBTC & BTC.b across all chains.
DeFi will win.
JUST IN: The U.S. Senate Banking Committee voted to advance the CLARITY Act to the Senate floor.
Following recent bridge exploits, Lido contributors are publishing the security principles behind wstETH’s multi-chain strategy, and why @chainlink CCIP was selected as the official cross-chain solution.
The analysis covers how Chainlink CCIP delivers strong decentralization, native safeguards, and issuer control as default protocol-level guarantees, which insulates wstETH from a number of attack vectors behind the Kelp / LayerZero exploit.
This decision was made last November by the Network Expansion Committee, with CCIP securing wstETH via 16 independent node operators, native rate limiting, and no vendor lock-in over token contracts.
Read the full breakdown from Lido contributors: https://t.co/OsoGnrM5UW
This new post from @LayerZero_Core directly contradicts Bryan's claim yesterday that the LayerZero Labs multisig signer who was trading the "McPepes" memecoin on Uniswap was just "testing the PEPE OFT integration"
Turns out that gaslighting doesn't work when people can check the chain and verify for themselves
Naturally, they attempt to minimize the issue by making it seem like this was a one time incident, involving only one signing key, and that the memecoin trader was quickly rotated off the multisig
In reality, the multisig signer attempted multiple memecoin trades over the span of a year and stayed on the multisig for nearly two years after the first memecoin trade, before finally being rotated off
Furthermore, there were actually 3 signing addresses that were engaged in non-multisig related activity (memecoin trading, DEX swaps, bridging, LP provisioning) on a 2-of-5 Gnosis Safe multisig
Billions of dollars in OFT value was exposed to the risk of being exploited by a multisig whose majority threshold of signers failed to practice even the most basic opsec and key isolation practices, FOR YEARS
This was not a one-time error oopsie, this was a complete disregard for opsec
--
Timeline of events of the LayerZero memecoin trader multisig signer:
March 1, 2023 - 0xf1f5E swaps 0.198548 ETH for 1,727,120 McPepes (PEPES)
December 21, 2023 - 0xf1f5E calls approve() for Uniswap on the McPepes ERC20 contract
April 20, 2024 - 0xf1f5E attempts to sell McPepes on Uniswap but the transaction reverts
January 27, 2025 - 0xf1f5E is finally rotated off LayerZero’s Gnosis Safe multisigs and signing threshold changed
--
More context in following tweets
We admitted nothing - that's what the lawyers told us.
it blew up in our face 💀
so now we "sincerely" apologize.
@matrixdock Are you fucking crazy using Layerzero? Upgrade all lanes to Chainlink.
Glad to see all the hard work that Chainlink has put into generating real security is being recognized as valuable by more and more teams in our industry. It seems that focusing on making the secure and reliable solution is what wins in an industry where securing value is a key feature of everyone's product.
We have seen the trend of low quality data oracles with poor security being switched out for Chainlink for many years now, with that trend continuing on a regular basis; https://t.co/LOcbYNfqnz
We are also now seeing the same dynamic in cross-chain connectivity/bridging, where providing security with actual decentralization, actual monitoring and actual private key security is increasingly valuable to both protocol teams and the users of their products.
It is much easier and often faster to cut corners and run a single node and call it a decentralized bridge, have no monitoring on those bridges and keep the extra profits from cutting these key security and reliability features, but that comes at the expense of your users systems going down e.g. due to one AWS zone outage, or your bridges getting hacked with one set of admin keys.
Chainlink's thesis as a technology, standard and community is to not cut these corners, but do what we can to raise the standards of our industry and provide reliable on-chain data, reliable cross-chain interoperability and now reliable off-chain to on-chain orchestration across all smart contracts on all chains.
In 4 days, 4 leading protocols with $3B+ combined TVL decommissioned their legacy oracles & bridges and are migrating to Chainlink.
⬡ @KelpDAO
⬡ @SolvProtocol
⬡ @re
⬡ @tydrohq
DeFi will win.
RT @SolvProtocol: After an extensive security review, we have decided to deprecate @LayerZero_Core bridges for SolvBTC and xSolvBTC, and mi…
NEW: @SolvProtocol is fully migrating to Chainlink CCIP as its official cross-chain infra for $700M+ in tokenized BTC.
After an extensive review, Solv is deprecating its legacy bridges and standardizing on CCIP as it provides the greatest cross-chain security.
DeFi will win.
TLDR on the KelpDao article on LayerZero:
1. The attack originated from inside LayerZero's core infrastructure, not RPC poisoning.
2. LayerZero Labs DVN and Nethermind DVN share a substantial ADMIN_ROLE set on-chain.
I cant comment on 1/ (although very scary if true)
However for 2/: I have taken a look at it personally since the exploit, and it is true:
LZ Labs DVN — 24 admins
Nethermind DVN — 17 admins
16 of those 17 Nethermind admins are also admins on the LZ Labs DVN — i.e. ~94% overlap. Anyone holding one of those 16 keys has admin power over both DVNs.
Contracts:
LZ DVN: 0x589dEDbD617e0CBcB916A9223F4d1300c294236b
Nethermind DVN: 0xa59bA433aC34D2927232918ef5b2eaafcf130bA5
SolvBTC current status: all LayerZero bridges remain paused. We won't be reinstating LayerZero bridges until at least a 4/4 setup is in place, and we won't be choosing both LayerZero and Nethermind DVNs at the same time.
New post from KelpDAO shines more light on the $292 million LayerZero $rsETH bridge exploit and confirms their migration to Chainlink CCIP
LayerZero has been deflecting blame onto Kelp, framing the incident as a KelpDAO "configuration" issue
The post lays out damning evidence showing how this narrative does not match reality
Kelp stated they followed LayerZero’s product documentation, default configurations, and direct guidance from the LayerZero team itself
Over 2.5 years and eight documented integration discussions, LayerZero reviewed Kelp’s configs, knew they were operating on 1-1 defaults, and never raised any objections or warnings
Kelp was not alone here, not even close
The 1-1 DVN setup that LayerZero now blames is exactly what their own OFT Quickstart guide and default config template ship out of the box
Public @Dune analysis shows 47% of OApp contracts run the same 1-1 setup, with 1,200+ OApps relying on it
Based on public data, in the past 90 days, the third most-used configuration was the 1-1 LayerZero Labs DVN with 100,000+ cross-chain messages
Countless OFTs have used a 1-1 DVN setup, including even after the April 18 rsETH bridge exploit as highlighted by @banteg: swell network, aethir, vana, initia bridge, lightlink, orderly network, nifty island, metastreet, and more
Several LayerZero-integrated blockchains (Dinari, Skale) STILL only support the LayerZero Labs DVN as the sole deployed DVN, per LZ docs, which left builders no option but 1-1 (until that config was blocked post hack)
Bryan publicly claimed 0% of apps used a 1-1 LZ DVN, while rsETH alone had ~$200M TVL on that exact setup
Kelp was not an edge case, they followed a very common LayerZero usage pattern
Kelp trusted the LayerZero Labs team, and their infra, which was ultimately infiltrated by North Korean hackers, which resulted in the $292 million rsETH bridge exploit
Rather than explain exactly how that breach happened, LayerZero team has only put out a statement carefully worded by lawyers to minimize their own liability and threw KelpDAO under the bus for trusting them
KelpDAO is now migrating from the LayerZero OFT standard to the Chainlink Cross-Chain Token (CCT) standard, where all rsETH cross-chain transfers will be secured by Chainlink CCIP
Rather than provide additional info on how and why LayerZero Labs' centralized infrastructure was infiltrated by North Korean (DPRK) hackers, which resulted in the $292M rsETH bridge exploit
Bryan decides throwing the user under the bus the first time wasn't good enough, they just had to do it again for good measure!
All for the crime of trusting the LayerZero Labs team and their infra, using a 1/1 config that ~50% of LZ OApps use (per @Dune), that the LZ Labs DVN supported (until it was blocked), and that the LZ Labs team monetized (DVN fees)
Why take responsibility, and therefore legal liability, over the exploit when finger pointing is just as good
👆👉👇👈
And nevermind the fact that there are multiple chains in the LZ docs where the LZ Labs DVN is the only one listed, and therefore the only possible config !
Why did the LZ Labs DVN support a 1/1 config up until now if it was such an obviously dangerous thing? Why isn't this config blocked at the protocol level if its always been so obviously bad?
People have been pointing out the massive centralization problem in the LayerZero ecosystem for YEARS now, including the 2/2 multisig Stargate bridge run by the LZ Labs team (does anyone genuinely think a 2/2 multisig bridge setup is really all that much better than 1/1?)
But only after the $292M bridge hack is such centralization now such an obvious risk, give me a break
Why should anyone integrate LayerZero, knowing they're going to be thrown under the bus as disposable meat the moment the LZ Labs fucks up and gets hacked by North Korea?
JUST IN: Bernstein forecasts $1,000,000,000,000 in prediction market volume by 2030
@LoganTGott Claude
Last Seen Users on Sotwe
Men In Bathroom
Seen from United States
Rica
Seen from Mexico
Culture of the Creek
Seen from Germany
ผู้ชายสายเงี้ยนนักล่าหีสาวแก่แม่หม้ายหีเด็ก
Seen from Thailand
Alimunawar
Seen from Malaysia
雌女教坊
Seen from Japan
Bokep hot
Seen from Saudi Arabia
Girlishboy raajni sissy
Seen from United Kingdom
Summer °‧⋆.ೃ࿔*:・
Seen from Israel
⭕️D _BKK ✨
Seen from Thailand
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers