LayerZero is alleged to have risks in its default library contract, affecting some projects
According to a post by crypto KOL Fishy Catfish, LayerZero Labs co‑founder Bryan Pellegrino and security researchers debated safety issues in the ETHSecurity Community group.
The controversy centers on: LayerZero Labs can instantly upgrade the default library contract without a timelock, theoretically introducing a risk of forged messages; researcher Banteg pointed out that projects such as Ethena, EtherFi were still using this default library, and currently about $178 million worth of assets are exposed to related risks.
In addition, on‑chain data shows that LayerZero multisig signers have performed DEX trades, cross‑chain bridging, and other operations.
Bryan responded that the actions were team members testing PEPE under the LZ OFT standard, not meme‑coin trading, and the involved member has been removed. He also recommended that projects switch to a fixed configuration to reduce risk.
Pepe PEPE Price History USD
Own PEPE Now
Buy and sell PEPE easily and securely on BitMart.
Заработать
Даже незадействованная криптовалюта может приносить пассивный доход! Пользуйтесь сбережениями, услугами стейкинга и другими преимуществами.
Pepe Инсайт из X
97.2K @PANews 
14.9K @CatfishFishy Earlier today, a heated debate broke out in the ETHSecurity Community Telegram between LayerZero’s Bryan and security researchers.
TLDR summary:
- Over $3 billion worth of LZ OFTs were recently at risk of being compromised due to a default library contract that LZ Labs could upgrade instantly with no timelock, allowing message forgery (similar to the rsETH hack).
- According to Banteg, major projects like Ethena and EtherFi were still using this default library contract a few weeks ago.
- About $178 million in value remains exposed to compromise from projects using the default library (see quoted tweet).
- LZ Labs does not need to be malicious for this risk to exist; they have a history of poor operational security (and have even been hacked by North Korean actors).
- On‑chain data shows LZ Labs multisig signers engaging in non‑multisig activities such as trading memecoins, swapping on DEXs, and bridging. These actions create major phishing risks because production multisig keys are connected to websites, not just used for signing.
- L
1
0
1.6K
55.6K @BR4ted gm, NFTs are inevitable https://t.co/TGdDG6j32O
246
151
3.4K
99.0K @Bitcoinmeraklsi #PEPE
Current view.
Friends, $PEPE broke both the downtrend and the horizontal resistance and also managed to hold above it.
I don't know what it's still waiting for to rise, but there's no serious obstacle ahead.
When the rise starts, the levels I indicated on the chart will become sequential short-term targets.
Keep an eye on it.
99.0K @Bitcoinmeraklsi #PEPE
Current view.
Friends, $PEPE has crossed the critical threshold. ⚡️
✅ The downtrend from September has been broken
✅ The $0.00000404 resistance has been surpassed
✅ A daily close has occurred above it
So the breakout has now started to get confirmation. 👀
Currently, from a technical standpoint, the path ahead looks quite open.
Keep an eye on it.
274
16
19.5K