A new report published by a Dune Analytics researcher has found that nearly half of all active Omnichain Applications (OApps) on the LayerZero protocol are utilizing the lowest possible security configuration, leaving a significant portion of the ecosystem exposed to potential exploits. The analysis of 2,665 OApps revealed that 47 percent—or 1,252 projects—are operating with a 1-of-1 Decentralized Verifier Network (DVN) setting.
"This configuration means that a single compromised verifier could lead to a complete loss of funds for these applications," the Dune report stated, highlighting the concentration of risk. The analysis pointed out that among the projects using the minimal security setting is KelpDAO's rsETH contract, which was the victim of a previous hack.
The data shows a heavy reliance on the most basic security option offered by LayerZero, where a single entity is responsible for validating cross-chain messages. This setup, while simpler and cheaper for developers to implement, forgoes the benefits of a multi-verifier system that would require consensus from several independent parties before executing a transaction, thereby providing greater security.
The revelations could trigger a flight of liquidity from the identified OApps as users reassess the risk of their deployed assets. The report may also pressure the LayerZero team to mandate more robust default security configurations for projects building on its infrastructure, a move that could increase operational costs for smaller OApps but would significantly bolster the security of the ecosystem as a whole. The long-term impact on the valuation of tokens within the LayerZero ecosystem remains to be seen as the market digests the full implications of the report.
This article is for informational purposes only and does not constitute investment advice.
