Bellamy ⚡

This case is not a failure of LayerZero, but a failure to properly understand the trust model. - @LayerZero_Labs allows each application to define who and how many DVNs they trust - @KelpDAO chose the lowest trust diversity with the highest risk: relying on a single source ➡️ When all trust is concentrated in one point, the system is no longer truly decentralized, but effectively centralized with a decentralized facade.

layerzero is fragility at scale. go visit sekuba.github.io/dvnstats/ by @sekubalias to understand why we need to fight this interoperability model

OneKey Founder Yishi on Handling the KelpDAO Hack 1, Best case: negotiate with the hacker and offer a 10-15% bounty. 2, If talks fail, let the LayerZero ecosystem fund cover most of the loss. 3, KelpDAO is the weakest; compensate with tokens + future revenue, or sell the whole project to L0 or BMNR. 4, Aave’s Umbrella and stkAAVE serve as the final backstop, but WETH depositors must not take any haircut — otherwise it would trigger repricing across Morpho, Spark, Fluid, Euler, blacklist the LRT sector, and set DeFi back by years. 5, He believes Aave can survive this. x.com/ohyishi/status…

.@LayerZero_Core’s marketing is so incredibly misleading at times, it’s absurd Take their “Decentralized Verifier Networks (DVNs)” for example DVNs are the infrastructure responsible for validating cross-chain transactions in the LayerZero ecosystem By the name, you would assume a DVN by definition is a decentralized network of node operators, right? Well no, in most instances the term “DVN” actually refers to a centralized company (a single node operator) Take their most popular DVN for example, which by default is used by most projects and therefore their associated volume in the LayerZero ecosystem It’s the “LayerZero DVN”, a centralized node run by the LayerZero Labs team themselves Not decentralized, but still called a decentralized network anyways, pretty continent security theater marketing Imagine you’re a user and you’re told a dApp’s cross-chain interactions are secured by the “LayerZero Decentralized Verifier Network” What impression is the user supposed to get from that other than thinking it’s a decentralized network and not a single centralized node? Now some may try to explain away this terminology by saying that a DVN could theoretically be decentralized in some circumstances But looking at the official list of all the DVNs in their docs, almost every single DVN is just a centralized team/company And the ones that aren’t, are often just a wrapper around another protocol that’s actually attempting to solve the cross-chain problem in a decentralized manner like CCIP or Axelar that can be used without the LayerZero framework Some may also argue that you’re supposed to compose multiple DVNs together in order to make it decentralized But (1) that doesn’t justify calling infra run by a centralized company a decentralized network and (2) the default path that most projects take is to use the centralized LayerZero Labs DVN given its chain support over other DVNs Even their flagship bridge @StargateFinance only uses a whopping 2 DVNs (one of which is the team themselves) This fantasy of projects composing networks out of DVNs just isn’t what we see in reality in the majority of situations Most devs simply do not any to deal with the massive security-sensitive problem of managing, configuring, securing, or running cross-chain infrastructure, they just want something that works Centralization runs rampant in the LayerZero ecosystem but the terminology may make you think otherwise