Home Operating Assets LayerZero Says $2.1M Wallet Moves Were Routine Inventory Operations
Operating Assets

LayerZero Says $2.1M Wallet Moves Were Routine Inventory Operations

Share



Correction, July 15, 2026: An earlier version described the wallet movements as a suspected compromise and referred to the transferred assets as stolen funds. LayerZero later confirmed that the transactions were standard inventory operations, no breach occurred and no user funds were at risk. The headline and article have been corrected.

LayerZero Rejects Executor Wallet Breach Claims

LayerZero classified the $2.1 million in cross-chain wallet movements previously flagged as a possible Executor compromise as standard inventory operations rather than unauthorized withdrawals.

No user funds were affected, and the company found no breach involving its messaging contracts, endpoints, Decentralized Verifier Networks or Executor infrastructure.

Onchain activity showed assets moving from several networks to Ethereum through Stargate and Relay. The transactions left the destination wallets holding approximately 955 ETH, then valued near $1.78 million, and about $322,000 in USDC.

Those balances should not be described as attacker holdings. The transfers also do not represent a confirmed $2.1 million loss, exploit or wallet drain after LayerZero identified the movements as part of its normal operating process.

Stargate and Relay functioned as cross-chain transfer routes during the activity. Their involvement did not indicate that either protocol had been compromised.

Executor Wallets Rebalance Assets Across Chains

LayerZero Executors deliver cross-chain messages after the application’s selected verification system has approved them. Executors call destination-chain functions such as lzReceive() or lzCompose() but do not determine whether the underlying message is valid.

Operating that service requires native gas and other assets across the networks where messages are delivered. Executor-controlled wallets can therefore bridge, consolidate or redistribute inventory as balances and execution requirements change.

Transfers involving several chains and a single destination can resemble post-incident fund consolidation when viewed without operational context. In this case, LayerZero’s clarification established that the movements were authorized inventory management rather than an attacker routing stolen assets toward Ethereum.

Activity Differs From Confirmed KelpDAO Exploit

The wallet movements were separate from the confirmed April KelpDAO cross-chain exploit, which released approximately $292 million in rsETH after attackers compromised offchain infrastructure used in the verification path.

That incident involved a single-verifier configuration and was later attributed by LayerZero to North Korea’s Lazarus Group. It prompted several projects to reassess their cross-chain security arrangements, including Virtuals moving $700 million in VIRTUAL to Chainlink CCIP.

LayerZero’s Executor design remains permissionless after message verification. Another Executor or the user can complete delivery on the destination chain when the originally selected Executor is unavailable.



Source link

Share

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

Northbase Finance Closes Capital Partnership with Oaktree to Support Equipment Financing Platform

Northbase Finance closed a revolving credit facility with Oaktree through its asset-backed...

Promotora de Informaciones SA (FRA:PZ4) – Valuation Measures & Financial Statistics – GuruFocus

Promotora de Informaciones SA (FRA:PZ4) - Valuation Measures & Financial Statistics  GuruFocus Source...

XTI Aerospace Reports Fourth Quarter and Full Year 2025 Results

DALLAS, April 15, 2026 /PRNewswire/ -- XTI Aerospace, Inc. (Nasdaq: XTIA) ("XTI...

Zebra Technologies stock holds steady as investors focus on data capture and automation strategy

Zebra Technologies stock represents exposure to a company that has built its...