Best crypto insights delivered straight to your inbox.
- LayerZero’s production 2-of-5 Gnosis Safe multisig keys were spotted executing Uniswap trades in the McPepes memecoin.
- Bryan Pellegrino confirmed the wallets belonged to former signers who have since been removed.
- Chainlink’s Zach Rynes slammed the practices as “horrifying” opsec, triggering widespread criticism about key management.
LayerZero, a cross-chain messaging platform, is facing new accusations of operations security (OPSEC) failures. According to reports, its production multisig signing keys traded McPepes memecoin on Uniswap.
Per the allegations, which were made public on May 8, 2026, faults were directed to key management techniques used by blockchain infrastructure companies.
What happened with LayerZero’s 2-of-5 Gnosis Safe multisig?
The accusations center on reckless use of LayerZero’s 2-of-5 Gnosis Safe multisig, a method by which they secure their users’ tokens and control key parts of their OFT infrastructure.
From screenshots of an internal discussion that went viral on X, three of the five signers of the Gnosis Safe multisig were actively involved in activities unrelated to the multisig process.
🚨JUST IN: @LayerZero_Core is facing opsec allegations after production multisig keys used to secure user funds were reportedly also used to trade the McPepes memecoin.
— SolanaFloor (@SolanaFloor) May 8, 2026
LayerZero’s Bryan said the transactions were made by people who were part of the LZ multisig but have since… pic.twitter.com/k5YR7jyCg6
Signer addresses include:
- 0x1f5E377a3ADBe6f3289ADb6b21eae6427dfbb553, which is associated with the trading of the memecoin called PEPES (McPepes) and the Hop platform.
- 0xBb6633c267951E938F9B6421E4F54aa5b2c19326, which held approximately $12 million and engaged in Stargate staking.
- 0x6fC8342C448F9a8d541C17579EF7A14237b8d5aD, involved in liquidity provisioning on Curve, PancakeSwap, and SpookySwap.
A notable transaction on March 1, 2023, involved exchanging 0.198548073 ETH for approximately 1.73 million tokens of the ERC-20 token McPepes/PEPES via Uniswap V3.
This has been cited as evidence that the production keys, whose purpose was to safeguard billions of dollars, were linked to websites outside the network, thereby leaving them vulnerable to phishing attacks.
The multisig lacked a timelock, and the keys remained stagnant for several years. The same parties are responsible for the multisig-controlled DVN settings and libraries for LayerZero-compatible protocols.
On-chain transactions support the assertion that the production signers performed Uniswap swaps for the McPepes prior to the PEPE token deployment schedule.
Reported vulnerabilities tied to the multisig setup
The LayerZero multisig was created to serve as the ultimate layer of protection for bridged tokens. Nevertheless, the described actions broke the fundamental OPSEC rule of key isolation. By using the same keys to trade on decentralized exchanges, the signers risked vulnerability to attacks from malicious contracts and phishing schemes.
It is worth mentioning that only two stolen keys were enough to empty the whole multisig.
The timing of the disclosure is associated with increased scrutiny of LayerZero’s security approach. As reported by Cryptopolitan, only hours before that, Solv Protocol revealed its intention to migrate more than $700 million worth of tokenized BTC (SolvBTC and xSolvBTC) to Chainlink’s CCIP from LayerZero.
The company cited updates to security reviews and bridge issues, such as the recent Kelp DAO hack that used LayerZero bridges. Although Solv did not mention this incident in its announcement, it still illustrates a certain degree of skepticism toward LayerZero.
LayerZero’s CEO Bryan Pellegrino speaks on the matter
In response to the accusations, LayerZero’s CEO, Bryan Pellegrino, said the transactions originated from former members of the multisig wallet who had been booted out. He denied there was any such thing as “memecoin trading,” saying that it was just OFT testing, not speculations.
Furthermore, he pointed out that the wallets were no longer involved in signatory functions.
As shown in the screenshots, skeptics raised issues regarding the description of the incident, citing that the transaction was between McPepes (not PEPE) and raising doubts about how ETH to memecoin trading via Uniswap could be classified as OFT tests.
The signers in question have reportedly been removed from the multi-signature. No counter-rebuttal or full audit of all previous actions carried out by the signers had been made public by LayerZero.
Crypto Twitter goes after LayerZero
Zach Rynes has gone against LayerZero, calling the security measures a “horrific opsec.” Rynes pointed out the dangers posed by such behavior to users running LayerZero in its default settings. He has cited potential supply-chain exploits.
Additionally, he asserts that production keys must never be used for anything other than vital tasks.
I genuinely wish I were joking, it’s horrifying what passes for “opsec” in this industry
— Zach Rynes | CLG (@ChainLinkGod) May 8, 2026
X community reactions range from shock at what they perceived as “clowns and criminals” working within the infrastructure domain to a call for more openness and transparency.
Any potential vulnerabilities within the multisig of LayerZero, which acts as an intermediary for chain-to-chain communication, could be very concerning.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
CRASH COURSE
- Which cryptocurrencies can make you money
- How to boost your security with a wallet (and which ones are actually worth using)
- Little-known investment strategies that the pros use
- How to get started investing in crypto (which exchanges to use, the best crypto to buy etc)