LayerZero multisig signers linked to memecoin trades

On May 8, 2026, allegations emerged that LayerZero’s production 2-of-5 Gnosis Safe multisig keys were used to trade the McPepes memecoin on Uniswap. Screenshots of internal messages posted on X and on-chain records were cited as evidence.

The multisig required two of five signatures and was intended to control bridged tokens and configuration settings for LayerZero-compatible protocols. Reports state the Safe had no timelock and that the private keys remained in use for several years without rotation.

Three signer-linked addresses were flagged in reporting. Address 0x1f5E377a3ADBe6f3289ADb6b21eae6427dfbb553 is associated with trading McPepes and with the Hop platform. Address 0xBb6633c267951E938F9B6421E4F54aa5b2c19326 reportedly held about $12 million and engaged in Stargate staking. Address 0x6fC8342C448F9a8d541C17579EF7A14237b8d5aD carried out liquidity actions on Curve, PancakeSwap and SpookySwap; on March 1, 2023 that address swapped 0.198548073 ETH for about 1.73 million McPepes tokens on Uniswap V3.

Industry practice isolates production signing keys from everyday trading and from interactions with third-party decentralized applications. The reported use of multisig keys for token swaps and liquidity work raised concerns that those keys were exposed to malicious contracts or phishing attacks.

LayerZero CEO Bryan Pellegrino wrote on X that the transactions came from former multisig members who had been removed and characterized the activity as OFT testing rather than memecoin speculation. The company stated the implicated wallets no longer had signatory roles.

LayerZero has not published a full audit of prior transactions tied to the implicated signers. The company removed several signers from the multisig, the notice said.

Members of the security community posted criticism online. Zach Rynes wrote the incident reflected “horrific opsec” and warned about potential supply-chain exploits and risks for users running LayerZero with default settings. Other users posted alarmed reactions on X.

Some projects are reassessing reliance on LayerZero for cross-chain messaging. Hours before the allegations were made public, one protocol announced plans to migrate more than $700 million of tokenized bitcoin to Chainlink’s CCIP, citing updated security reviews and concerns about bridge safety after recent bridge incidents that involved LayerZero technology.

The situation remains under close watch by projects using LayerZero and by security researchers tracking cross-chain risk.