• LayerZero post-mortem.

• Devcon 8 Early Bird tickets.

• Block-Level Access Lists explained.

LayerZero Labs published a full post-mortem on the April 18 attack on KelpDAO's rsETH bridge. The attack began on March 6, when a LayerZero developer was tricked into cloning a malicious GitHub repo that dropped malware on their macOS machine and opened a path into LayerZero's internal RPC infrastructure. The attacker poisoned two internal RPC nodes to feed forged chain state to the DVN signing service, producing a valid attestation for a fabricated cross-chain message that unlocked 116,500 rsETH on Ethereum. LayerZero says it will no longer sign as the sole required attestor.

Read more →

The Ethereum Foundation opened Early Bird ticket sales for Devcon 8, with general admission priced at $349. Tickets are only purchasable with ETH via Pretix at tickets.devcon.org. Wave 1 launches in June at $699. Devcon 8 takes place from November 3 to 6, 2026, in Mumbai, India. Discounted and free tickets are available or coming soon for Indian residents, core developers, OSS contributors, and students.

Read more →

Ethereum researcher Toni Wahrstätter published an explainer on EIP-7928, the execution-layer headliner in the Glamsterdam upgrade. The proposal attaches a Block Access List to every Ethereum block, a structured record of every account and storage slot a block touches, along with a log of what changed after each transaction. BALs let clients parallelize execution, prefetch state from disk, and compute post-state roots on the fly. Combined with ePBS, Wahrstätter frames the two proposals as a 10x scaling improvement with no hardware upgrades required.

Read more →

• Vitalik outlines privacy efforts

• PSE PlasmaBlind payments

• L2Beat lists Ronin

• Tydro case study

• Lighter RFQ in beta

Disclaimer: Content is for informational and educational purposes only and does not constitute financial, investment, legal, or other professional advice. No representations or warranties are made as to accuracy, completeness, or timeliness. Use of this content is at your own risk, and you should consult a qualified professional before making decisions. No fiduciary or advisory relationship is created

The Ethereum Foundation opened Early Bird ticket sales for Devcon 8, with general admission priced at $349. The tickets are only purchasable using ETH payments via built Pretix, an open-source ticketing platform. Tickets are available at tickets.devcon.org. Devcon 8 takes place from November 3 to 6, 2026, in Mumbai, India. Future sale waves will open at higher prices.

Wave 1 launches in June at $699. Discounted and free tickets are available or coming soon for Indian residents, core developers, OSS contributors, and students; Indian student tickets start at $25 and international student tickets at $99, with applications open now.

Disclaimer: Content is for informational and educational purposes only and does not constitute financial, investment, legal, or other professional advice. No representations or warranties are made as to accuracy, completeness, or timeliness. Use of this content is at your own risk, and you should consult a qualified professional before making decisions. No fiduciary or advisory relationship is created

LayerZero Labs published a full post mortem on the April 18 attack on KelpDAO's rsETH bridge. LayerZero attributed the attack to TraderTraitor, the same group behind the $1.5B Bybit hack in February 2025. The attack began six weeks earlier, on March 6, when an attacker tricked a LayerZero developer into cloning a malicious GitHub repo that dropped malware on their macOS machine, harvesting session keys and opening a path into LayerZero's internal RPC infrastructure.

The attacker quietly poisoned two internal RPC nodes to return forged chain state while appearing clean to LayerZero's own monitoring tools. On the day of the exploit, the attacker launched a denial-of-service attack against an external RPC provider to force the DVN signing service onto the compromised nodes exclusively.

The result was a valid attestation for a fabricated cross-chain message. LayerZero again pointed blame to KelpDAO's single-DVN setup that allowed one valid attestation to unlock 116,500 rsETH on Ethereum. LayerZero says it will now refuse to sign as the sole required attestor on any channel. KelpDAO's rsETH recovery entered its final stage earlier this month, and Kelp resumed withdrawals on May 15.

Disclaimer: Content is for informational and educational purposes only and does not constitute financial, investment, legal, or other professional advice. No representations or warranties are made as to accuracy, completeness, or timeliness. Use of this content is at your own risk, and you should consult a qualified professional before making decisions. No fiduciary or advisory relationship is created