Something went wrong inside LayerZero’s infrastructure — and it cost roughly $2.4 million. The LayerZero wallet hack, as reported by blockchain security firm PeckShield, involved the compromise of LayerZero Executor wallets, with funds drained across multiple blockchain networks before the attacker made a swift move to cover their tracks on Ethereum.
Summary
Key takeaways
- LayerZero Executor wallets were compromised, with approximately $2.4 million stolen across multiple chains.
- The attacker bridged stolen assets to Ethereum and converted most into 956 ETH, worth roughly $1.8 million.
- An additional $322,000 in USDC was also swapped from the stolen funds.
- PeckShield and multiple onchain analysts tracked the movement of the stolen assets.
- The attack used cross-chain theft and asset swapping techniques to obscure the trail.
LayerZero Executor Wallets Compromised in a $2.4M Multi-Chain Hack
The breach targeted LayerZero Executor wallets specifically — a detail that matters because Executor infrastructure plays a role in relaying and processing cross-chain messages within the protocol. When those wallets were compromised, the attacker gained the ability to drain assets spread across several chains, accumulating a total haul of approximately $2.4 million.
PeckShield, one of the most active blockchain security monitoring firms in the space, was among the first to flag the breach. Their alert triggered a broader response from onchain analysts who began tracing the movement of funds in real time — a reminder that crypto forensics now operates at a speed that rivals traditional financial investigations, even if it cannot always prevent losses.
What onchain analysts tracked
Multiple independent onchain analysts corroborated PeckShield’s findings, following the stolen assets as they moved from their original chains toward consolidation. The cross-chain nature of the theft made tracking more complex, but the Ethereum network ultimately became the focal point — the attacker’s chosen destination for the stolen value.
Movement and Conversion of Stolen Assets to Ethereum
After draining funds across several chains, the attacker bridged everything to Ethereum — a common post-theft move that gives bad actors access to deeper liquidity pools and a wider range of swapping options.
Once on Ethereum, the conversion was decisive. The attacker swapped the majority of the stolen assets into 956 ETH, valued at roughly $1.8 million. An additional $322,000 in USDC was also swapped from the stolen pool, suggesting a deliberate strategy to split holdings between a volatile asset and a stablecoin — a pattern sometimes associated with staging funds for further movement or laundering.
Together, those two positions account for the bulk of the $2.4 million taken. The speed and precision of the swaps indicate someone who understood the mechanics of cross-chain asset movement well enough to execute quickly under pressure.
Cross-Chain Techniques Highlight Risks in Blockchain Security
This incident fits a pattern that has become increasingly familiar in crypto security: an attacker targets a specific infrastructure component, exploits it across multiple chains simultaneously, then funnels everything into Ethereum for conversion. The LayerZero wallet hack is a textbook example of how cross-chain bridges and executor systems can become high-value attack surfaces.
The use of asset swapping immediately after bridging is significant. It transforms stolen tokens — which might be traceable or even freezable in some cases — into more liquid or harder-to-track assets. ETH, in particular, remains one of the most fungible assets in the ecosystem, making post-swap recovery extraordinarily difficult.
Why cross-chain infrastructure warrants closer scrutiny
Cross-chain protocols rely on a network of intermediary systems — relayers, executors, validators — to function. Each of those components represents a potential entry point. When a wallet tied to execution is compromised, the damage does not stay contained to a single chain. It ripples outward, which is exactly what happened here. The multi-chain nature of this theft amplifies both the complexity of the investigation and the difficulty of any potential asset recovery.
For the broader ecosystem, incidents like this reinforce a persistent tension: the same infrastructure that makes cross-chain interoperability powerful also concentrates risk in ways that standard single-chain security models were not built to handle.
FAQ
What happened to the LayerZero Executor wallets?
The LayerZero Executor wallets were compromised, resulting in approximately $2.4 million stolen across multiple blockchain networks.
How were the stolen assets moved after the hack?
The attacker bridged the stolen funds to the Ethereum network and swapped most assets into 956 ETH, worth roughly $1.8 million, along with $322,000 in USDC.
Who reported on the LayerZero wallet hack?
PeckShield reported on the breach and tracked the stolen funds, with multiple onchain analysts also monitoring the movement of assets.
What hacking techniques were involved in the LayerZero wallet theft?
The hack involved cross-chain theft and asset swapping techniques, with the attacker exploiting Executor wallet access to drain funds across several chains before consolidating them on Ethereum.
Article produced with the assistance of artificial intelligence and reviewed by the editorial team.

