Startup Diligence
Diligence report Omnichain interoperability protocol / blockchain infrastructure Private unicorn / token-governed protocol ecosystem

LayerZero Labs

LayerZero Labs Public-Source Startup Diligence Report

Advance only to confirmatory diligence if the investment thesis depends on LayerZero becoming a default interoperability layer for applications, asset issuers and institutions. The thesis requires private proof that usage converts to durable revenue, customers accept multi-DVN best practices, security remediation is complete, ZRO governance is legally robust and valuation is justified by fundamentals rather than crypto-cycle multiples.

Company profile

LayerZero Labs Public-Source Startup Diligence Report

LayerZero Labs is a highly visible interoperability unicorn with credible public evidence for valuation, institutional fundraising, open-source technical artifacts, developer documentation, a broad supported-chain footprint, named ecosystem users/partners and an active security bounty. Public evidence is insufficient for an investment decision because company financials, cap table, token allocations, customer revenue, material contracts, insurance, governance controls and counsel searches are not public. The 2026 KelpDAO exploit materially elevates security, liveness and reputation diligence needs.

Website
layerzero.network
Sector
Omnichain interoperability protocol / blockchain infrastructure
Geography
United States / New York per CB Insights; Vancouver, New York and APAC hiring footprint; global protocol ecosystem
Stage
Private unicorn / token-governed protocol ecosystem
Known aliases
LayerZero, LayerZero Labs Ltd., LayerZero Foundation, LayerZero V2, ZRO, Stargate, Nexus
Report version
1.0
Timezone
UTC

Executive summary

Strengths

  • CB Insights lists LayerZero Labs at $3B, with United States / New York and Enterprise Tech metadata.
  • Public financing sources support the 2022 and 2023 institutional rounds and a $3B valuation.
  • Docs and repositories substantiate an omnichain messaging architecture with Endpoint, MessageLib, DVN and Executor layers.

Risks

  • Security/liveness concentration and the 2026 KelpDAO incident create critical diligence risk.
  • No public audited financials, revenue schedule, cap table or customer contracts are available.
  • ZRO governance, fee switch, buybacks and cross-chain asset issuance create token/regulatory uncertainty.

Gaps

  • Audited financial statements, management accounts, revenue by product and revenue recognition policy.
  • Current cap table, token allocation/vesting, debt/warrant schedule and investor rights.
  • Top customers, contracts, revenue concentration, churn, pipeline and usage-to-revenue conversion.
  • Security audit reports, KelpDAO postmortem, SOC 2 report, insurance, incident reserves and law-enforcement correspondence.
  • Counsel memos covering token, commodities/securities, sanctions, money-transmission, IP and litigation exposure.

Recommended next steps

  • Open confirmatory diligence with a data-room request focused first on financials, cap table, customer contracts and incident remediation.
  • Commission counsel-led litigation/regulatory/IP searches and a token-governance legal review.
  • Perform independent protocol/security review covering DVN, Executor, RPC dependency, default configuration and monitoring controls.
  • Interview reference customers and asset issuers to validate adoption, pricing, retention and multi-DVN migration.

Risk register

critical high likelihood

R-003: Security and liveness concentration

The KelpDAO incident disclosed an approximately $290M exploit tied to a 1-of-1 DVN configuration and RPC spoofing affecting the LayerZero Labs DVN; multi-DVN adoption and remediation must be verified.

Diligence request: Conduct independent forensic/security review, verify all remediation and require customer migration to diversified DVN configurations.

high high likelihood

R-001: Financial, cap-table and customer-revenue opacity

No public audited financials, management accounts, revenue by product/customer, cap table, debt schedule or material contracts were available.

Diligence request: Require full financial/cap-table/customer data room before underwriting.

high medium likelihood

R-002: Valuation and crypto-cycle exposure

$3B public valuation is well evidenced historically but may be sensitive to crypto volumes, token prices, security incidents and macro financing conditions.

Diligence request: Re-underwrite valuation using current revenue, retention, incident-adjusted pipeline and comparable multiples.

high medium likelihood

R-004: Token, governance and regulatory uncertainty

ZRO fee switch, buybacks, governance, bridging and cross-chain value-transfer products create securities/commodities, sanctions and money-transmission review needs.

Diligence request: Obtain counsel memos, token allocation/treasury controls, sanctions/money-transmission analysis and governance risk assessment.

high medium likelihood

R-009: Default Executor concentration

LayerZero docs state every default Executor across every pathway in every preset network configuration is operated by LayerZero Labs, creating liveness/censorship concentration.

Diligence request: Verify third-party/custom Executor adoption, fallback procedures, monitoring and customer communications.

medium high likelihood

R-005: Adoption-to-revenue proof gap

Named apps, TVL, volume, users and partner logos do not prove paid customers, retention, ARR or concentration.

Diligence request: Request top-customer schedule, contracts, revenue by customer, pipeline and references.

medium medium likelihood

R-007: Management, controls and headcount transparency gap

Public sources verify CEO/co-founder and open roles but not full org, board, compensation, turnover, controls or succession.

Diligence request: Request org chart, leadership bios, compensation, turnover and board/governance documents.

medium medium likelihood

R-008: Developer tooling stability and open-source execution

Devtools README warns beta status and possible backwards-incompatible changes; public artifacts require code-quality and release-process review.

Diligence request: Review release process, semver policy, issue backlog, audits and customer-impact controls.

Chapter 01

01Financial Information

Public evidence verifies unicorn financing history, but financial statements, projections, cap table and revenue detail are not public.

I.A Annual and quarterly financial information for the past three years

not publicly verifiable confidence: high

No audited statements, management reports, sales breakdown, backlog or AR aging were located in public sources.

Evidence gaps

  • Audited income statements, balance sheets, cash-flow statements and footnotes.
  • Revenue by product, geography, channel and customer; backlog and receivables aging.

Hidden risks

  • Revenue may be volatile, token-linked or dependent on infrastructure fees not visible in public sources.
  • Incident, litigation or bounty obligations may create off-balance-sheet exposure.

Follow-up questions

  • Provide fiscal 2023-2026 monthly management accounts and audited statements.
  • Reconcile protocol usage, fees, ZRO economics and GAAP/IFRS revenue recognition.
Public financial information availability
itempublic statusdiligence implication
Audited annual and quarterly statementsNot locatedCannot assess revenue, margins, cash burn, liabilities or going-concern risk.
Revenue by product, customer, channel and geographyNot locatedAdoption metrics cannot be converted into revenue quality or concentration.
Backlog and accounts receivable agingNot locatedWorking-capital and collection risk are not assessable.
Tax, accounting policy and revenue recognitionNot locatedToken, fee and cross-chain service accounting remain high-priority gaps.

Public-source absence is not proof the information does not exist privately.

I.B Financial Projections

not publicly verifiable confidence: high

Public sources discuss growth markets such as gaming, APAC, asset issuance and institutional products, but no quantified financial projections are public.

Evidence gaps

  • Three-year quarterly forecast, scenario sensitivities and external financing assumptions.

Hidden risks

  • Projections may be highly sensitive to crypto volumes, gas prices, token prices, security incidents and regulatory constraints.

Follow-up questions

  • Provide board-approved plan, actual-vs-plan performance and downside cases after the KelpDAO incident.

I.C Capital Structure

not publicly verifiable confidence: high

Public financing sources identify several investors and the Foundation page identifies ZRO activity, but equity ownership, token allocations, debt and dilutive securities are not public.

Evidence gaps

  • Fully diluted cap table, token allocation/vesting, SAFEs/notes/warrants, debt instruments and off-balance-sheet liabilities.

Hidden risks

  • Investor preferences, token lockups, foundation/company agreements or warrant/debt instruments may materially alter economics.

Follow-up questions

  • Provide current shares outstanding, option pool, token treasury, investor rights and all financing instruments.

I.D Other financial information

partially verified confidence: high

Public records support a $135M 2022 round, a $120M 2023 Series B and $3B valuation, but tax positions and accounting policies are not public.

Evidence gaps

  • Tax positions, revenue-recognition memo, financing-current-basis analysis and valuation support.

Hidden risks

  • A $3B valuation may not reflect current revenue, post-incident risk, token volatility or legal/regulatory constraints.

Follow-up questions

  • Provide tax memo, audited revenue policy and independent 409A/fair-value reports.
Public financing and valuation history
date or periodeventamount or valuationpublic investors or notes
2022-03-30CB Insights unicorn tracker entry$3B valuation signal; joined unicorn list 3/30/2022Andreessen Horowitz, FTX Ventures, Tiger Global Management listed by CB Insights.
2022-03Public $135M round$135M round at $1B valuationBusinessWire release reported co-leads and strategic investors.
2023-04-04Series B$120M; valuation increased to $3B; over $250M raised to dateTechCrunch reported 33 investors including a16z crypto, Circle Ventures, Sequoia, OpenSea, Samsung Next, Christie's and BOND.

Public valuations should be reconciled to preferred terms and fully diluted ownership.

Public funding and valuation trajectory Chart of public financing amounts and valuation signals.

Financing amount and valuation are different metrics but both shown in USD millions.

Chapter 02

02Products

LayerZero's product evidence is strong for protocol design and developer tooling, with material diligence needed on reliability, pricing, customer economics and configuration risk.

II.A Description of each product

verified confidence: high

The public product set includes omnichain messaging, Endpoint/MessageLib infrastructure, OApps/OFTs, Stargate, Nexus/lzAssets, DVNs, Executors and developer tooling.

Evidence gaps

  • Product-level revenue, gross margin, SLA, uptime, incidents and customer-level profitability.

Hidden risks

  • Product safety depends on app-specific configuration, especially DVN and Executor choices.
  • Fee economics depend on source/destination gas, DVN fees, Executor fees and user willingness to pay.

Follow-up questions

  • Provide product P&L, active pathway metrics, default configuration changes and post-incident customer migration status.
Product and use-case matrix
product or componentpublic descriptiondiligence focus
LayerZero protocolOmnichain messaging protocol for moving information between blockchains.Production usage, fees, uptime, incidents and customer contracts.
Interoperability infrastructure160+ supported blockchains; endpoints send and receive data between chains.Active endpoint count, production pathways and support obligations.
OApp / OFT / ONFT standardsDeveloper standards for applications and omnichain tokens.Developer adoption, security reviews and revenue model.
Stargate and Nexus/lzAssetsValue-transfer and generalized asset-issuance offerings.Commercial terms, issuer obligations and regulatory classification.

Product descriptions are public-source and should be reconciled with internal SKU and revenue data.

Architecture and security responsibility split
layerpublic rolecontrol or risk
EndpointImmutable, permissionless protocol interface deployed on each chain.Endpoint immutability reduces upgrade risk but makes deployment correctness critical.
Message LibrariesConfigurable onchain rulesets for verification and delivery.Library selection and upgrades can affect app-level security.
DVNsIndependent verification services with X-of-Y-of-N security stacks.Single-DVN configurations create a verifier concentration risk.
ExecutorsDeliver verified messages and can be run by anyone, but docs identify default concentration.Default LayerZero Labs Executor can be a liveness/censorship concentration point.
Pricing modelSource gas, security stack fees, executor fees and destination gas purchase.Cross-chain fee volatility and worker compensation affect UX and margins.

Control design should be independently reviewed by protocol security specialists.

LayerZero architecture responsibility map High-level architecture from application to endpoint, message libraries, DVNs, executors and destination app.

Simplified from public docs; not a complete production architecture.

Chapter 03

03Customer Information

LayerZero has visible ecosystem adoption signals, but customer contracts, revenue concentration, retention and supplier economics are not public.

III.A Top customers by application

partially verified confidence: medium

Public sources name DEX use cases and asset/institutional partner logos, but not a top-15 customer list or revenue by application.

Evidence gaps

  • Top customers by ARR/revenue, customer tenure, renewal terms, gross retention and NPS/support history.

Hidden risks

  • Named integrations may be pilots, unpaid integrations or ecosystem relationships rather than recurring customers.

Follow-up questions

  • Provide top-15 customer list for FY2024-FY2026 with ARR, usage, gross margin and reference contacts.
Public adoption and customer signals
signal typepublic signalrevenue proof status
DEX application usePancakeSwap, SushiSwap, Trader Joe and Uniswap named by TechCrunch.Does not prove paid revenue or contract terms.
TVL / volume / users2023 article reported company-claimed $7B TVL, $6B volume and hundreds of thousands of unique users.Usage proxy only; not revenue.
Partner logos / asset issuersInterop page lists BitGo, Bridge.xyz, Centrifuge, Ethena, Google, Kraken, Ondo, Paxos, PayPal, Tether and Wyoming Stable Token Commission.Relationship signal; not contract economics.

Customer references and contracts are required to validate economics.

2023 adoption proxy values Publicly reported 2023 adoption proxies from TechCrunch.

Values are from 2023 reporting and may be outdated.

III.B Strategic relationships

partially verified confidence: medium

Strategic relationships are visible through partner logos, Foundation activity, DVN/Executor architecture and integrations, but revenue contribution and agreement terms are not public.

Evidence gaps

  • Executed partnership agreements, revenue share, exclusivity, termination rights and customer success obligations.

Hidden risks

  • Partnerships may depend on token incentives, co-marketing or non-standard economics.

Follow-up questions

  • Provide strategic relationship schedule with contract status, revenue contribution and marketing commitments.
Customer, partner and supplier proof gaps
areapublic evidencemissing private evidence
Top customersNamed applications and partner logos.Customer list, ARR/revenue, contract status and renewal history.
Strategic relationshipsAsset issuance, institutional and chain integration messaging.Agreements, revenue share, exclusivity and termination rights.
SuppliersDVN/Executor/RPC dependencies described in docs and incident statement.Supplier list, spend, SLAs, security attestations and redundancy plans.

Public strategic-partner language should not be treated as paid contractual evidence.

III.C Revenue by customer

not publicly verifiable confidence: high

No public revenue by customer or customers contributing 5% or more of revenue were identified.

Evidence gaps

  • ARR/revenue by customer and customer-level margin.

Hidden risks

  • A small number of asset issuers, chains or applications may drive most revenue.

Follow-up questions

  • Identify all customers above 5% of revenue and provide contract terms.

III.D Significant relationships severed within the last two years

inconclusive confidence: low

No complete public schedule of severed relationships was located; the KelpDAO incident implies customer remediation and migration follow-up is necessary.

Evidence gaps

  • Churned, paused, disputed or remediated customer/partner list.

Hidden risks

  • Post-incident churn or paused integrations may not be publicly reported.

Follow-up questions

  • Provide a post-incident customer-impact log and severed relationship schedule.

III.E Top suppliers

partially verified confidence: medium

Public docs identify DVNs, Executors and RPC infrastructure as operational dependencies, but supplier agreements and spend are not public.

Evidence gaps

  • Supplier spend, SLAs, redundancy, security attestations and termination rights.

Hidden risks

  • RPC, cloud, security-vendor and DVN-provider concentration could impair liveness or integrity.

Follow-up questions

  • Provide top supplier list, RPC architecture, monitoring controls and SLA/indemnity terms.
Chapter 04

04Competition

LayerZero competes in cross-chain messaging, token transfer, asset issuance and interoperability infrastructure, with differentiation based on configurability, chain breadth and developer tooling.

IV.A Competitive landscape by market segment

partially verified confidence: medium

Public evidence supports a differentiated architecture but does not quantify market share, pricing power or win/loss versus Wormhole, Axelar, Chainlink CCIP, native bridges or exchange-led rails.

Evidence gaps

  • Market share, win/loss logs, pricing comparisons and third-party reliability benchmarks.

Hidden risks

  • Security incidents can shift customer preference toward competitors or multi-provider redundancy.
  • Chain and asset issuer relationships may be non-exclusive.

Follow-up questions

  • Provide competitive win/loss analysis, pricing cards and customer reasons for choosing LayerZero.
Competitive landscape by segment
segmentlayerzero positioningcompetitive alternatives
Cross-chain messagingPermissionless omnichain messaging with endpoint and message-library architecture.Wormhole, Axelar, Chainlink CCIP, native bridge/messaging stacks.
Value transferOFT/Stargate value-transfer products across supported blockchains.Liquidity bridges, exchange deposit rails, native asset bridges.
Asset issuance / tokenizationNexus/lzAssets and institutional asset integrations.Issuer-built multichain systems, custodians and tokenization platforms.
Verification and execution servicesModular DVNs and Executors.Native verifier networks, light-client bridges, ZK-proof systems and managed relayers.

Competitive alternatives are an analyst framing and require independent market interviews.

Basis of competition and diligence tests
basispublic evidencediligence test
Chain breadth160+ supported blockchains claimed on Interoperability page.Verify active endpoints, production pathways and usage by chain.
Configurable securityApp-owned security stack and X-of-Y-of-N DVN model.Review customer DVN configurations and multi-DVN migration.
Developer experienceDevtools repository with examples and packages.Compare adoption, issue resolution, SDK stability and developer satisfaction.
Security program$15M maximum Immunefi bounty and audit directories.Review audit findings, bounty ledger, incident RCA and insurance.

A differentiator can also be a risk if customers configure it poorly.

Interoperability market map Analyst market map placing LayerZero across messaging, value transfer and asset issuance.

Competitor positions are analyst estimates using public product framing.

Chapter 05

05Marketing, Sales, and Distribution

LayerZero distributes through docs, open-source tooling, ecosystem partnerships, asset-issuer integrations, foundation governance and business-development hiring; productivity metrics are not public.

V.A Strategy and implementation

partially verified confidence: medium

Public GTM strategy emphasizes developer adoption, asset issuers, institutional assets, geographic expansion and ecosystem governance.

Evidence gaps

  • Funnel metrics, CAC, sales-cycle length, quota attainment, channel economics and marketing budget.

Hidden risks

  • Marketing claims may outrun contracted enterprise demand or required compliance controls.

Follow-up questions

  • Provide funnel conversion, bookings pipeline, quota plan and budget-vs-actual marketing spend.
Marketing, sales and distribution channels
channelpublic evidenceproof gap
Developer-led adoptionDocs, LayerZero-v2 and devtools repositories.Developer activation, conversion and paid usage.
Asset issuers and institutionsInteroperability page and blog index emphasize institutional/asset issuance partnerships.Contracted revenue and compliance requirements.
Ecosystem governanceFoundation page links fee-switch vote, ZRO buybacks and Bridge ZRO.Governance participation, token treasury and legal structure.
Direct BD and solutionsOpen BD, customer success and solutions-architect roles across New York, APAC and Vancouver.Pipeline, quota and implementation capacity.

Public GTM signals should be tied to CRM and revenue data.

Public GTM funnel evidence GTM funnel from developer awareness to contracted revenue, highlighting missing private metrics.

Private CRM data is required to populate counts.

V.B Major Customers

partially verified confidence: medium

Public major-customer evidence is limited to named integrations and partner logos; pipeline and relationship status are not public.

Evidence gaps

  • Pipeline, booked ARR, expansion opportunities and executive sponsor maps.

Hidden risks

  • Integration announcements may not equal paid customers or future expansion.

Follow-up questions

  • Provide CRM export, late-stage pipeline and customer health scores.

V.C Principal avenues for generating new business

partially verified confidence: medium

Public evidence points to developer tooling, asset issuers, institutional partners, APAC business development and foundation-led ecosystem activity as primary demand channels.

Evidence gaps

  • Channel-level win rates, partner-sourced revenue and implementation capacity.

Hidden risks

  • New business may require bespoke integrations and long security reviews, reducing sales productivity.

Follow-up questions

  • Provide partner-sourced pipeline, implementation backlog and solution-architect capacity plan.
New business generation and implementation gaps
avenuepublic signalfollow up metric
APAC expansionBusiness development roles for Hong Kong and Japan.APAC pipeline, bookings, local compliance plan and partner references.
Institutional asset integrationsBlog index references institutional assets, Canton, Centrifuge, Worldpay and tokenized assets.Contracted issuer pipeline and compliance review status.
Foundation/token engagementFee-switch vote, buybacks and bridging ZRO.Governance participation, treasury impact and token legal memo.

Sales productivity cannot be assessed without private CRM and finance data.

V.D Sales force productivity model

not publicly verifiable confidence: high

Sales compensation, quota, cycle length and hiring plan are not public; careers postings only show hiring signals.

Evidence gaps

  • Quota, attainment, ramp, comp plans, headcount plan and sales-cycle distribution.

Hidden risks

  • Enterprise and institutional interoperability sales may require long technical and compliance cycles.

Follow-up questions

  • Provide sales productivity dashboard and hiring plan by role/location.

V.E Ability to implement marketing plan with current and projected budgets

not publicly verifiable confidence: high

No public marketing budget or budget-vs-plan data was located.

Evidence gaps

  • GTM budget, security/compliance budget and product implementation capacity.

Hidden risks

  • Security remediation and compliance support may consume budget intended for growth.

Follow-up questions

  • Provide budget, headcount and product roadmap resourcing after the KelpDAO incident.
Chapter 06

06Research and Development

R&D evidence is strong for public docs, repositories, audit directories and new product announcements, but staffing, costs, roadmap commitments and security backlog are private.

VI.A Description of R&D organization

partially verified confidence: medium

Public artifacts show protocol, devtools, audit categories and engineering/security hiring, but R&D org chart and spend are not public.

Evidence gaps

  • R&D headcount by function, security team staffing, roadmap, budget and defect backlog.

Hidden risks

  • Public repo activity does not prove internal security staffing, code quality, release discipline or unresolved vulnerabilities.

Follow-up questions

  • Provide engineering/security org chart, audit findings, remediation tracking and SOC 2 status.
R&D artifact evidence
artifactpublic contentsdiligence use
LayerZero-v2 repositoryProtocol contracts, OApp/OFT standards, MessageLib and build/test instructions.Supports technical reality of core product; needs code review.
Devtools repositoryExamples, packages, CLI/devtools and beta warning.Supports developer strategy and identifies release-stability risk.
Audits repositoryAudit directories for Endpoint V2, DVN, OApp, OFT, ONFT, ZRO, lzRead and related components.Supports visible security program; requires full findings/remediation review.
Immunefi programSmart-contract critical rewards up to $15M, KYC and OFAC screening requirements.Supports bounty program but also indicates high value-at-risk.

Public artifacts do not replace security due diligence.

Public R&D artifact mix Approximate count of visible R&D artifact groups from public repositories.

Artifact count is not code-quality proof.

VI.B New Product Pipeline

partially verified confidence: medium

Public pipeline signals include Nexus/lzAssets, lzRead, Zero, institutional asset integrations and DVN/payment products, but delivery timing, cost and revenue commitments are not public.

Evidence gaps

  • Product roadmap, ship dates, development cost, launch dependencies and customer commitments.

Hidden risks

  • Pipeline execution may be constrained by security remediation, customer trust and regulatory review.

Follow-up questions

  • Provide roadmap with security gates, customer commitments, cost-to-complete and launch KPIs.
Public product pipeline signals
pipeline itemsignalkey risk
Nexus / asset issuanceInteroperability page describes Nexus for issuing, moving and redeeming tokenized assets across chains.Regulatory, issuer-contract and custody/controls complexity.
lzRead and OApp patternsDocs/repositories list omnichain queries and application standards.Reliability, data integrity and developer adoption.
Zero and institutional assetsBlog index lists Zero technical papers and institutional asset announcements.Product scope expansion may dilute focus and increase security/compliance burden.

Pipeline evidence is public marketing/documentation, not committed revenue.

Chapter 07

07Management and Personnel

Bryan Pellegrino is publicly identified as CEO/co-founder and careers pages show hiring needs, but complete management biographies, org chart, compensation and turnover are not public.

VII.A Organization Chart

partially verified confidence: medium

Public sources identify at least the CEO/co-founder and open functions, but not a complete org chart.

Evidence gaps

  • Current org chart, executive roles, board composition and reporting lines.

Hidden risks

  • Key-person dependency may be high in protocol/security/customer relationships.

Follow-up questions

  • Provide org chart, board observer rights, key-person plan and succession plan.
Public management and personnel evidence
person or grouppublic evidencediligence gap
Bryan PellegrinoTechCrunch identifies him as CEO and co-founder and quotes him on product/funding/security.Employment agreement, background checks, ownership, board role and succession plan.
Finance/control functionsCareers page lists Assistant Controller and Controller roles.Current finance maturity, audit readiness and internal controls.
Engineering/security functionsCareers page lists backend, cryptographer, frontend, protocol and systems engineering roles.Security staffing, on-call coverage and incident-response ownership.
GTM/customer functionsCareers page lists BD, customer success, solutions architecture and institutional marketing roles.Sales productivity, quota capacity and customer implementation coverage.

Complete management team and board data require company materials.

Public personnel view Publicly verifiable personnel and inferred functional hiring needs.

This is not a complete org chart.

VII.B Historical and projected headcount by function and location

partially verified confidence: medium

Careers page shows open roles in Vancouver, New York and APAC, but total headcount history and projections are not public.

Evidence gaps

  • Actual headcount by department/location, attrition, hiring plan and contractor/vendor usage.

Hidden risks

  • Open finance/controller roles may indicate scaling control needs; open security/engineering roles may reflect product complexity.

Follow-up questions

  • Provide headcount history, hiring plan, vacancies, turnover and location-level payroll cost.
Open roles by function and location
functionexample roleslocationsdiligence readthrough
FinanceAssistant Controller; Controller.Vancouver, BC or New York City.Assess audit readiness and control maturity.
EngineeringBackend, Cryptographer, Frontend, Protocol and Systems Engineer.Vancouver, BC.Assess roadmap staffing and security coverage.
GTM / customerBD Lead Hong Kong, BD Lead Japan, Customer Success Manager, Solutions Architect Lead, Staff Solutions Architect.APAC, Vancouver, New York.Assess international pipeline and implementation capacity.
Product / operations / recruiting / marketingProduct Manager, Data Analyst, Technical Recruiter, Vertical Marketing Manager - Institutions.Vancouver, New York.Assess execution capacity and institutional GTM priority.

Open roles do not equal total headcount or attrition.

VII.C Senior management biographies

partially verified confidence: medium

Public-source review verified Bryan Pellegrino as CEO/co-founder through TechCrunch; full senior team biographies require company confirmation.

Evidence gaps

  • Senior management resumes, tenure, responsibilities, employment agreements and background checks.

Hidden risks

  • Lack of public executive biographies limits assessment of execution depth.

Follow-up questions

  • Provide executive biographies and references for CEO, CTO/security, finance, legal and GTM leaders.

VII.D Compensation arrangements

not publicly verifiable confidence: high

Employment agreements, executive compensation and benefit plans are not public.

Evidence gaps

  • Executive employment agreements, compensation plans, benefits and severance/change-of-control terms.

Hidden risks

  • Token grants, incentive plans or change-of-control terms may create dilution or retention risk.

Follow-up questions

  • Provide comp summary, benefits, bonus plans, severance and token/equity grants.

VII.E Incentive stock plans

not publicly verifiable confidence: high

No public equity incentive or token incentive plan details were located.

Evidence gaps

  • Stock option plan, token incentive plan, option pool and vesting schedules.

Hidden risks

  • Token and equity incentives may have different vesting, tax and regulatory implications.

Follow-up questions

  • Provide stock/token incentive plans and grants by employee category.

VII.F Significant employee relations problems, past or present

inconclusive confidence: low

No public employee-relations problem schedule was identified.

Evidence gaps

  • HR complaints, litigation, investigations and culture/engagement data.

Hidden risks

  • Security incidents, rapid hiring or token compensation can create retention and employee-relations pressure.

Follow-up questions

  • Provide HR/legal employee-relations log and retention plan.

VII.G Personnel Turnover

not publicly verifiable confidence: high

Personnel turnover data for the past two years is not public.

Evidence gaps

  • Turnover by function/location, retention incentives and regretted attrition.

Hidden risks

  • Loss of senior protocol/security engineers could impair reliability and customer confidence.

Follow-up questions

  • Provide turnover, retention and key-person coverage for engineering, security and GTM.
Chapter 08

08Legal and Related Matters

Public legal evidence includes an FTX Recovery Trust adversary docket and a material 2026 KelpDAO incident statement; counsel-led litigation, regulatory, IP, contract and insurance review remains essential.

VIII.A Pending lawsuits against the Company

verified confidence: medium

CourtListener search identifies FTX Recovery Trust v. LayerZero Labs Ltd., Bankr. D. Del. docket 23-50492, filed 2023-09-08 and terminated 2025-02-18.

Evidence gaps

  • Complaint, settlement/dismissal documents, counsel assessment and indemnity/insurance treatment.

Hidden risks

  • Termination of a public docket does not prove absence of settlement obligations, releases, appeals or related claims.

Follow-up questions

  • Provide litigation log, FTX matter pleadings, settlement documents and counsel opinion.
Public legal and regulatory matter matrix
matterpublic statusdiligence action
FTX Recovery Trust v. LayerZero Labs Ltd.CourtListener identifies Bankr. D. Del. docket 23-50492, filed 2023-09-08 and terminated 2025-02-18.Obtain pleadings, settlement/dismissal documents, releases and counsel opinion.
KelpDAO exploit and law-enforcement contactLayerZero statement says KelpDAO was exploited for approximately $290M and LayerZero is cooperating with law enforcement.Obtain incident RCA, remediation, reserves, insurance and communications with agencies.
ZRO governance, fee switch and buybacksFoundation page links fee-switch vote, ZRO buybacks, governance and Bridge ZRO.Obtain token legal memos, treasury controls and governance risk assessment.
Bounty KYC/OFAC and payoutsImmunefi page says KYC and OFAC screening are required and payouts are handled by LayerZero Labs.Review sanctions compliance, bounty liabilities and payout controls.

This is not a legal opinion.

Key risk heatmap Heatmap of principal diligence risks.

Heatmap reflects public-source diligence, not legal or investment advice.

VIII.B Pending lawsuits initiated by Company

inconclusive confidence: low

No company-initiated lawsuit schedule was located in public sources reviewed.

Evidence gaps

  • Counsel-certified litigation search and internal claims log.

Hidden risks

  • Defensive IP, contract or employment matters may not surface in a limited public search.

Follow-up questions

  • Ask counsel for all pending/threatened claims initiated by LayerZero or affiliates.

VIII.C Environmental and employee safety issues and liabilities

inconclusive confidence: low

As a software/protocol business, environmental and physical safety liabilities were not visible in public sources; workplace and remote-work policies require company review.

Evidence gaps

  • Workplace safety policies, insurance and employment compliance reviews.

Hidden risks

  • Multi-jurisdiction employment, remote-work and security operations may create compliance obligations.

Follow-up questions

  • Provide employment compliance and workplace safety documentation by jurisdiction.

VIII.D Material patents, copyrights, licenses, and trademarks

partially verified confidence: medium

Public GitHub repositories and documentation evidence software/IP assets; patents, trademarks, third-party licenses and assignment chain were not counsel-verified.

Evidence gaps

  • Patent/trademark portfolio, license scan, contributor assignment and third-party dependency review.

Hidden risks

  • Open-source license compliance, contributor assignments, protocol patents/trademarks and third-party dependencies may create IP exposure.

Follow-up questions

  • Provide IP schedule, OSS compliance report, contributor agreements and material license contracts.
IP, contracts and insurance evidence gaps
diligence areapublic signalmissing evidence
Software IP and OSSLayerZero-v2 and devtools repositories are public.License scan, contributor assignments, dependency audit and patent/trademark portfolio.
Material contractsPartner and product pages name ecosystem relationships.Customer, issuer, DVN, Executor, supplier, investor and foundation/company agreements.
InsuranceSecurity incident and high-value bounty make coverage material.Cyber, D&O, E&O, crime and digital-asset policy schedules, exclusions and claims.

Counsel-led review is required before relying on any IP or contract conclusions.

VIII.E Insurance coverage and material exposures

not publicly verifiable confidence: high

Insurance coverage, cyber limits, D&O coverage and incident reserves are not public.

Evidence gaps

  • Insurance policies, exclusions, claims history and incident reserves.

Hidden risks

  • Exclusions for digital assets, sanctions, state actors or token activity may limit recoveries.

Follow-up questions

  • Provide insurance schedule, broker letters, claims history and coverage analysis for KelpDAO/FTX exposures.

VIII.F Material contracts

not publicly verifiable confidence: high

Customer, supplier, foundation/company, token, investor, DVN/Executor and asset-issuer contracts are not public.

Evidence gaps

  • Contract schedule with customers, suppliers, investors, foundation, token issuers and strategic partners.

Hidden risks

  • Indemnities, SLAs, revenue shares, token grants and termination rights may materially affect risk and economics.

Follow-up questions

  • Provide all material contracts and a contract-risk summary.

VIII.G Regulatory agency problems

inconclusive confidence: low

No counsel-certified regulatory-agency problem search was performed; ZRO, cross-chain value transfer, sanctions screening and the KelpDAO incident require focused legal review.

Evidence gaps

  • Regulatory correspondence, subpoenas, token legal memos and sanctions/money-transmission analyses.

Hidden risks

  • Securities/commodities, money transmission, sanctions, consumer protection and cyber incident reporting obligations may vary by jurisdiction.

Follow-up questions

  • Commission counsel review of ZRO, fee switch, buybacks, asset issuance, OFAC/KYC and cyber incident obligations.

Evidence

Evidence claims
IDClaimStatusSources
EC-001 CB Insights lists LayerZero Labs as a $3B unicorn with United States / New York and Enterprise Tech metadata. verified high SRC-001
EC-002 A 2022 public financing release reported LayerZero Labs raised $135M at a $1B valuation. verified medium SRC-002
EC-003 TechCrunch reported a $120M Series B at a $3B valuation and over $250M raised to date. verified high SRC-003
EC-004 LayerZero describes itself as an omnichain messaging protocol and permissionless open framework for moving information between blockchains. verified high SRC-005
EC-005 LayerZero's Interoperability page claims 160+ supported blockchains and describes infrastructure, value-transfer and asset-issuance products. partially verified medium SRC-007
EC-006 LayerZero V2 separates application, endpoint, message library, DVN and Executor responsibilities. verified high SRC-006
EC-007 LayerZero security is application-configurable using DVNs and X-of-Y-of-N thresholds. verified high SRC-009
EC-008 LayerZero Executors are permissionless, but docs identify default Executor concentration at LayerZero Labs. verified high SRC-010
EC-009 LayerZero's transaction pricing includes source gas, DVN/security stack fees, Executor fees and destination gas purchase. verified high SRC-008
EC-010 The LayerZero-v2 GitHub repository documents the open-source protocol, contract standards, MessageLibs, DVNs and Executors. verified high SRC-011
EC-011 The devtools repository contains developer examples and packages but is marked beta with potential breaking changes. verified high SRC-012
EC-012 TechCrunch reported 2023 usage/adoption proxies including DEX applications, $7B TVL, $6B volume and hundreds of thousands of users. partially verified medium SRC-003
EC-013 LayerZero's Interoperability page displays named partner/asset-issuer logos and use cases. partially verified medium SRC-007
EC-014 Immunefi lists a LayerZero bug bounty with smart-contract critical rewards up to $15M and KYC/OFAC requirements. verified high SRC-013
EC-015 TechCrunch reported in May 2023 that LayerZero and Immunefi launched a $15M bounty and that the protocol had not had a security exploit or hack since inception as of that article. partially verified medium SRC-014
EC-016 LayerZero's 2026 KelpDAO incident statement reports an approximately $290M exploit tied to KelpDAO's single-DVN setup and RPC spoofing affecting the LayerZero Labs DVN. partially verified medium SRC-020
EC-017 CourtListener search identifies FTX Recovery Trust v. LayerZero Labs Ltd., Bankr. D. Del. docket 23-50492, filed 2023-09-08 and terminated 2025-02-18. verified medium SRC-015
EC-018 The LayerZero Foundation page links ZRO buybacks, governance, fee-switch voting and Bridge ZRO. verified medium SRC-016
EC-019 The careers page shows open roles across finance, engineering, GTM, product, recruiting and marketing, with Vancouver, New York and APAC locations. verified medium SRC-017
EC-020 Key private-company diligence materials were not available in public sources reviewed. not publicly verifiable high SRC-001SRC-003SRC-004SRC-007SRC-016SRC-017
EC-021 LayerZero maintains a public Audits repository with audit directories for multiple protocol/product areas. verified medium SRC-018
EC-022 LayerZero OFT documentation explains token movement via burn/mint or adapter lock/unlock patterns. verified high SRC-019
EC-023 LayerZero blog index shows ongoing pipeline around Zero, institutional assets, Canton, Centrifuge, Worldpay and tokenized assets. partially verified medium SRC-021
EC-024 LayerZero's transaction and bounty compliance surfaces include sanctions/KYC and cross-chain value movement risk. partially verified medium SRC-008SRC-013SRC-019
EC-025 TechCrunch identifies Bryan Pellegrino as LayerZero Labs CEO and co-founder. verified high SRC-003SRC-014
Sources
IDPublisherTitleAccessed
SRC-001 CB Insights CB Insights The Complete List Of Unicorn Companies 2026-05-18
SRC-002 BusinessWire LayerZero Labs Raises $135 Million to Unite Decentralized Applications Across Blockchains 2026-05-18
SRC-003 TechCrunch Blockchain messaging protocol LayerZero raises $120M, hitting $3B valuation 2026-05-18
SRC-004 LayerZero LayerZero homepage 2026-05-18
SRC-005 LayerZero Docs What is LayerZero? 2026-05-18
SRC-006 LayerZero Docs LayerZero Protocol Architecture 2026-05-18
SRC-007 LayerZero LayerZero Interoperability 2026-05-18
SRC-008 LayerZero Docs Transaction Pricing Model 2026-05-18
SRC-009 LayerZero Docs Security Stack (DVNs) 2026-05-18
SRC-010 LayerZero Docs Executors 2026-05-18
SRC-011 GitHub / LayerZero-Labs LayerZero-v2 README 2026-05-18
SRC-012 GitHub / LayerZero-Labs LayerZero Developer Utilities README 2026-05-18
SRC-013 Immunefi LayerZero Bug Bounties 2026-05-18
SRC-014 TechCrunch LayerZero and Immunefi launch largest crypto bug bounty program with up to $15M in rewards 2026-05-18
SRC-015 CourtListener / Free Law Project CourtListener search result for FTX Recovery Trust v. LayerZero Labs Ltd. 2026-05-18
SRC-016 LayerZero Foundation LayerZero Foundation 2026-05-18
SRC-017 LayerZero LayerZero Careers 2026-05-18
SRC-018 GitHub / LayerZero-Labs LayerZero-Labs Audits repository 2026-05-18
SRC-019 LayerZero Docs LayerZero V2 OFT Quickstart 2026-05-18
SRC-020 LayerZero KelpDAO Incident Statement 2026-05-18
SRC-021 LayerZero LayerZero Blog 2026-05-18

Disclaimer

This report is a public-evidence diligence snapshot, not investment advice. Important financial, legal, technical, and contractual facts remain non-public and should be verified directly with management and primary documents before any investment decision.