Odaily News Bryan Pellegrino, CEO of the cross-chain interoperability protocol LayerZero, informed the Across Protocol team in a post on the X platform, "I would like to inform you that there is a verification issue in your token contract. You mistakenly exposed a function that was supposed to be an internal private function, which was written by Open Zeppelin in its ERC20 token implementation to destroy tokens and gave it to the contract owner, which allows you to withdraw tokens from any wallet at any time and arbitrarily reset the balance of any account to zero. In addition, both the Across Protocol and UMA Protocol contracts have the ability to mint unlimited coins, but I have notified you of these two problems and you don't seem to care. To solve this problem, it is not necessary to reissue tokens: transfer the ownership of the contract to a new smart contract to prevent the minting amount from exceeding the total supply, and do not allow destruction. Since this is a permanent vulnerability, the new contract must be immutable and should not include any function to transfer ownership. If you have an active bug bounty program, you can attribute this information to the LayerZero team."