TLDR on the KelpDao article on LayerZero:

1. The attack originated from inside LayerZero's core infrastructure, not RPC poisoning.
2. LayerZero Labs DVN and Nethermind DVN share a substantial ADMIN_ROLE set on-chain.

I cant comment on 1/ (although very scary if true)
However for 2/: I have taken a look at it personally since the exploit, and it is true:

LZ Labs DVN — 24 admins
Nethermind DVN — 17 admins

16 of those 17 Nethermind admins are also admins on the LZ Labs DVN — i.e. ~94% overlap. Anyone holding one of those 16 keys has admin power over both DVNs.

Contracts:
LZ DVN: 0x589dEDbD617e0CBcB916A9223F4d1300c294236b
Nethermind DVN: 0xa59bA433aC34D2927232918ef5b2eaafcf130bA5

SolvBTC current status: all LayerZero bridges remain paused. We won't be reinstating LayerZero bridges until at least a 4/4 setup is in place, and we won't be choosing both LayerZero and Nethermind DVNs at the same time.