Crypto projects with more than $3 billion in total value locked are migrating their cross-chain infrastructure to Chainlink’s Cross-Chain Interoperability Protocol (CCIP) following a $292 million exploit at KelpDAO, a move that is intensifying scrutiny of bridge security across decentralized finance. Chainlink confirmed that four protocols—KelpDAO, Solv Protocol, Re, and Tydro—have begun decommissioning legacy oracles and bridge systems in favor of CCIP.

The shift is coinciding with a rebound in LINK’s market performance. According to CryptoSlate data, LINK rose 15% to $10.52, its highest level since January, as traders responded to the acceleration in CCIP adoption. Blockchain analytics firm Santiment reported a tightening in available supply on exchanges, noting that LINK’s exchange reserves fell by 13.5 million tokens over five weeks—more than 10.5% of the exchange-held supply recorded in early April.

The migration wave marks a broader reassessment of Chainlink’s role in crypto infrastructure. Long identified with price feeds and oracle services, Chainlink is increasingly positioned as a security-forward cross-chain layer as DeFi teams revisit how they transfer tokens and data between networks.

Technology Overview

Cross-chain bridges connect otherwise separate blockchains, enabling the movement of tokens, NFTs, and application data without forcing users through centralized exchanges. As decentralized finance has expanded across ecosystems such as Ethereum and Solana, the ability to move value seamlessly has become a foundational requirement. Lending markets, staking assets, stablecoins, and tokenized instruments rely on this connectivity to prevent liquidity from fragmenting across chains.

Bridge security, however, has emerged as a persistent point of failure. These systems often manage large collateral pools and depend on complex verification mechanisms, making them frequent targets. Chainalysis has described cross-chain bridges as one of the blockchain industry’s major security risks; by 2022, more than $2 billion had been stolen across 13 bridge hacks, with North Korean–linked groups among the most active attackers. Against this backdrop, standardized security models and operational guardrails have gained traction across the sector.

How It Works

Chainlink’s CCIP, which launched on mainnet in July 2023, routes cross-chain messages and token transfers through Chainlink’s decentralized oracle networks. This is the same underlying infrastructure that powers the network’s data feeds—components that secure large portions of DeFi. Chainlink says these oracle networks now number more than 2,000 in production, collectively securing over $110 billion in value and powering more than 70% of DeFi.

Unlike many traditional bridges that depend on a narrow validator set or a single verification pathway, CCIP is designed to transmit both data and token value using Chainlink’s oracle-based architecture. For protocols, this offers a path to consolidate security assumptions around an existing, widely used oracle layer rather than maintaining bespoke bridge designs. The result is an attempt to reduce single points of failure while preserving the ability to move assets and messages across multiple chains.

Industry Impact

The move by KelpDAO, Solv Protocol, Re, and Tydro underscores how cross-chain connectivity has shifted from back-end plumbing to a central pillar of risk management. For teams overseeing hundreds of millions of dollars, the choice of bridge or interoperability framework now directly influences user protection and operational resilience. That lens helps explain why protocols are evaluating standardized options such as CCIP after a high-profile breach.

For Chainlink, the recent adoption highlights growing demand for cross-chain infrastructure that pairs interoperability with well-established security primitives. As integration expands, LINK’s price reaction and the decline in exchange reserves suggest that market participants are also revaluing the project’s role in a multi-chain ecosystem.

LayerZero attempts to contain the fallout

The pivot toward CCIP has placed pressure on LayerZero, the cross-chain platform previously used by KelpDAO, to address its role in the April 18 breach. On May 9, roughly three weeks after the incident, LayerZero issued an apology, acknowledging that its post-exploit communication fell short and conceding that its security model allowed a high-value application to operate without sufficient safeguards. The company had initially maintained that its infrastructure worked as designed and that responsibility lay with the application’s configuration, but later said it should have exercised stronger oversight over how its decentralized verifier network was used.

LayerZero stated that it “made a mistake” by allowing its Decentralized Verifier Networks (DVNs) to function as the sole verifier for high-value cross-chain transactions without adequate guardrails. “We didn’t police what our DVN was securing, which created a risk we simply didn’t see. We own that,” the company said. The admission cuts to the core design debate: LayerZero’s model gives application developers broad flexibility to configure verification, a draw for teams that want tighter control over their security assumptions. The KelpDAO exploit shows the downside when verification becomes too narrow—if a single verifier is compromised, user funds may face direct risk.

LayerZero also disclosed a previously unreported incident from three years ago involving one of its multisig signers, who mistakenly used LayerZero hardware for a personal trade. The signer was removed, wallets were rotated, and the company later moved to a custom-built multisig framework. The disclosure aimed to demonstrate that the protocol had addressed earlier internal lapses, even as clients reevaluate exposure.

The company said the KelpDAO exploit affected only a single application, representing 0.14% of network applications and roughly 0.36% of total value on the protocol, and noted that no other application was affected. That position threads a narrow needle: acknowledging that the configuration should not have been permitted to secure so much value while asserting that the issue was isolated.

Can LayerZero restore institutional confidence?

The focus now is whether LayerZero’s apology and technical explanation can slow client migration. Tom Wan, head of data at Entropy Advisors, questioned whether the damage to institutional confidence is already done, asking, “Can an apology stop their clients from leaving to Chainlink, or is this just the beginning?” LayerZero counters that more than $9 billion has moved through its infrastructure since the April attack, indicating ongoing usage by applications and users.

Wan also pointed out that several major assets—including USDe, WBTC, and weETH—remain active on LayerZero. Continued flows suggest the protocol has not suffered a complete loss of trust, even as prominent projects reconfigure parts of their cross-chain stack elsewhere.

Supporters argue LayerZero’s flexibility remains a core advantage when teams align configurations with the scale of capital at risk. Lorenzo Romagnoli, co-founder of USDT0, said the model requires asset issuers to take security seriously from the outset. USDT0, the largest asset on the LayerZero network, has moved $4 billion across chains without incident. “LayerZero is the golden standard for cross-chain interoperability because of its high level of customizability,” Romagnoli said, adding that the application operates its own proprietary veto-powered DVN with invariance checks tailored to its risk profile.

Future Implications

The debate now centers on how to balance configurability with defaults and guardrails strong enough for high-value applications. The KelpDAO exploit has made that trade-off harder to ignore. For Chainlink, the migration wave strengthens CCIP’s position as a security-focused cross-chain standard as teams reassess vendor risk. For LayerZero, the challenge is to demonstrate that a customizable model can meet institutional expectations without exposing users to weak configurations. How protocols answer that question will shape the next phase of Web3 interoperability.