$30 Billion DeFi Capital Exodus: LayerZero Stumbles, Chainlink Feasts

marsbitPublished on 2026-05-13Last updated on 2026-05-13

Abstract

Following the major DeFi security incident involving Kelp DAO, a significant migration of funds is underway from the cross-chain protocol LayerZero to Chainlink's CCIP (Cross-Chain Interoperability Protocol). Over $30 billion in Total Value Locked (TVL) from protocols like Kelp DAO, Solv Protocol, Re, and Tydro has moved to Chainlink in the past week, driven by security concerns. LayerZero is facing a severe trust crisis after the attack. Initially denying responsibility, LayerZero Labs has now issued a public apology, acknowledging management oversights. These include a vulnerable "1/1" single-node configuration for its Decentralized Verification Network (DVN) and past misuse of a multi-signature wallet by a team member. The protocol's weekly bridge volume has slumped to near-historic lows of around $470 million. In contrast, Chainlink is experiencing a surge in adoption and activity. Its independent active addresses recently hit multi-month highs, and whales have been accumulating LINK tokens. Beyond DeFi, Chainlink is securing partnerships with traditional finance giants like DTCC, European stock exchange operator SIX Group, and asset manager Amundi. While LayerZero has announced security upgrades—such as migrating to stronger multi-signature configurations and developing a second DVN client—and contributed to a rescue fund, the event underscores that security is becoming a decisive competitive factor as DeFi matures.

Author: Nancy, PANews

With several leading protocols stepping in to inject capital, quickly covering the funding gap and advancing on-chain recovery, the rescue efforts for the Kelp DAO attack incident have recently seen substantial progress. However, compared to the financial repairs, the harder thing to restore remains market trust.

At the center of this vortex, cross-chain leader LayerZero is facing accelerating withdrawals from many protocols and was forced to make a dramatic shift in attitude within just a few weeks—from initially shifting blame and denying responsibility to now publicly apologizing and initiating rectifications. Meanwhile, Chainlink has unexpectedly become a beneficiary of this crisis, with its CCIP protocol absorbing a large portion of migrating liquidity, showing notable growth in on-chain data.

Securing $30 Billion in Migration in a Single Week, Chainlink Reaps Security Dividends

As the largest DeFi security incident to date in 2026, the Kelp DAO attack has accelerated the migration of on-chain liquidity.

As LayerZero's security controversy continues to ferment, an increasing number of DeFi protocols are reevaluating cross-chain risks and proactively seeking more reliable havens. Over the past week, Chainlink has intensively announced multiple migration cases.

On May 9, Chainlink officially disclosed that four protocols, including Kelp DAO, Solv Protocol, Re, and Tydro, had recently abandoned their original cross-chain bridge or oracle solutions and migrated to Chainlink CCIP. The combined TVL of these related protocols exceeds $30 billion. The official even specifically added the phrase "The Great Migration" to hype this ecosystem shift, revealing strong competitive undertones.

Behind this migration wave is a realignment centered on security.

And besides DeFi protocols realigning due to security concerns, Chainlink has also been continuously gaining favor from traditional financial institutions and crypto projects in recent months.

In March of this year, Coinbase directly put its exchange market data on-chain for the first time via Chainlink's newly launched DataLink service; Europe's largest asset management firm, Amundi, collaborated with Spiko to launch a tokenized public fund based on Chainlink.

In April, OpenAssets formed a strategic partnership with Chainlink, launching an asset tokenization infrastructure solution for institutions; major European stock exchange operator SIX Group partnered with Chainlink to push Swiss and Spanish stock market data on-chain; AWS Marketplace listed Chainlink data services, connecting traditional cloud and blockchain.

In May, the US Depository Trust & Clearing Corporation (DTCC) announced the introduction of Chainlink to build a blockchain collateral management platform, aiming to achieve near-real-time settlement around the clock; Huma Finance partnered with Chainlink to introduce institutional-grade yield products into the multi-chain ecosystem.

Accompanying the ongoing ecosystem expansion, Chainlink's on-chain activity has also noticeably heated up. According to Santiment monitoring, Chainlink's number of unique active addresses broke 282,000 and 264,000 on May 9 and 10, respectively, hitting the highest records since September 2025, and noted this was primarily influenced by the recent large-scale migration of DeFi protocol infrastructure.

Meanwhile, official Chainlink data shows that the total value of its cross-chain tokens has exceeded $61.8 billion, with CCIP transaction volume reaching $19.5 billion.

Market confidence is also reflected in changes in LINK token holdings. According to Santiment monitoring earlier this month, over the past month, Chainlink whale and shark addresses holding between 100,000 and 10 million LINK cumulatively added 32.93 million LINK. Historically, this has often been a strong bullish signal. Over the past 30 days, LINK has risen approximately 19.7%.

LayerZero Faces Trust Crisis, Officials Issue Emergency Apology and Overhaul

Currently, LayerZero is mired in a trust crisis.

According to DefiLlama data, LayerZero's weekly Bridge transaction volume has now declined to about $470 million, approaching historical lows. This attack incident has plunged LayerZero into a trust crisis.

In the early stages of the hack, Kelp DAO attributed the vulnerability exploit to LayerZero's security issues. Subsequently, LayerZero quickly denied responsibility, stating that multiple accusations by Kelp DAO in the rsETH security incident were completely false.

But the controversy did not subside. Last week, LayerZero Labs co-founder and CEO Bryan Pellegrino engaged in heated debates with several security researchers in the ETHSecurity Community Telegram group.

The focal point of contention is that LayerZero Labs could immediately upgrade the default library contract without a timelock, theoretically allowing forged cross-chain messages. This exposed over $3 billion in LZ OFT assets to potential risk for a period. Security researcher Banteg pointed out that several mainstream projects, including Ethena and EtherFi, were still using this default library weeks ago, and about $178 million in assets remain exposed to risk.

Simultaneously, on-chain data also showed that LayerZero's multi-signature address had conducted Meme coin trading, DEX swaps, and cross-chain bridging operations unrelated to multi-signature duties, further raising community concerns about key security. In response, Bryan admitted that related operations were indeed performed by multi-signature team members but denied they constituted "Meme coin speculation trading," claiming the purpose was merely "testing PEPE OFT functionality," and stated that the involved members had been removed.

To mitigate risks, Bryan also publicly advised project teams to promptly adopt a "fixed configuration" to replace the default configuration. Subsequently, Banteg published a list of LayerZero projects still using the default library contract and called on related protocols to migrate as soon as possible.

These remarks quickly sparked industry discussion and skepticism. Chainlink Strategy Lead Zach Rynes had previously criticized LayerZero Labs, stating that its multi-signature keys had long suffered from serious OPSEC (operational security) failures, directly exposing tens of billions in OFT assets to security risks. He further stated that if LayerZero and the industry had truly heeded the persistent warnings from security researchers over the past few years, such attack incidents could have been entirely avoided.

Facing market舆论 and ongoing ecosystem bleeding, LayerZero's attitude shifted noticeably. On May 9, LayerZero officially released a public apology statement, addressing the security incidents and communication issues over the past three weeks.

LayerZero Labs stated that the internal RPC it used had been attacked by the Lazarus Group over the past three weeks, compromising the authenticity source of its DVN (Decentralized Verification Network), while external RPC providers suffered DDoS attacks. The incident affected only 0.14% of applications and approximately 0.36% of asset value, the LayerZero protocol itself was unaffected, and over $9 billion in assets continued normal cross-chain flow after the incident.

However, LayerZero Labs also acknowledged for the first time that it was responsible for management oversight in previously allowing DVNs to provide security for high-value transactions with a "1/1" single-node configuration, which posed a single point of failure risk. The official also disclosed that three and a half years ago, a multi-signature signer mistakenly used a multi-signature hardware wallet for personal transactions. That signer has been removed, and the relevant wallet has been rotated.

Regarding subsequent rectifications, LayerZero Labs announced a series of security upgrade measures, including: already ceasing services for the 1/1 DVN configuration, currently migrating all path default configurations to a 5/5 multi-signature setup with a minimum of 3/3; developing a second DVN client based on Rust to achieve client diversity; launching the dedicated multi-signature tool OneSig to enhance signature security; and launching the unified management platform Console for asset issuance configuration and abnormal behavior detection.

Additionally, LayerZero also contributed over 10,000 ETH to this DeFi United rescue effort, of which 5,000 ETH will be used for the fund, and the remaining 5,000 ETH will be reserved for Aave.

Despite the escalating controversy, LayerZero has not completely lost its market. Major assets, including Ethena's USDe product, EtherFi's weETH asset, and BitGo's WBTC, continue to use LayerZero's OFT standard.

Every major security crisis triggers a redistribution of liquidity and discourse power. As the crypto industry increasingly moves towards mainstream financial markets, the criteria for evaluating underlying infrastructure will become ever more stringent, with security capabilities becoming one of the core competitive advantages.

Related Questions

QWhat was the immediate consequence of the Kelp DAO hack on the cross-chain infrastructure landscape?

AIt triggered a rapid migration of DeFi liquidity away from LayerZero due to security concerns, with over $30 billion in TVL from protocols like Kelp DAO moving to Chainlink's CCIP within a week.

QAccording to the article, what were two key security issues highlighted by researchers regarding LayerZero?

AFirst, LayerZero's default library contract, which could be upgraded instantly without a timelock, potentially allowing forged cross-chain messages. Second, suspicious non-multisig-related activities from a multisig signer address, raising concerns about key security.

QHow did Chainlink's on-chain activity and LINK token react to the migration trend mentioned in the article?

AChainlink's daily active unique addresses surged to over 282,000 and 264,000, the highest since September 2025. Furthermore, whales and sharks holding 100k to 10M LINK accumulated over 32.9 million LINK in a month, while the LINK token price rose approximately 19.7% in 30 days.

QWhat specific corrective measures did LayerZero announce in its public apology on May 9th?

ALayerZero announced several measures: stopping service for 1/1 DVN configurations, migrating all paths to at least 3/3 or 5/5 multisig setups, developing a second DVN client in Rust for client diversity, launching a dedicated multisig tool called OneSig, and releasing a management platform called Console for configuration and anomaly detection.

QDespite the crisis, which major assets and protocols were mentioned as still continuing to use LayerZero's technology?

AMajor assets and protocols continuing to use LayerZero's OFT standard include Ethena's USDe, EtherFi's weETH, and BitGo's WBTC.

Related Reads

From Banning Doubao to Embracing Honor: Why Did WeChat Suddenly 'Change Its Face'?

The article explores the sudden shift in WeChat's strategy towards AI assistants from mobile phone manufacturers, transitioning from strict opposition to active collaboration. For over a year, WeChat fiercely resisted attempts by phone AI assistants (like ByteDance's Doubao in late 2025) to control its features via GUI automation ("simulated clicking"), citing security and data control concerns. This stance created a significant barrier for system-level AI integration. Now, Tencent has initiated A2A (Agent-to-Agent) partnerships with major phone brands like Honor, Xiaomi, OPPO, and vivo. This model allows a phone's system AI (e.g., Honor's YOYO) to parse a user's voice command and send a structured request directly to WeChat's own internal AI agent via secure APIs. WeChat then executes the action (e.g., sending a message) and returns the result. The article attributes Tencent's "change of face" to strategic pressure. While leading in social app usage, Tencent trails rivals like ByteDance and Alibaba in standalone AI app popularity. WeChat, with its vast mini-program ecosystem, is Tencent's key asset for an AI comeback. The upcoming WeChat AI agent aims to handle tasks like booking and payments within the app. However, phone system assistants remain the primary AI entry point for most users. The A2A collaboration allows Tencent to extend WeChat's AI reach to this crucial system layer while maintaining control over its core functions and data. For phone manufacturers, embracing A2A is a pragmatic move. The GUI route proved unviable due to WeChat's blocks. A2A offers a compliant path to integrate a vital service, enhancing their AI assistants' usefulness. It allows them to focus on developing their own AI ecosystems for other services while cooperating on WeChat access. The collaboration is framed as a mutual, strategic necessity: Tencent gains a distribution channel, and manufacturers gain a key functionality. The partnership relies on a "dual authorization" mechanism for security, requiring both user and app consent for each action. While questions about long-term data privacy practices remain, experts note A2A is more secure and compliant than GUI automation. Ultimately, this cooperation is seen as a tentative, calculated truce. Tencent's long-term goal is to make WeChat an AI-powered "service OS." Phone manufacturers aim to make their system AI the central user interface. Their paths may converge or clash in the future, but for now, the A2A deal represents the opening chapter in the battle for the AI-era user入口, driven by necessity and strategic calculus on both sides.

marsbit36m ago

From Banning Doubao to Embracing Honor: Why Did WeChat Suddenly 'Change Its Face'?

marsbit36m ago

On-Chain Figures on the Eve of Kickoff: 1.6 Billion Traded Before the World Cup Even Begins

"On-Chain Numbers on the Eve of the World Cup: $1.6 Billion Traded Before Kick-off" Analysis of on-chain markets before the 2026 FIFA World Cup reveals significant crypto integration into football. The most striking figure is the approximately **$1.6 billion** in total trading volume on the single "World Cup Winner" contract on the Polymarket prediction market platform, accumulated before a single match was played. This represents explosive growth for a sector whose annual volume surged from ~$16B in 2024 to ~$64B in 2025. The ecosystem is maturing beyond speculation. Key developments include: 1) **Infrastructure upgrades** like Polymarket's migration to native, regulated USDC stablecoin for settlements; 2) **Reliable data oracles**, such as Chainlink, being used to resolve real-world match outcomes on-chain; and 3) **Official recognition**, with FIFA appointing its first-ever "Prediction Markets" partner. Over 100 contracts now cover everything from the outright winner to individual match results and even non-sporting risks like venue relocation. This evolution marks a fundamental shift. While crypto firms are absent from FIFA's top-tier sponsor list, the technology has deeply penetrated the tournament's financial and predictive infrastructure through regulated stablecoin settlements, decentralized oracles, and new official partnership categories. The regulatory landscape remains complex and varies by jurisdiction, but on-chain markets for the World Cup are already a multi-billion-dollar reality.

marsbit1h ago

On-Chain Figures on the Eve of Kickoff: 1.6 Billion Traded Before the World Cup Even Begins

marsbit1h ago

From SpaceX's IPO to the Future of Crypto: Which Crypto Sectors Will Host the Trillion-Dollar Narrative?

From the SpaceX IPO, which targets a $750 billion raise at a $1.77 trillion valuation, we can extrapolate capital flow trends relevant to crypto. The focus shifts from speculative narratives to foundational infrastructure and real-world asset (RWA) integration. Key crypto sectors poised to benefit include: 1. **AI Infrastructure**: The narrative is moving from consumer-facing AI applications to underlying, scarce resources like compute power and decentralized GPU networks (e.g., TAO, RENDER, AKT, IO). These protocols are positioning as the essential "picks and shovels" providers for the AI economy. 2. **Real-World Assets (RWA)**: Beyond tokenized treasury bonds, RWA's future lies in on-chain equity and pre-IPO assets like SpaceX. This could democratize access to high-growth assets and reshape global capital flows, benefiting infrastructure projects like ONDO, LINK, and Plume that facilitate issuance, data, and liquidity. 3. **Core Financial Infrastructure**: Stablecoins, payment networks, and DePIN (Decentralized Physical Infrastructure Networks) are critical for settling the future on-chain economy. Their role expands from internal trading tools to foundational layers for global finance, AI systems, and real-world asset networks, leading to potential value reassessment. In summary, the next cycle may prioritize long-term infrastructure value—AI compute, asset tokenization networks, and settlement layers—over short-lived application hype, mirroring the broader market's shift towards funding the foundational systems of the future.

marsbit1h ago

From SpaceX's IPO to the Future of Crypto: Which Crypto Sectors Will Host the Trillion-Dollar Narrative?

marsbit1h ago

Bitcoin Drops To $59,000 For First Time Since 2024: Crypto’s Total Value Sheds $2 Trillion Since October

Bitcoin's decline accelerated on Friday, dropping to approximately $59,685, its lowest point since October 2024. This sell-off has extended across the broader cryptocurrency market, erasing over $2 trillion in value from its October 2025 peak of around $4.2 trillion. Major factors cited include significant outflows from Bitcoin ETFs and renewed geopolitical tensions. Other major cryptocurrencies, including Ethereum, XRP, Solana, and Dogecoin, also experienced significant drops, with Ethereum falling over 12% to its lowest level since April 2025. Market sentiment has deteriorated sharply, with the crypto Fear & Greed Index indicating "extreme fear." Bitcoin is now down more than 50% from its all-time high of about $126,000 in October, with its market capitalization falling from roughly $2.5 trillion to $1.2 trillion. Looking ahead, some traders project Bitcoin could recover to around $65,000 by year-end, but this would still leave it far below its previous peak, suggesting a full recovery from current losses may not be imminent.

bitcoinist1h ago

Bitcoin Drops To $59,000 For First Time Since 2024: Crypto’s Total Value Sheds $2 Trillion Since October

bitcoinist1h ago

Crypto Market Plunges: Bitcoin Breaks Below $60k, Ethereum Drops Over 10%, Strategy Hunted by Short Sellers

Bitcoin experienced a severe sell-off, falling below $60,000 to its lowest point since October 2024, with weekly losses reaching 16%. The decline was triggered by Michael Saylor's MicroStrategy selling part of its Bitcoin holdings, which sparked hundreds of millions in forced liquidations. Stronger-than-expected U.S. jobs data then pushed Treasury yields higher, further pressuring risk assets like crypto. MicroStrategy's stock plummeted 24% for the week, its worst performance since late 2022, as bearish bets against the company surged. The sell-off was exacerbated by a shift of speculative capital towards AI and semiconductor stocks, as well as dimming prospects for key U.S. crypto legislation. Bitcoin's correlation with major stock indices has recently broken down, failing to rally alongside record-high equities. While Bitcoin ETFs saw a slight inflow after a record 13-day outflow streak, total assets under management have shrunk significantly. Despite the gloom, some, like Strive's CEO, view the drop to the 200-week moving average as a historic buying opportunity. Meanwhile, options markets show intense put buying on MicroStrategy, and its floating-rate preferred shares (STRC) have also plunged, reflecting heightened market risk perception towards Saylor's strategy amid a rising rate environment.

华尔街日报2h ago

Crypto Market Plunges: Bitcoin Breaks Below $60k, Ethereum Drops Over 10%, Strategy Hunted by Short Sellers

华尔街日报2h ago

Trading

Spot
Futures
活动图片