$30 Billion DeFi Capital Exodus: LayerZero Stumbles, Chainlink Feasts

marsbitPubblicato 2026-05-13Pubblicato ultima volta 2026-05-13

Introduzione

Following the major DeFi security incident involving Kelp DAO, a significant migration of funds is underway from the cross-chain protocol LayerZero to Chainlink's CCIP (Cross-Chain Interoperability Protocol). Over $30 billion in Total Value Locked (TVL) from protocols like Kelp DAO, Solv Protocol, Re, and Tydro has moved to Chainlink in the past week, driven by security concerns. LayerZero is facing a severe trust crisis after the attack. Initially denying responsibility, LayerZero Labs has now issued a public apology, acknowledging management oversights. These include a vulnerable "1/1" single-node configuration for its Decentralized Verification Network (DVN) and past misuse of a multi-signature wallet by a team member. The protocol's weekly bridge volume has slumped to near-historic lows of around $470 million. In contrast, Chainlink is experiencing a surge in adoption and activity. Its independent active addresses recently hit multi-month highs, and whales have been accumulating LINK tokens. Beyond DeFi, Chainlink is securing partnerships with traditional finance giants like DTCC, European stock exchange operator SIX Group, and asset manager Amundi. While LayerZero has announced security upgrades—such as migrating to stronger multi-signature configurations and developing a second DVN client—and contributed to a rescue fund, the event underscores that security is becoming a decisive competitive factor as DeFi matures.

Author: Nancy, PANews

With several leading protocols stepping in to inject capital, quickly covering the funding gap and advancing on-chain recovery, the rescue efforts for the Kelp DAO attack incident have recently seen substantial progress. However, compared to the financial repairs, the harder thing to restore remains market trust.

At the center of this vortex, cross-chain leader LayerZero is facing accelerating withdrawals from many protocols and was forced to make a dramatic shift in attitude within just a few weeks—from initially shifting blame and denying responsibility to now publicly apologizing and initiating rectifications. Meanwhile, Chainlink has unexpectedly become a beneficiary of this crisis, with its CCIP protocol absorbing a large portion of migrating liquidity, showing notable growth in on-chain data.

Securing $30 Billion in Migration in a Single Week, Chainlink Reaps Security Dividends

As the largest DeFi security incident to date in 2026, the Kelp DAO attack has accelerated the migration of on-chain liquidity.

As LayerZero's security controversy continues to ferment, an increasing number of DeFi protocols are reevaluating cross-chain risks and proactively seeking more reliable havens. Over the past week, Chainlink has intensively announced multiple migration cases.

On May 9, Chainlink officially disclosed that four protocols, including Kelp DAO, Solv Protocol, Re, and Tydro, had recently abandoned their original cross-chain bridge or oracle solutions and migrated to Chainlink CCIP. The combined TVL of these related protocols exceeds $30 billion. The official even specifically added the phrase "The Great Migration" to hype this ecosystem shift, revealing strong competitive undertones.

Behind this migration wave is a realignment centered on security.

And besides DeFi protocols realigning due to security concerns, Chainlink has also been continuously gaining favor from traditional financial institutions and crypto projects in recent months.

In March of this year, Coinbase directly put its exchange market data on-chain for the first time via Chainlink's newly launched DataLink service; Europe's largest asset management firm, Amundi, collaborated with Spiko to launch a tokenized public fund based on Chainlink.

In April, OpenAssets formed a strategic partnership with Chainlink, launching an asset tokenization infrastructure solution for institutions; major European stock exchange operator SIX Group partnered with Chainlink to push Swiss and Spanish stock market data on-chain; AWS Marketplace listed Chainlink data services, connecting traditional cloud and blockchain.

In May, the US Depository Trust & Clearing Corporation (DTCC) announced the introduction of Chainlink to build a blockchain collateral management platform, aiming to achieve near-real-time settlement around the clock; Huma Finance partnered with Chainlink to introduce institutional-grade yield products into the multi-chain ecosystem.

Accompanying the ongoing ecosystem expansion, Chainlink's on-chain activity has also noticeably heated up. According to Santiment monitoring, Chainlink's number of unique active addresses broke 282,000 and 264,000 on May 9 and 10, respectively, hitting the highest records since September 2025, and noted this was primarily influenced by the recent large-scale migration of DeFi protocol infrastructure.

Meanwhile, official Chainlink data shows that the total value of its cross-chain tokens has exceeded $61.8 billion, with CCIP transaction volume reaching $19.5 billion.

Market confidence is also reflected in changes in LINK token holdings. According to Santiment monitoring earlier this month, over the past month, Chainlink whale and shark addresses holding between 100,000 and 10 million LINK cumulatively added 32.93 million LINK. Historically, this has often been a strong bullish signal. Over the past 30 days, LINK has risen approximately 19.7%.

LayerZero Faces Trust Crisis, Officials Issue Emergency Apology and Overhaul

Currently, LayerZero is mired in a trust crisis.

According to DefiLlama data, LayerZero's weekly Bridge transaction volume has now declined to about $470 million, approaching historical lows. This attack incident has plunged LayerZero into a trust crisis.

In the early stages of the hack, Kelp DAO attributed the vulnerability exploit to LayerZero's security issues. Subsequently, LayerZero quickly denied responsibility, stating that multiple accusations by Kelp DAO in the rsETH security incident were completely false.

But the controversy did not subside. Last week, LayerZero Labs co-founder and CEO Bryan Pellegrino engaged in heated debates with several security researchers in the ETHSecurity Community Telegram group.

The focal point of contention is that LayerZero Labs could immediately upgrade the default library contract without a timelock, theoretically allowing forged cross-chain messages. This exposed over $3 billion in LZ OFT assets to potential risk for a period. Security researcher Banteg pointed out that several mainstream projects, including Ethena and EtherFi, were still using this default library weeks ago, and about $178 million in assets remain exposed to risk.

Simultaneously, on-chain data also showed that LayerZero's multi-signature address had conducted Meme coin trading, DEX swaps, and cross-chain bridging operations unrelated to multi-signature duties, further raising community concerns about key security. In response, Bryan admitted that related operations were indeed performed by multi-signature team members but denied they constituted "Meme coin speculation trading," claiming the purpose was merely "testing PEPE OFT functionality," and stated that the involved members had been removed.

To mitigate risks, Bryan also publicly advised project teams to promptly adopt a "fixed configuration" to replace the default configuration. Subsequently, Banteg published a list of LayerZero projects still using the default library contract and called on related protocols to migrate as soon as possible.

These remarks quickly sparked industry discussion and skepticism. Chainlink Strategy Lead Zach Rynes had previously criticized LayerZero Labs, stating that its multi-signature keys had long suffered from serious OPSEC (operational security) failures, directly exposing tens of billions in OFT assets to security risks. He further stated that if LayerZero and the industry had truly heeded the persistent warnings from security researchers over the past few years, such attack incidents could have been entirely avoided.

Facing market舆论 and ongoing ecosystem bleeding, LayerZero's attitude shifted noticeably. On May 9, LayerZero officially released a public apology statement, addressing the security incidents and communication issues over the past three weeks.

LayerZero Labs stated that the internal RPC it used had been attacked by the Lazarus Group over the past three weeks, compromising the authenticity source of its DVN (Decentralized Verification Network), while external RPC providers suffered DDoS attacks. The incident affected only 0.14% of applications and approximately 0.36% of asset value, the LayerZero protocol itself was unaffected, and over $9 billion in assets continued normal cross-chain flow after the incident.

However, LayerZero Labs also acknowledged for the first time that it was responsible for management oversight in previously allowing DVNs to provide security for high-value transactions with a "1/1" single-node configuration, which posed a single point of failure risk. The official also disclosed that three and a half years ago, a multi-signature signer mistakenly used a multi-signature hardware wallet for personal transactions. That signer has been removed, and the relevant wallet has been rotated.

Regarding subsequent rectifications, LayerZero Labs announced a series of security upgrade measures, including: already ceasing services for the 1/1 DVN configuration, currently migrating all path default configurations to a 5/5 multi-signature setup with a minimum of 3/3; developing a second DVN client based on Rust to achieve client diversity; launching the dedicated multi-signature tool OneSig to enhance signature security; and launching the unified management platform Console for asset issuance configuration and abnormal behavior detection.

Additionally, LayerZero also contributed over 10,000 ETH to this DeFi United rescue effort, of which 5,000 ETH will be used for the fund, and the remaining 5,000 ETH will be reserved for Aave.

Despite the escalating controversy, LayerZero has not completely lost its market. Major assets, including Ethena's USDe product, EtherFi's weETH asset, and BitGo's WBTC, continue to use LayerZero's OFT standard.

Every major security crisis triggers a redistribution of liquidity and discourse power. As the crypto industry increasingly moves towards mainstream financial markets, the criteria for evaluating underlying infrastructure will become ever more stringent, with security capabilities becoming one of the core competitive advantages.

Domande pertinenti

QWhat was the immediate consequence of the Kelp DAO hack on the cross-chain infrastructure landscape?

AIt triggered a rapid migration of DeFi liquidity away from LayerZero due to security concerns, with over $30 billion in TVL from protocols like Kelp DAO moving to Chainlink's CCIP within a week.

QAccording to the article, what were two key security issues highlighted by researchers regarding LayerZero?

AFirst, LayerZero's default library contract, which could be upgraded instantly without a timelock, potentially allowing forged cross-chain messages. Second, suspicious non-multisig-related activities from a multisig signer address, raising concerns about key security.

QHow did Chainlink's on-chain activity and LINK token react to the migration trend mentioned in the article?

AChainlink's daily active unique addresses surged to over 282,000 and 264,000, the highest since September 2025. Furthermore, whales and sharks holding 100k to 10M LINK accumulated over 32.9 million LINK in a month, while the LINK token price rose approximately 19.7% in 30 days.

QWhat specific corrective measures did LayerZero announce in its public apology on May 9th?

ALayerZero announced several measures: stopping service for 1/1 DVN configurations, migrating all paths to at least 3/3 or 5/5 multisig setups, developing a second DVN client in Rust for client diversity, launching a dedicated multisig tool called OneSig, and releasing a management platform called Console for configuration and anomaly detection.

QDespite the crisis, which major assets and protocols were mentioned as still continuing to use LayerZero's technology?

AMajor assets and protocols continuing to use LayerZero's OFT standard include Ethena's USDe, EtherFi's weETH, and BitGo's WBTC.

Letture associate

SpaceX, OpenAI, Anthropic: The Three AI Giants Racing for IPO, Which One Is Worth Betting On?

SpaceX, OpenAI, and Anthropic are poised for historic IPOs within weeks, potentially raising a combined $180 billion—a sum exceeding the entire internet bubble's fundraising. The hosts of the Limitless Podcast argue this isn't just individual company financing but an unprecedented capital concentration for AI infrastructure, driven by an insatiable need for compute, data centers, power, and chips. SpaceX's IPO is notable for reportedly changing market index rules to allow faster inclusion, potentially funneling trillions in passive retirement funds into its stock, despite its unproven space-based data center business model. In contrast, Anthropic demonstrates explosive growth, with ARR reportedly hitting $45 billion and approaching profitability, fueled by strong enterprise adoption of products like Claude Code. Google's separate $80 billion raise highlights the immense capital pressure, even for giants. The discussion acknowledges bubble risks but leans optimistic. The hosts contend the massive spending is building essential physical infrastructure for the next technological era. A key bottleneck isn't capital but the real-world limits of chip manufacturing and construction speed. As long as demand for AI compute outstrips supply, this investment cycle represents a foundational build-out rather than a purely financial bubble. All three companies are seen as foundational bets on the future, with Anthropic often cited as the most immediately compelling due to its proven revenue trajectory.

marsbit54 min fa

SpaceX, OpenAI, Anthropic: The Three AI Giants Racing for IPO, Which One Is Worth Betting On?

marsbit54 min fa

From 'Old Guys' to 'New Favorites': How AI Is Revaluing Old Infrastructure from Dell to Nokia?

From "Vintage Tech" to "New AI Darlings": How AI Revalues Old Infrastructure One year ago, tech giants like Dell, Nokia, Cisco, and Western Data were seen as slow-growth, low-valuation stories, far from the AI spotlight dominated by players like Nvidia. Now, these legacy tech stocks are gaining market attention, sparking debate on whether this is genuine industry revaluation or a temporary narrative. As AI moves from model parameters to real-world data centers, the market is recognizing companies with proven delivery and infrastructure capabilities. This shift marks a change in the AI investment thesis: from pure model and GPU focus to the complex systems engineering required for deployment. Companies like Dell, HPE, and Corning are being revalued not for being "sexy" AI innovators, but for their decades of accumulated expertise in supply chains, enterprise delivery, and infrastructure—assets that have become critical in the AI buildout phase. The revaluation is unfolding across three key infrastructure lines: 1. **Servers & System Integration:** Dell and HPE are emerging as crucial system integrators or "general contractors" for AI data centers, translating GPU orders into complete, deployable server racks integrated with power, cooling, and networking. 2. **Networking & Connectivity:** AI's scale demands robust high-speed connections. Corning (fiber optics), Nokia (AI-RAN, 6G), and Cisco (data center switches) are gaining importance for enabling efficient data transfer within and between AI clusters. 3. **Storage:** Beyond high-speed memory (HBM/DRAM), the AI data explosion is driving demand for high-capacity hard drives (HDDs) from companies like Western Digital and Seagate to handle training data, logs, and cold storage cost-effectively. For this revaluation to be substantive and not just a narrative, three criteria are key: 1) Concrete AI-related order and revenue growth (e.g., Dell's AI server sales), 2) Upward revisions to company financial guidance, and 3) Sustainable improvements in profit quality, not just top-line revenue spikes. In essence, AI's transition to a real construction phase is re-pricing "old assets" against "new demand." The opportunity, however, is selective. Only those legacy firms that are demonstrably integrated into the capital expenditure chains of data center and enterprise AI deployment are likely to experience a true "logic re-rating" rather than just a temporary valuation bounce.

marsbit1 h fa

From 'Old Guys' to 'New Favorites': How AI Is Revaluing Old Infrastructure from Dell to Nokia?

marsbit1 h fa

The Merger of Codex and ChatGPT Marks the Beginning of a Major Reshuffle in Programming Tools

OpenAI is shifting its strategic focus from ChatGPT to Codex, merging them along with the browser tool Atlas into a unified desktop super-app. This move signals an internal belief that Codex, originally a programming tool, represents the next evolution of AI more than conversational models like ChatGPT. Over the past year, Codex's weekly active users have surged past 5 million. The key distinction is that while ChatGPT answers questions, Codex executes tasks. Enterprises increasingly value this ability to get work done over simply receiving advice. Consequently, Codex is attracting professionals beyond developers, including analysts, bankers, marketers, and product managers. OpenAI's reorganization and increased investment in Codex stem from recognizing that the future of AI competition lies in execution capabilities, not just conversation. The company is launching role-specific plugins (e.g., for data analysis, sales, design) to transform Codex into a broad knowledge work platform that automates and redefines white-collar workflows. Beyond being a tool, Codex reflects OpenAI's ambition to redefine software. New features like "Sites"—which generates interactive websites from documents—and collaborative "Annotations" aim to create a paradigm where the AI understands the goal and handles the tools and steps, functioning more like a digital colleague than traditional software. The ultimate goal is a unified experience where the user cares only about the completed task.

marsbit1 h fa

The Merger of Codex and ChatGPT Marks the Beginning of a Major Reshuffle in Programming Tools

marsbit1 h fa

Interpreting Investment Opportunities in the Age of Great Navigation, Invesco Great Wall Fund Releases '2026 Report on Chinese Enterprises Going Global'

Invesco Great Wall Fund has released its "2026 China Corporate Globalization Report," titled "The 'Great Navigation Era' of Chinese Enterprises." The report analyzes the new trends and investment opportunities as Chinese companies expand globally, moving from simple product exports to comprehensive overseas operations involving services, branding, and local production. Driven by factors like trade friction, the pursuit of higher profit margins abroad, and policy support, globalization is becoming essential for Chinese companies. The report outlines an evolution: from early product export ("Globalization 1.0") to the current "Globalization 2.0," characterized by overseas capacity, capital goods investment, consumer brand expansion, and service exports. Chinese firms' competitive advantages are highlighted, including a vast engineer talent pool, low-cost and robust infrastructure, and complete industrial clusters. Specific sectors with significant出海 potential are identified: * **Capital Goods** (e.g., engineering machinery, power equipment): Benefiting from global demand, especially in Belt & Road markets and the AI-driven power grid upgrade cycle. * **Consumer Brands**: Transitioning from cost to brand advantage, leveraging供应链 efficiency. * **Technology & Innovation**: Including AI applications, optical modules within global tech supply chains, and new energy vehicles focusing on local production. * **Pharmaceuticals**: Chinese biotech firms are becoming preferred partners for global pharma, with potential for breakthrough drugs in areas like oncology and weight loss. The report concludes that corporate globalization represents a sustained, core theme for China's capital markets, though companies must navigate challenges like geopolitics and localization.

marsbit1 h fa

Interpreting Investment Opportunities in the Age of Great Navigation, Invesco Great Wall Fund Releases '2026 Report on Chinese Enterprises Going Global'

marsbit1 h fa

Bitcoin Bull Michael Saylor Hints At Next Purchase With Cryptic Post

MicroStrategy's stock (MSTR) has declined sharply, dropping over 9% in a day and 25% over the past month, following the company's first Bitcoin sale in years. The firm sold 32 BTC for approximately $2.5 million, raising investor concerns about further sales. Meanwhile, Executive Chairman Michael Saylor sparked speculation of a renewed Bitcoin purchase with an unusual midweek social media post stating "Back to Work," breaking from his typical Sunday routine. The company holds about $900 million in cash and recently raised $128 million through share sales. Despite the recent activity, MicroStrategy remains the world's largest corporate Bitcoin holder with 843,706 BTC. Additional speculation arose from the firm moving Bitcoin to Coinbase Prime.

bitcoinist1 h fa

Bitcoin Bull Michael Saylor Hints At Next Purchase With Cryptic Post

bitcoinist1 h fa

Trading

Spot

Futures