$30 Billion DeFi Capital Exodus: LayerZero Stumbles, Chainlink Feasts

marsbitОпубликовано 2026-05-13Обновлено 2026-05-13

Введение

Following the major DeFi security incident involving Kelp DAO, a significant migration of funds is underway from the cross-chain protocol LayerZero to Chainlink's CCIP (Cross-Chain Interoperability Protocol). Over $30 billion in Total Value Locked (TVL) from protocols like Kelp DAO, Solv Protocol, Re, and Tydro has moved to Chainlink in the past week, driven by security concerns. LayerZero is facing a severe trust crisis after the attack. Initially denying responsibility, LayerZero Labs has now issued a public apology, acknowledging management oversights. These include a vulnerable "1/1" single-node configuration for its Decentralized Verification Network (DVN) and past misuse of a multi-signature wallet by a team member. The protocol's weekly bridge volume has slumped to near-historic lows of around $470 million. In contrast, Chainlink is experiencing a surge in adoption and activity. Its independent active addresses recently hit multi-month highs, and whales have been accumulating LINK tokens. Beyond DeFi, Chainlink is securing partnerships with traditional finance giants like DTCC, European stock exchange operator SIX Group, and asset manager Amundi. While LayerZero has announced security upgrades—such as migrating to stronger multi-signature configurations and developing a second DVN client—and contributed to a rescue fund, the event underscores that security is becoming a decisive competitive factor as DeFi matures.

Author: Nancy, PANews

With several leading protocols stepping in to inject capital, quickly covering the funding gap and advancing on-chain recovery, the rescue efforts for the Kelp DAO attack incident have recently seen substantial progress. However, compared to the financial repairs, the harder thing to restore remains market trust.

At the center of this vortex, cross-chain leader LayerZero is facing accelerating withdrawals from many protocols and was forced to make a dramatic shift in attitude within just a few weeks—from initially shifting blame and denying responsibility to now publicly apologizing and initiating rectifications. Meanwhile, Chainlink has unexpectedly become a beneficiary of this crisis, with its CCIP protocol absorbing a large portion of migrating liquidity, showing notable growth in on-chain data.

Securing $30 Billion in Migration in a Single Week, Chainlink Reaps Security Dividends

As the largest DeFi security incident to date in 2026, the Kelp DAO attack has accelerated the migration of on-chain liquidity.

As LayerZero's security controversy continues to ferment, an increasing number of DeFi protocols are reevaluating cross-chain risks and proactively seeking more reliable havens. Over the past week, Chainlink has intensively announced multiple migration cases.

On May 9, Chainlink officially disclosed that four protocols, including Kelp DAO, Solv Protocol, Re, and Tydro, had recently abandoned their original cross-chain bridge or oracle solutions and migrated to Chainlink CCIP. The combined TVL of these related protocols exceeds $30 billion. The official even specifically added the phrase "The Great Migration" to hype this ecosystem shift, revealing strong competitive undertones.

Behind this migration wave is a realignment centered on security.

And besides DeFi protocols realigning due to security concerns, Chainlink has also been continuously gaining favor from traditional financial institutions and crypto projects in recent months.

In March of this year, Coinbase directly put its exchange market data on-chain for the first time via Chainlink's newly launched DataLink service; Europe's largest asset management firm, Amundi, collaborated with Spiko to launch a tokenized public fund based on Chainlink.

In April, OpenAssets formed a strategic partnership with Chainlink, launching an asset tokenization infrastructure solution for institutions; major European stock exchange operator SIX Group partnered with Chainlink to push Swiss and Spanish stock market data on-chain; AWS Marketplace listed Chainlink data services, connecting traditional cloud and blockchain.

In May, the US Depository Trust & Clearing Corporation (DTCC) announced the introduction of Chainlink to build a blockchain collateral management platform, aiming to achieve near-real-time settlement around the clock; Huma Finance partnered with Chainlink to introduce institutional-grade yield products into the multi-chain ecosystem.

Accompanying the ongoing ecosystem expansion, Chainlink's on-chain activity has also noticeably heated up. According to Santiment monitoring, Chainlink's number of unique active addresses broke 282,000 and 264,000 on May 9 and 10, respectively, hitting the highest records since September 2025, and noted this was primarily influenced by the recent large-scale migration of DeFi protocol infrastructure.

Meanwhile, official Chainlink data shows that the total value of its cross-chain tokens has exceeded $61.8 billion, with CCIP transaction volume reaching $19.5 billion.

Market confidence is also reflected in changes in LINK token holdings. According to Santiment monitoring earlier this month, over the past month, Chainlink whale and shark addresses holding between 100,000 and 10 million LINK cumulatively added 32.93 million LINK. Historically, this has often been a strong bullish signal. Over the past 30 days, LINK has risen approximately 19.7%.

LayerZero Faces Trust Crisis, Officials Issue Emergency Apology and Overhaul

Currently, LayerZero is mired in a trust crisis.

According to DefiLlama data, LayerZero's weekly Bridge transaction volume has now declined to about $470 million, approaching historical lows. This attack incident has plunged LayerZero into a trust crisis.

In the early stages of the hack, Kelp DAO attributed the vulnerability exploit to LayerZero's security issues. Subsequently, LayerZero quickly denied responsibility, stating that multiple accusations by Kelp DAO in the rsETH security incident were completely false.

But the controversy did not subside. Last week, LayerZero Labs co-founder and CEO Bryan Pellegrino engaged in heated debates with several security researchers in the ETHSecurity Community Telegram group.

The focal point of contention is that LayerZero Labs could immediately upgrade the default library contract without a timelock, theoretically allowing forged cross-chain messages. This exposed over $3 billion in LZ OFT assets to potential risk for a period. Security researcher Banteg pointed out that several mainstream projects, including Ethena and EtherFi, were still using this default library weeks ago, and about $178 million in assets remain exposed to risk.

Simultaneously, on-chain data also showed that LayerZero's multi-signature address had conducted Meme coin trading, DEX swaps, and cross-chain bridging operations unrelated to multi-signature duties, further raising community concerns about key security. In response, Bryan admitted that related operations were indeed performed by multi-signature team members but denied they constituted "Meme coin speculation trading," claiming the purpose was merely "testing PEPE OFT functionality," and stated that the involved members had been removed.

To mitigate risks, Bryan also publicly advised project teams to promptly adopt a "fixed configuration" to replace the default configuration. Subsequently, Banteg published a list of LayerZero projects still using the default library contract and called on related protocols to migrate as soon as possible.

These remarks quickly sparked industry discussion and skepticism. Chainlink Strategy Lead Zach Rynes had previously criticized LayerZero Labs, stating that its multi-signature keys had long suffered from serious OPSEC (operational security) failures, directly exposing tens of billions in OFT assets to security risks. He further stated that if LayerZero and the industry had truly heeded the persistent warnings from security researchers over the past few years, such attack incidents could have been entirely avoided.

Facing market舆论 and ongoing ecosystem bleeding, LayerZero's attitude shifted noticeably. On May 9, LayerZero officially released a public apology statement, addressing the security incidents and communication issues over the past three weeks.

LayerZero Labs stated that the internal RPC it used had been attacked by the Lazarus Group over the past three weeks, compromising the authenticity source of its DVN (Decentralized Verification Network), while external RPC providers suffered DDoS attacks. The incident affected only 0.14% of applications and approximately 0.36% of asset value, the LayerZero protocol itself was unaffected, and over $9 billion in assets continued normal cross-chain flow after the incident.

However, LayerZero Labs also acknowledged for the first time that it was responsible for management oversight in previously allowing DVNs to provide security for high-value transactions with a "1/1" single-node configuration, which posed a single point of failure risk. The official also disclosed that three and a half years ago, a multi-signature signer mistakenly used a multi-signature hardware wallet for personal transactions. That signer has been removed, and the relevant wallet has been rotated.

Regarding subsequent rectifications, LayerZero Labs announced a series of security upgrade measures, including: already ceasing services for the 1/1 DVN configuration, currently migrating all path default configurations to a 5/5 multi-signature setup with a minimum of 3/3; developing a second DVN client based on Rust to achieve client diversity; launching the dedicated multi-signature tool OneSig to enhance signature security; and launching the unified management platform Console for asset issuance configuration and abnormal behavior detection.

Additionally, LayerZero also contributed over 10,000 ETH to this DeFi United rescue effort, of which 5,000 ETH will be used for the fund, and the remaining 5,000 ETH will be reserved for Aave.

Despite the escalating controversy, LayerZero has not completely lost its market. Major assets, including Ethena's USDe product, EtherFi's weETH asset, and BitGo's WBTC, continue to use LayerZero's OFT standard.

Every major security crisis triggers a redistribution of liquidity and discourse power. As the crypto industry increasingly moves towards mainstream financial markets, the criteria for evaluating underlying infrastructure will become ever more stringent, with security capabilities becoming one of the core competitive advantages.

Связанные с этим вопросы

QWhat was the immediate consequence of the Kelp DAO hack on the cross-chain infrastructure landscape?

AIt triggered a rapid migration of DeFi liquidity away from LayerZero due to security concerns, with over $30 billion in TVL from protocols like Kelp DAO moving to Chainlink's CCIP within a week.

QAccording to the article, what were two key security issues highlighted by researchers regarding LayerZero?

AFirst, LayerZero's default library contract, which could be upgraded instantly without a timelock, potentially allowing forged cross-chain messages. Second, suspicious non-multisig-related activities from a multisig signer address, raising concerns about key security.

QHow did Chainlink's on-chain activity and LINK token react to the migration trend mentioned in the article?

AChainlink's daily active unique addresses surged to over 282,000 and 264,000, the highest since September 2025. Furthermore, whales and sharks holding 100k to 10M LINK accumulated over 32.9 million LINK in a month, while the LINK token price rose approximately 19.7% in 30 days.

QWhat specific corrective measures did LayerZero announce in its public apology on May 9th?

ALayerZero announced several measures: stopping service for 1/1 DVN configurations, migrating all paths to at least 3/3 or 5/5 multisig setups, developing a second DVN client in Rust for client diversity, launching a dedicated multisig tool called OneSig, and releasing a management platform called Console for configuration and anomaly detection.

QDespite the crisis, which major assets and protocols were mentioned as still continuing to use LayerZero's technology?

AMajor assets and protocols continuing to use LayerZero's OFT standard include Ethena's USDe, EtherFi's weETH, and BitGo's WBTC.

Похожее

It Took Me a Year to See the Bitter Truth About Agent Payments

After a year building infrastructure for the Agent economy, engaging with major players like Stripe, Visa, and Coinbase, the author shares a sobering analysis of the current state of Agent payments. The core finding is a stark lack of genuine, immediate demand across most envisioned use cases. The article breaks down four key market segments: 1. **Agent-to-Merchant (Consumer Shopping):** For most product categories (e.g., clothing, electronics), conversational AI shopping is a step backwards from visual e-commerce interfaces. While agents excel at understanding needs, they can't replace side-by-side product comparison. Real merchant interest is defensive "Agent Engine Optimization," not driven by current customer demand. Potential exists for high-frequency, low-decision purchases (like food delivery) or navigating complex store UIs, but these require massive B2C distribution channels dominated by giants like Amazon. 2. **Agent-to-API (Developer Services):** Developers already have subscriptions and billing relationships for APIs (compute, data). Prepaid balances solve micro-payment issues for low transaction volumes. A deeper structural problem is that major SaaS vendors' business models rely on enterprise contracts, resisting granular pay-per-call pricing. While protocols like MPP and x402 serve the long tail of niche services, this market is small and developers are historically low-willingness-to-pay. 3. **Agent-to-Agent:** This remains largely theoretical with minimal transaction volume. While it represents a long-term bet on a fundamentally new transaction infrastructure (sub-second, micro-penny to million-dollar, multi-party settlements), it does not constitute a present market. 4. **Agent-to-Finance:** This is the only category with existing, paying demand. Integrating AI into financial workflows (trading, portfolio management) is a natural evolution and enables new capabilities like autonomous rebalancing. However, competition favors established, regulated institutions. The "real problem" is not moving money between agents, but the broader challenge of **coordination**—orchestrating work between agents and humans, verifying outcomes, and settling results. Payment is just one component of settlement, which is itself part of coordination. Companies that solve the coordination layer will subsume payment, not the other way around. While well-funded incumbents build defensively for a long-term future, startups must find where the market is today—which, for the author's team, lies outside these four categories in an area of real, growing, and underserved activity.

marsbitТолько что

It Took Me a Year to See the Bitter Truth About Agent Payments

marsbitТолько что

It Took Me a Year to See the Hard Truth About Agent Payments

**Title: It Took Me a Year to See the Hard Truth About Agent Payments** Over the past year, I've worked on infrastructure for the Agent economy, engaging with major players like Stripe, Visa, Coinbase, and numerous startups. The findings reveal a stark reality: genuine, widespread demand for Agent-based payments does not yet exist. **Key Observations:** * **Agent-to-Merchant (Shopping):** The user experience for AI shopping often falls short, especially for visual product discovery. While AI excels at understanding needs, conversational interfaces can't yet replace browsing and comparing multiple products visually. Current merchant interest is largely defensive ("Agent Engine Optimization") for a future that hasn't arrived. High-frequency, low-friction purchases (like food delivery) are potential fits, but lack open APIs and face high AI inference costs. Simpler, more affordable, or cross-language interactions for complex UIs are a niche opportunity but require massive consumer distribution to scale. * **Agent-to-API (Developer Tools):** Developer payment needs for APIs (computing, data, models) are already met through subscriptions and prepaid credits. The core challenge is not payment friction but supplier economics: most large SaaS providers prefer enterprise contracts over micropayments for API calls. Protocols like MPP and x402 suit the long-tail of smaller services but cater to a developer market historically reluctant to pay for these tools. Major infrastructure needs at the top of the stack are already being addressed. * **Agent-to-Agent (Machine Commerce):** This is a long-term vision with almost no current transaction volume. While a future with high-speed, high-frequency, multi-party machine-to-machine transactions would require novel infrastructure, it remains theoretical. The market is not here yet. * **Agent-to-Finance:** This is the only category with clear, present demand. Financial professionals and DeFi users already pay for tools, and AI augmentation is a natural evolution. Autonomous AI agents can enable entirely new financial strategies. However, competition is fierce from established, regulated incumbents who can more easily layer AI onto their existing products. **The Core Insight:** Companies, especially giants with long time horizons, are building defensively for a potential future of mass machine commerce. For them, early investment is a low-cost hedge. For startups, the current market reality is different. The primary challenge isn't just moving money between agents (payments). The larger, unsolved problem is **orchestration** – coordinating work between agents and humans, verifying outcomes, and then settling. Payment is just a part of settlement, which is just a part of orchestration. Companies that solve the orchestration problem will subsume payments, not the other way around. After a year of building, we see the real, growing, and underserved market opportunity lies in this broader domain of orchestration.

链捕手24 мин. назад

Claude Opus 4.8 Finds a $4.5 Billion Bug: The AI Era is Mass-Producing Hackers

A researcher discovered a critical "infinite mint" vulnerability in the Zcash cryptocurrency's Orchard protocol using Claude Opus 4.8, leading to a swift fix but also a 50% market drop, erasing billions in value. This incident highlights a new era where powerful, accessible AI models are dramatically lowering the barrier to finding software vulnerabilities. Previously, the security community feared specialized models like Claude Mythos Preview, capable of finding decades-old zero-day exploits. The Zcash case, however, involved a publicly available, general-purpose model. This shift makes advanced security auditing—and attack capabilities—accessible to far more people, not just experts. The mass democratization of vulnerability discovery brings a dual challenge: a flood of low-quality, AI-generated false reports that overwhelm maintainers, and the real, rapid uncovering of deep, dangerous bugs. Open-source projects, often understaffed and unfunded, are particularly vulnerable to this "attention DDoS." The article cites examples like curl shutting down its bug bounty program due to the unsustainable workload. Our perceived digital safety has often been luck, relying on the high cost and effort required to find deeply hidden flaws in complex systems, as seen with historical vulnerabilities like Heartbleed or Baron Samedit. AI changes this cost structure, effectively "mass-producing flashlights" to illuminate every corner of our codebase. While large companies operate extensive security chains involving external white-hat hackers and massive defensive operations, the global cybersecurity workforce faces a severe shortage, especially of experienced personnel capable of analyzing complex threats and coordinating fixes. The core dilemma emerges: AI makes *finding* bugs cheap and scalable, but *fixing* them remains a slow, expensive, and human-intensive process. The article concludes that AI won't destroy the internet but acts as a bright light, revealing that our digital existence is not inherently secure but is precariously maintained by ongoing human effort. The true cost in the AI era may not be discovery, but whether there will be enough people left willing and able to do the hard work of repair.

marsbit57 мин. назад

Claude Opus 4.8 Finds a $4.5 Billion Bug: The AI Era is Mass-Producing Hackers

marsbit57 мин. назад

Ethereum Price Prediction: ETH Could Double While Cardano (ADA) and This Newcomer Token Near 500% Rally

As the cryptocurrency market anticipates a potential bull cycle, investor focus is shifting toward projects with high return potential. Ethereum (ETH), currently at approximately $2,014, is highlighted for its long-term value, with predictions suggesting a possible 2x increase to over $4,000. Cardano (ADA), trading around $0.2329, remains a choice for its research-driven development and scalability focus, though some seek higher upside elsewhere. Significant attention is drawn to Little Pepe (LILPEPE), a new Layer 2 Ethereum-compatible token priced at $0.0022 in its presale stage, which has raised over $28.19 million. The project aims to build a dedicated blockchain for meme communities, offering lower costs and faster transactions. Backers speculate a potential 500% gain, driven by strong presale demand, planned ecosystem features like staking and a launchpad, and active community engagement through giveaways. While Ethereum and Cardano are viewed as foundational investments, LILPEPE represents a newer, high-growth opportunity for investors targeting the meme coin sector.

TheNewsCrypto1 ч. назад

Ethereum Price Prediction: ETH Could Double While Cardano (ADA) and This Newcomer Token Near 500% Rally

TheNewsCrypto1 ч. назад

Codex Goal Mode Usage Guide: How to Make AI Continuously Pursue a Specific Objective

"Codex Goal Mode: How to Make AI Work Continuously Toward a Specific Goal" OpenAI's Codex "goal mode" (/goal) transforms the AI from a reactive code assistant into a proactive execution agent capable of working autonomously for hours or even days to achieve a defined objective. To maximize its effectiveness, follow these key principles: 1. **Define Clear, Verifiable Exit Criteria:** The goal prompt should be a concise, measurable success condition, not a lengthy specification. Use quantifiable metrics like "reduce build time by 30%" or "achieve 100% test parity." 2. **Provide Initial Guidance and Tools:** Direct Codex toward likely problem areas and specify available tools (e.g., browsers, testing environments) to prevent it from exploring unproductive paths. 3. **Enable Progress Measurement:** Equip Codex with ways to track advancement, such as creating comparison tools for visual tasks or evaluation sets, ensuring it can gauge its own progress. 4. **Use a Realistic Execution Environment:** For tasks like performance optimization, provide access to environments that closely mimic production (e.g., similar configs, databases) to yield valid results. 5. **Be Cautious with Visual Goals:** Avoid vague "pixel-perfect" instructions. Instead, supplement visual references with functional checklists or design system specifications to prevent Codex from obsessing over minor details. 6. **Implement Progress Tracking:** For long-running tasks, have Codex commit code to draft PRs, update progress documents, or send Slack updates to maintain visibility into its work. 7. **Review and Consolidate Results:** Once the goal is met, instruct Codex to review its work, clean up ineffective experimental code, and reflect on what strategies succeeded or failed. Ultimately, using goal mode shifts the developer's role from writing prompts to managing a persistent engineering agent—defining objectives, establishing metrics, configuring environments, and conducting final reviews.

marsbit2 ч. назад

Codex Goal Mode Usage Guide: How to Make AI Continuously Pursue a Specific Objective