Following the KelpDAO Hack: $40 Billion in Assets Flee LayerZero, Chainlink Emerges as the Primary 'Beneficiary'

marsbitОпубліковано о 2026-05-19Востаннє оновлено о 2026-05-19

Анотація

Following a major security breach in April where KelpDAO's bridge using LayerZero was attacked for approximately $292 million, a significant shift is underway in the cross-chain infrastructure landscape. An estimated $40 billion in assets is in the process of migrating or has already migrated from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP). The attack exploited a single-point-of-failure vulnerability due to KelpDAO's 1-of-1 validator configuration within the LayerZero network. Attackers corrupted RPC nodes and used DDoS attacks to force the system to rely on compromised nodes, allowing fraudulent messages. While LayerZero acknowledged a serious error in allowing its validator network to service high-value transactions with such a configuration, the incident highlighted critical security risks. This triggered a rapid migration wave. Starting with KelpDAO on May 6th, several major protocols—including Solv Protocol, Re, Tydro, Kraken, and Lombard—announced switching their cross-chain infrastructure exclusively to Chainlink CCIP. The combined value of these migrations is estimated to be around $40 billion. This movement followed earlier major adoptions by Coinbase (in late 2025) and Circle (in early 2024). Market sentiment reflected this shift, with LINK's price showing relative stability while ZRO (LayerZero's token) declined significantly. Data indicates a net outflow of approximately $20.1 billion from the LayerZero network over 30 days. The migr...

Since the cross-chain bridge of KelpDAO suffered an attack of approximately $292 million in April this year, the security landscape of cross-chain infrastructure has been undergoing a dramatic reshuffle. Statistics show that about $40 billion in assets have completed or are in the process of migrating from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP).

The attack occurred in the early hours of April 19. The attacker invoked a function of the LayerZero Endpoint V2 contract, triggering the KelpDAO bridging contract to release approximately 116,500 rsETH, worth about $292 million. The protocol's emergency pause mechanism subsequently prevented further losses of around $100 million.

Following the attack, LayerZero issued a statement suggesting that the initial assessment pointed to a highly sophisticated state actor, suspected to be TraderTraitor, a subgroup of the North Korean Lazarus Group.

The core of the attack method involved poisoning the RPC nodes relied upon by the LayerZero decentralized validator network and forcing a system failover to already compromised nodes through a DDoS attack, allowing forged messages to pass through. The central point of controversy is that KelpDAO was using a 1-of-1 single validator configuration at the time, which, once exploited, led to a single point of failure.

LayerZero acknowledged that allowing its official validator network to service high-value transactions with a 1/1 configuration was a serious mistake and announced the cessation of signing messages for single validator setups. KelpDAO pointed out that this configuration had appeared as a default setting in LayerZero's deployment code. Regardless of where the responsibility lies, this attack exposed the vulnerability of cross-chain message verification under specific configurations.

A wave of migrations began shortly after. On May 6, the victim, KelpDAO, took the lead in announcing its abandonment of LayerZero, fully transitioning its rsETH cross-chain facilities to Chainlink CCIP, becoming the first major protocol to leave.

Two days later, the Bitcoin staking protocol Solv Protocol switched the cross-chain infrastructure for its SolvBTC and xSolvBTC, with a total value exceeding $700 million, to CCIP, covering all supported routes.

On the same day, the decentralized reinsurance protocol Re also migrated the cross-chain solution for its deposit token reUSD to CCIP, designating it as the sole cross-chain solution. The non-custodial lending protocol Tydro was also among the first batch to migrate.

On May 14, Kraken announced replacing LayerZero with Chainlink CCIP as the exclusive cross-chain service for its wrapped crypto assets, including wrapped Bitcoin kBTC, covering multiple blockchains such as Ink, Ethereum, and Optimism. On the 16th, Lombard announced abandoning LayerZero, migrating over $1 billion worth of Bitcoin-backed assets to CCIP, adopting a burn-and-mint cross-chain token standard.

According to DefiLlama data, if only counting the current total value locked (TVL) of the main DeFi protocols, the combined scale of these five exceeds $3.4 billion. Factoring in institutional wrapped assets, the overall migration scale reaches approximately $4 billion.

Coinbase had already chosen CCIP as the exclusive interoperability provider for all its wrapped assets as early as December 2025, covering assets like cbBTC, cbETH, cbDOGE, cbLTC, cbADA, and cbXRP, with a total market capitalization of about $7 billion at that time. In January 2024, Circle had also integrated with CCIP to support multi-chain transfers of USDC.

The market's reaction to this shift in trust was directly reflected in token price movements.

According to CoinMarketCap data, LINK has risen 2.73% over the past 30 days, trading at $9.6, with a market cap of $6.98 billion, steadily holding the 16th position in the crypto market. In contrast, ZRO fell 22.63% over the same period, trading at $1.34, with a market cap of $434 million, its ranking slipping to 92nd. LayerZero also faces additional pressure from the unlocking of over 25.71 million ZRO tokens on May 20, worth approximately $34.45 million, accounting for 5.07% of the circulating supply.

According to Dune data, the LayerZero network has seen a net outflow of approximately $2.01 billion over the past 30 days.

Behind the influx of protocols lies the significant difference in security architecture between Chainlink CCIP and LayerZero. Chainlink previously announced in April 2024 that CCIP had entered general availability, supporting blockchains like Arbitrum, Base, BNB Chain, and Ethereum.

Chainlink CCIP deeply integrates with the decentralized oracle network, consisting of multiple independent node operators forming an off-chain consensus layer to observe, verify, and report cross-chain events, supplemented by an independent risk management network providing additional monitoring and protection. Its token transfer mechanism includes built-in rate limiting and timelock upgrades, forming a defense-in-depth security model.

According to Dune data, the cumulative cross-chain token transfer value for Chainlink CCIP has exceeded $2 billion. Among them, the decentralized stablecoin GHO and USDC have the highest shares, reaching 22.4% and 20.2%, respectively, corresponding to amounts of approximately $531 million and $481 million.

In contrast, LayerZero employs a highly modular five-layer architecture, completely separating interfaces, validation, and execution, allowing developers to freely combine decentralized validator networks and configure validation thresholds. This design offers high flexibility but also requires application parties to actively choose and maintain security configurations.

The KelpDAO incident cast a spotlight on the fatal flaw of the single validator configuration. Protocols that had chosen the 1/1 configuration at the time accounted for as much as 47%, prompting many projects to quickly turn to CCIP, which defaults to decentralized validation and offers more comprehensive security controls.

On May 9, LayerZero published a letter of apology, acknowledging mishandling communication over the past three weeks and stating that it should have directly explained the situation earlier rather than prioritizing the completion of a post-mortem analysis report.

LayerZero emphasized that the protocol itself was not affected; rather, the internal RPC used by the LayerZero Labs DVN was poisoned by a data source, while external RPC providers suffered DDoS attacks. It admitted that allowing the Labs DVN to service high-value transactions as a 1/1 configuration was a serious error. The official team will soon release an official post-mortem analysis report in collaboration with external security partners.

Трендові криптовалюти

Пов'язані питання

QWhat triggered the massive migration of approximately $40 billion in assets from LayerZero to Chainlink's CCIP?

AThe migration was triggered by a major security breach on April 19, where the KelpDAO bridge on LayerZero was exploited for roughly $292 million. The attack exposed vulnerabilities, particularly in the single-validator (1-of-1) configuration, leading to a loss of trust and prompting protocols to seek more secure alternatives.

QWhat was the core vulnerability exploited in the KelpDAO attack on LayerZero?

AThe core vulnerability was the use of a single-validator (1-of-1) configuration for message verification. Attackers poisoned the RPC node relied upon by LayerZero's decentralized validator network and conducted a DDoS attack to force the system to fail over to the compromised node, allowing fraudulent messages to be approved.

QWhich major protocols were mentioned as having migrated from LayerZero to Chainlink CCIP following the attack?

AMajor protocols that migrated include KelpDAO (rsETH), Solv Protocol (SolvBTC, xSolvBTC), Re (reUSD), Tydro, Kraken (for wrapped assets like kBTC), and Lombard (for over $1 billion in Bitcoin-backed assets). Coinbase had already selected CCIP in December 2025 for its wrapped assets.

QHow does Chainlink's CCIP security architecture fundamentally differ from LayerZero's approach?

AChainlink CCIP is built on a decentralized oracle network with multiple independent node operators forming an off-chain consensus layer for validating cross-chain events, complemented by a separate Risk Management Network. It features built-in safeguards like rate limits and timelocks. In contrast, LayerZero offers a highly modular architecture that separates interface, verification, and execution, giving developers flexibility to configure their own validator networks and security thresholds, which can introduce risk if not properly managed.

QWhat was the impact of the KelpDAO incident and subsequent migrations on the market value of LINK and ZRO tokens?

AAccording to the article, LINK (Chainlink's token) rose 2.73% over 30 days to $9.6, with a market cap of $6.98 billion. In contrast, ZRO (LayerZero's token) fell 22.63% to $1.34, with its market cap dropping to $434 million and its rank falling to 92nd. LayerZero also faced additional pressure from a token unlock scheduled for May 20.

Пов'язані матеріали

Nearly a Hundred Players Rush into Embodied Data: With 4.47 Billion Yuan in Financing in One Year, Who Can Really Make Money by 'Selling Data'?

The domestic embodied AI data industry has attracted nearly 100 players, with 70 focused on data collection and 27 on data infrastructure. In the past year, 15 independent embodied data service providers raised approximately 4.47 billion yuan. Despite this growth, the sector remains early-stage, fragmented, and faces significant challenges. Data collection methods are diverse, categorized into four main routes: teleoperation of real robots, human demonstration without a robot (using motion capture, exoskeletons, etc.), simulation synthesis, and distillation from internet videos. Most companies (43%) adopt hybrid approaches, combining multiple routes, as no single method can meet all training needs. Teleoperation alone is pursued by 31% of players, often by state-owned platforms and robot companies, while newer firms favor asset-light, no-hardware human demonstration. Independent data service providers now form the largest player group (40%), indicating the emergence of a distinct industry segment rather than just a subsidiary function for robot makers. Two-thirds of all players are "embodied-native" startups, while one-third are companies that pivoted from fields like AI data annotation, which are more prevalent in the data infrastructure layer. Current annual industry capacity is estimated at 1.6-1.8 million hours plus 70-80 million data points, with a short-term goal to increase this 15-20 fold within 1-3 years. Data collection factories are spread across 20 provinces in China, concentrated in the Yangtze River Delta, Beijing-Tianjin-Hebei, and Pearl River Delta regions. Financially, the 4.47 billion yuan raised in the past year pales compared to the 43.8 billion yuan raised by the broader embodied intelligence sector in just the first half of 2026, highlighting that data remains a less "sexy" bet for investors. The 15 funded independent providers show clear stratification: a top tier led by a unicorn (Lightwheel Intelligence, 3.1 billion yuan), a middle tier of 11 firms raising tens to hundreds of millions, and an early-stage tier of 3 companies. Sixty-nine investment institutions have participated, but none have made concentrated bets, reflecting uncertainty about viable business models. Over half of these funded companies are less than a year old, most are at pre-A or A rounds, and profitability remains largely unproven. In summary, the embodied data industry has become an independent track creating jobs and local economic activity. However, it is still nascent, with unformed consensus, unsolved problems, and unproven business models. The coming 1-2 years will be a critical validation window to see if companies can build sustainable, profitable businesses purely by "selling data."

marsbit2 год тому

Nearly a Hundred Players Rush into Embodied Data: With 4.47 Billion Yuan in Financing in One Year, Who Can Really Make Money by 'Selling Data'?

marsbit2 год тому

Dialogue with Multicoin Partner: The Crypto Market Has Bottomed Out, Favoring Three Cryptocurrencies in This Cycle

In a recent interview, Multicoin Capital managing partner Tushar Jain shared his views on the crypto market. He believes the market has bottomed and is at an inflection point, citing that negative news no longer causes significant price declines and application adoption continues to grow. Jain remains highly bullish on Solana, viewing it as the correct architectural choice for internet capital markets, particularly for spot and tokenized security trading. He is also positive on Hyperliquid, noting its leadership in decentralized derivatives trading. His investment approach focuses on concentrating capital in top convictions rather than equal allocation. A distinct opportunity he highlights is Zcash (ZEC), which he sees as a return to the industry's cypherpunk ethos and a potential top-five asset by market cap. For assets like Zcash without cash flows, his valuation framework is based on relative market cap ranking. Regarding investment strategy, Jain employs a "three-part" entry method to avoid timing pitfalls and emphasizes long-term "active management" over "active trading." He outlines four sources of investment edge: informational, analytical, behavioral/psychological, and structural. On portfolio management, the fund uses Bitcoin as its "cash," selling assets into Bitcoin during market euphoria to reduce beta risk and using Bitcoin to buy dips. Sales occur only if a better opportunity arises, the investment thesis breaks, or valuations become excessively overheated. While respectful of Ethereum's resilience, he questions its unclear scaling roadmap. Finally, Jain reaffirms his commitment to the thesis that blockchains will form the foundational architecture for future capital markets.

marsbit3 год тому

Dialogue with Multicoin Partner: The Crypto Market Has Bottomed Out, Favoring Three Cryptocurrencies in This Cycle

marsbit3 год тому

Торгівля

Спот

Популярні статті

Як купити LINK

Ласкаво просимо до HTX.com! Ми зробили покупку ChainLink (LINK) простою та зручною. Дотримуйтесь нашої покрокової інструкції, щоб розпочати свою криптовалютну подорож.Крок 1: Створіть обліковий запис на HTXВикористовуйте свою електронну пошту або номер телефону, щоб зареєструвати обліковий запис на HTX безплатно. Пройдіть безпроблемну реєстрацію й отримайте доступ до всіх функцій.ЗареєструватисьКрок 2: Перейдіть до розділу Купити крипту і виберіть спосіб оплатиКредитна/дебетова картка: використовуйте вашу картку Visa або Mastercard, щоб миттєво купити ChainLink (LINK).Баланс: використовуйте кошти з балансу вашого рахунку HTX для безперешкодної торгівлі.Треті особи: ми додали популярні способи оплати, такі як Google Pay та Apple Pay, щоб підвищити зручність.P2P: Торгуйте безпосередньо з іншими користувачами на HTX.Позабіржова торгівля (OTC): ми пропонуємо індивідуальні послуги та конкурентні обмінні курси для трейдерів.Крок 3: Зберігайте свої ChainLink (LINK)Після придбання ChainLink (LINK) збережіть його у своєму обліковому записі на HTX. Крім того, ви можете відправити його в інше місце за допомогою блокчейн-переказу або використовувати його для торгівлі іншими криптовалютами.Крок 4: Торгівля ChainLink (LINK)Легко торгуйте ChainLink (LINK) на спотовому ринку HTX. Просто увійдіть до свого облікового запису, виберіть торгову пару, укладайте угоди та спостерігайте за ними в режимі реального часу. Ми пропонуємо зручний досвід як для початківців, так і для досвідчених трейдерів.

1.1k переглядів усьогоОпубліковано 2024.12.13Оновлено 2026.06.02

Як купити LINK

Обговорення

Ласкаво просимо до спільноти HTX. Тут ви можете бути в курсі останніх подій розвитку платформи та отримати доступ до професійної ринкової інформації. Нижче представлені думки користувачів щодо ціни LINK (LINK).

活动图片