Kelp DAO abandons LayerZero with a $292 million vulnerability, switching to Chainlink CCIP.

This is not just a simple technical switch, but a reconstruction of cross-chain security trust chains. The attack originated from LayerZero's default 1-of-1 configuration, exploited by North Korean hackers. Kelp's migration indicates that the market's assessment of cross-chain infrastructure has shifted from "composability first" to "security first."
The underlying mechanism change: LayerZero's OFT standard relies on external validators, while CCIP uses a decentralized oracle network + independent risk management. The latter sacrifices some flexibility but offers stronger resistance to censorship and fault isolation.
Implications for DeFi: The "security budget" for cross-chain bridges is being re-priced. In the future, protocols will consider more "who is responsible if something goes wrong" rather than "how many chains can be connected" when choosing a cross-chain layer. This could pressure LayerZero's market share, while Chainlink's cross-chain ecosystem expands further.
Risk warning: CCIP is not absolutely secure—its reliance on Chainlink's node network means that if nodes are attacked or collude, risks remain. Additionally, the migration process itself may introduce new vulnerabilities. The market should not equate "switching" with "permanent security."
$zro #link