From LayerZero to Chainlink: Why $4 billion in assets are re-evaluating cross-chain routes?

Cross-chain interoperability protocols are the foundational tracks that support DeFi operations. Assets move across dozens of blockchains, relying on the underlying cross-chain messaging system. However, when the security of this track is called into question, the entire upper-layer application ecosystem will inevitably be shaken.

In Q2 2026, the crypto industry is experiencing a rare “track-switching wave” in cross-chain infrastructure. Multiple leading protocols and institutions—including Lombard Finance, Solv Protocol, Kraken, and others—have successively announced migrations of their cross-chain interoperability protocol (CCIP) from LayerZero to Chainlink. The cumulative migrated asset volume is approximately $4 billion. This sequence of moves not only reshapes the competitive landscape in the cross-chain space, but also raises a core question: in today’s environment where DeFi infrastructure is increasingly becoming a layer that carries systemic risk, how is the logic behind protocol “side selection” changing?

Event Overview and Migration Panorama

The spark: an attack that triggers a chain reaction across the industry

On April 18, 2026, the liquidity re-staking protocol Kelp DAO’s LayerZero-based cross-chain bridge was attacked, resulting in losses of approximately $292 million and involving 116,500 rsETH tokens. The attacker “poisoned” internal RPC nodes, hijacking the validation process of the decentralized verification network (DVN). They then minted a large number of unsupported tokens on the target chain and cashed them out in lending markets.

What makes this incident special is the attack path: it did not exploit smart contract code vulnerabilities, but instead pierced the verification layer of the cross-chain infrastructure. In a later article, Sandeep, a Polygon co-founder, noted that most current cross-chain infrastructure security models essentially still resemble a “notary office”—a small committee monitors activity on one chain and provides attestations on another. Once this committee or its underlying data is compromised, the entire verification system fails.

The controversy over responsibility attribution

After the attack, LayerZero and Kelp DAO went through weeks of debate over responsibility attribution. LayerZero initially attributed the incident to Kelp DAO’s use of a “1-of-1” single-validator configuration, arguing that this was an application-layer configuration mistake. However, Kelp DAO countered that this configuration had been explicitly approved by members of the LayerZero team, and provided Telegram communication records as supporting evidence.

On May 9, 2026, LayerZero issued a public statement acknowledging that it had “made a mistake”—allowing its own verification network to secure high-value assets under a fragile configuration. The team also announced that it would stop supporting the 1-of-1 DVN configuration and would migrate default routing to a stricter 5-of-5 validator setting.

Migration timeline and asset scale

The public apology did not prevent customer outflows. Within weeks of the attack, a series of migration announcements came thick and fast:

Data source note: The above migration volumes are compiled from publicly disclosed data by each protocol, totaling approximately $4 billion.

Among them, Lombard’s migration is of iconic significance in the Bitcoin DeFi sector. The protocol’s core product is the Bitcoin liquidity staking token LBTC, which means that the assets flowing through its cross-chain bridge are backed by the largest-market-cap crypto asset. Lombard co-founder Jacob Phillips stated that internal security review results showed that Chainlink CCIP provides the “highest level of cross-chain security in the industry.”

The Flow and Technical Logic Behind the $4 Billion Migration

Composition and distribution of migrated assets

Approximately $4 billion of assets involved in this migration round span multiple DeFi sub-sectors. In terms of asset categories, the main components are liquidity re-staking derivatives (such as rsETH), tokenized Bitcoin products (such as SolvBTC, LBTC, BTC.b), and wrapped assets (such as kBTC). These assets share common traits: high value density, frequent cross-chain transfers, and extremely limited tolerance for security failures.

In terms of on-chain coverage, the migration targets include Solana, Etherlink, Berachain, Corn, TAC, and others. Some protocols (such as Lombard) have also completely stopped using LayerZero on Ethereum layer-2 networks Morph and staking protocols like Swell.

Architectural differences between two technical approaches

Migrating parties generally make their choice based on CCIP’s security architecture as the key deciding factor. The following summarizes the key differences between the two protocol designs from a technical perspective:

These technical differences were fully exposed in the Kelp DAO attack. Post-incident research indicates that 47% of LayerZero’s total on-chain applications (OApps) are still using the same 1-of-1 DVN configuration as the one involved in the attack, with combined risk exposure exceeding $4.5 billion. Tether’s all-chain stablecoin USDT0 is the largest risk exposure among them; its deployments on Ethereum, Optimism, and Base all use this configuration.

By contrast, CCIP’s architecture splits cross-chain transactions into two independent phases: submission and execution. Together with an independent active risk monitoring network, the protocol can be quickly paused when abnormal activity is detected. Re.xyz’s VP of Engineering, Cliff White, pointed out that CCIP’s 16 independent validator node set and built-in rate limiting are key security factors behind the migration decision.

LayerZero’s modular DVN design intended to give application developers the choice of security, but the cost of that flexibility is that some applications have selected lower-security configurations. This is more of a governance-layer issue than a pure technical defect. As security researchers have noted, this is a “governance problem,” not merely a technical flaw. Chainlink CCIP, on the other hand, chooses to embed high security standards into the protocol layer, reducing reliance on application-layer configuration—both design philosophies involve trade-offs.

Industry Impact Analysis: Trust Rebuilding and Systemic Risk Repricing

The shift of cross-chain security from “optional” to “required”

The most far-reaching impact of this migration wave is elevating the security of cross-chain infrastructure from a technical option to a core variable in business decision-making. Before the Kelp DAO attack, choosing cross-chain protocols often depended on fees, speed, and ecosystem coverage. Afterward, security architecture, independent audits, and compliance modules were moved to the very top level of decision-making.

In its migration announcement, Lombard emphasized that, in addition to adopting CCIP, it would also deploy its own “Security Alliance” as an additional validation layer. This dual-insurance model of “infrastructure + self-built security layer at the protocol side” is becoming a standard approach for protocols handling high-value assets.

The systemic risk attribute of cross-chain bridges

The Kelp DAO incident revealed a broader industry pattern: cross-chain bridges are no longer peripheral infrastructure, but a systemic risk-carrying layer for DeFi. Replication data shows that the attacker borrowed more than $236 million in assets on Aave, turning the loss of a single protocol into bad-debt pressure across the entire lending market. On-chain data shows that approximately 30,765 ETH (worth about $71 million at the time) were frozen on the Arbitrum network, and Aave subsequently initiated legal proceedings.

This chain reaction confirms that DeFi risk management paradigms are shifting—from previously focusing solely on smart contract audits, to a comprehensive assessment of the entire interoperability infrastructure layer and its risk transmission chain.

Discussion on CCIP concentration risk

As roughly $4 billion in assets flows into CCIP, the market has also begun paying attention to concentration risk. Chainlink’s data shows that CCIP supports cumulative on-chain transaction value exceeding $28 trillion, with an average weekly token cross-chain transfer volume of about $90 million. However, when a cross-chain protocol carries too many assets, it may itself become the next systemic risk node—once something goes wrong, the impact could expand exponentially.

This discussion is still at an early stage. CCIP’s multi-layer security architecture and independent RMN mechanism provide the industry’s highest level of protection at present, but the objective existence of concentration risk means the market must continuously seek a balance between efficiency and risk diversification.

Conclusion

The migration of approximately $4 billion in assets appears, on the surface, to be customers switching infrastructure providers. In substance, however, it reflects the crypto market’s repricing of a “security premium.” Against the backdrop of frequent cross-chain bridge security incidents—just within three weeks in April 2026, three large-scale attacks occurred with cumulative losses exceeding $570 million—the selection of infrastructure is no longer merely a comparison of technical strengths and weaknesses; it has evolved into a calculation about survival probability.

From the perspective of industry development, while this process comes with short-term pain, it is also pushing the overall enhancement of cross-chain security standards. Regardless of which technical approach ultimately becomes dominant, the industry has formed a new consensus baseline: to ensure the transfer of assets at the scale of billions of dollars, infrastructure must adopt multi-layer security architectures that can be independently verified, rather than relying on trust in any single validation entity.