Crypto exchange Kraken has officially switched its cross-chain provider from LayerZero to Chainlink’s Cross-Chain Interoperability Protocol (CCIP), becoming the latest major platform to abandon LayerZero following a serious security incident. The decision, announced on Thursday, underscores the ripple effects of an April exploit that targeted the Kelp DAO protocol and resulted in the theft of approximately $292 million in liquid restaking tokens.
Kraken stated that it is deprecating its existing cross-chain provider and adopting Chainlink CCIP as its exclusive cross-chain infrastructure. The move will initially secure Kraken Wrapped Bitcoin (kBTC) and will later extend to all future wrapped tokens the exchange issues. According to the announcement, the exchange chose Chainlink CCIP because it “offers enterprise-grade infrastructure with strict security and risk management requirements,” including certifications, a secure-by-default design, a network of 16 independent nodes, and native rate limits.
This migration is part of a broader trend that began after the Kelp DAO exploit in April, which was attributed to actors believed to be linked to North Korea’s Lazarus Group. The attack exposed vulnerabilities in LayerZero’s security model, prompting several protocols to reconsider their cross-chain partnerships. LayerZero later issued an “overdue apology” on May 9, acknowledging that it had done a “terrible job on comms over the past three weeks.” In the apology, the team clarified that its internal RPCs were compromised and their “source of truth poisoned,” while external RPC providers were simultaneously hit with a denial-of-service attack. However, they also stressed that the direct cause of the Kelp exploit was related to the protocol’s single-DVN (Decentralized Verifier Network) configuration, not a systemic failure across all LayerZero deployments.
Despite that clarification, confidence in LayerZero has waned. Since the hack, protocols representing billions of dollars in total value locked (TVL) have migrated to Chainlink CCIP. Kelp DAO itself announced it is in the process of migrating to CCIP, and earlier this week it burned the hacker’s 117,132 rsETH as part of its recovery efforts. Solv Protocol, with $700 million in tokenized Bitcoin, followed suit on May 7, while the onchain reinsurance protocol Re, which holds $475 million in TVL, announced its migration on May 8. According to MEXC, more than $3 billion in TVL has been moved to CCIP since the Kelp exploit, and numerous other protocols have paused bridging services through LayerZero.
Lido, the world’s largest Ethereum liquid staking protocol, also uses CCIP. In a blog post published Thursday, Lido described Chainlink’s defense-in-depth model as “the definitive standard for cross-chain interoperability.” This growing consensus around CCIP signals a shift toward more conservative, security-first approaches in the cross-chain space.
The migration comes amid a broader reassessment of interoperability protocols across the cryptocurrency industry. Cross-chain technology is essential for enabling the transfer of assets and data between different blockchains, but it remains one of the most attack-prone areas in decentralized finance. The Kelp exploit highlighted how a single point of failure in a verifier network can lead to catastrophic losses. LayerZero’s reliance on third-party verifiers, known as DVNs, was designed to provide flexibility, but it also introduced complexity that could be exploited. In contrast, Chainlink CCIP relies on a decentralized oracle network with multiple layers of security, including risk management features like rate limiting and a “burn and mint” mechanism that reduces the attack surface.
The market response to these developments has been mixed. Chainlink’s native token, LINK, remains near bear market lows around $10, down 80% from its 2021 peak. The token showed little immediate reaction to the Kraken announcement. LayerZero’s token ZRO, on the other hand, has suffered more sharply. It has declined over 30% since the April hack and is now down more than 80% from its 2024 all-time high, according to CoinGecko data. This divergence reflects the loss of trust in LayerZero and the relative stability of Chainlink’s infrastructure, even as broader market conditions remain subdued.
The security incident and subsequent migrations have also prompted discussions about best practices for cross-chain security. Industry observers have pointed out that protocols using LayerZero should carefully evaluate their DVN setup and consider diversifying verifiers to reduce reliance on any single provider. Meanwhile, the exodus to CCIP has been described as a vote of confidence in Chainlink’s proven track record in securing billions of dollars in DeFi applications through price oracles and now cross-chain messaging. Chainlink’s CCIP has been adopted by several major financial institutions and blockchain projects, further strengthening its reputation as a secure interoperability solution.
Kraken’s decision to adopt CCIP for its wrapped Bitcoin product and future wrapped tokens is particularly significant because wrapped assets play a crucial role in bridging liquidity between different blockchain ecosystems. kBTC allows Bitcoin holders to use their assets on Ethereum and other networks, a key use case for decentralized lending, trading, and yield generation. By securing this bridge with a more robust cross-chain protocol, Kraken aims to protect its users from potential attacks that could compromise the integrity of the wrapped tokens.
The timeline of events underscores the urgency of the migration. Within days of the Kelp exploit, several high-profile protocols began publicly stating their intent to switch to CCIP. The move by Kraken adds momentum to this shift, as it is one of the largest centralized exchanges to make such a change. Although decentralized exchanges have historically been more active in exploring cross-chain solutions, centralized exchanges like Kraken are increasingly integrating cross-chain functionality to offer their users seamless asset transfers. The security of these integrations has become a top priority as regulators and users demand higher standards.
In the wake of the exploit, LayerZero has taken steps to improve transparency and communications, but the damage to its reputation may take time to repair. The protocol continues to process a significant volume of bridged assets—more than $9 billion since April 19, according to its own data—but the defection of major partners like Kraken, Kelp DAO, Solv Protocol, and Re suggests that the market is rewarding competitors who prioritize security over flexibility.
As the cross-chain landscape evolves, the competition between LayerZero and Chainlink CCIP is likely to intensify. Both protocols are working to expand their ecosystems, but the recent security incident has given Chainlink a clear advantage in terms of trust and institutional adoption. For now, the trend is clear: after the Kelp exploit, the industry is voting with its feet, and Chainlink’s CCIP is the primary beneficiary.
Source: Cointelegraph News