Six weeks after a $292 million exploit drained Kelp DAO's rsETH bridge, LayerZero has publicly admitted fault and watched more than $4 billion in assets migrate to Chainlink's Cross-Chain Interoperability Protocol. The migration wave — spanning Kraken, Kelp DAO, Lombard, Solv Protocol, and Re.xyz — is the sharpest competitive shift in cross-chain infrastructure since the sector emerged.
What LayerZero admitted
On May 10, LayerZero published a blog post titled "An Overdue Apology." The language was direct: "We believe developers should choose their own security configurations, but we made a mistake by allowing our DVN to act as a 1/1 DVN for high-value transactions. We didn't police what our DVN was securing, which created a risk we simply didn't see. We own that."
The exploit on April 18 succeeded because Kelp DAO's LayerZero bridge was configured with a single Decentralized Verifier Network (DVN) — LayerZero Labs' own DVN — as the sole attestation source. Lazarus Group poisoned the data source used by that DVN while simultaneously hitting an external RPC provider with a DDoS attack. Because only one verifier had to be fooled, the attack worked. LayerZero's post acknowledged it should have restricted its own DVN from operating in 1-of-1 mode for high-value assets, and that its communications in the weeks after the exploit failed users who lost funds.
Kelp DAO had previously published screenshots of conversations with LayerZero personnel in which a team member wrote "No problem on using defaults either" — communications that Kelp said confirmed the single-verifier setup was the documented default, not a rogue configuration. LayerZero's May 10 statement did not directly address that dispute but conceded the systemic design was inadequate.
The migration roster
Kelp DAO announced on May 5 that it would migrate rsETH's cross-chain infrastructure from LayerZero's OFT standard to Chainlink CCIP. Kelp cited the April 18 exploit directly and published the communications with LayerZero personnel alongside the announcement.
Kraken announced on May 14 that it would deprecate LayerZero and adopt Chainlink CCIP as the exclusive cross-chain provider for kBTC — its 1:1 bitcoin-backed wrapped token — and all future Kraken wrapped assets. Kraken cited CCIP's ISO 27001 and SOC 2 Type II compliance certifications, its network of 16 independent node operators, and native rate limits as the reasons for the switch. The Kraken announcement brought total assets in migration past $3 billion, per CoinDesk's May 14 report.
Lombard announced on May 15 that it would migrate more than $1 billion in bitcoin-backed assets following what it described as "a comprehensive security review" of its cross-chain infrastructure. Lombard's announcement pushed total disclosed migrations past $4 billion.
Solv Protocol and Re.xyz also migrated to CCIP in the same period, according to multiple sources tracking the outflows, though neither published migration statements as detailed as Kraken's or Lombard's.
What CCIP is offering
Chainlink CCIP's positioning in the aftermath rests on three elements: institutional certifications, distributed verification, and a cumulative track record. Kraken's announcement cited ISO 27001 and SOC 2 Type II explicitly — both are audited third-party certifications, not self-attestations. The 16-node operator structure distributes the verification function in a way that a 1-of-1 DVN cannot; compromising a single node does not unblock a transfer.
Chainlink has separately cited more than $28 trillion in on-chain value enabled across its services — a figure that spans its oracle network broadly, not CCIP alone, but one the company uses to establish institutional footprint when pitching to asset issuers considering migrations.
What it means for LayerZero
The five migrations represent a small fraction of LayerZero's total application count — the company's May 10 post noted the Kelp exploit affected 0.14% of total applications and roughly 0.36% of total asset value on the protocol. LayerZero also reported that more than $9 billion was moved across the protocol in the month after the April 19 attack date.
But the symbolic weight is significant. Kraken is among the largest regulated crypto exchanges in the US. Its decision to name LayerZero explicitly in a deprecation announcement — and to cite a competitor's certifications by name — is the kind of public positioning that shapes enterprise procurement decisions downstream. Lombard's migration of more than $1 billion in bitcoin-backed assets compounds that signal.
LayerZero has announced it will be more active in monitoring how applications configure DVNs and will publish a full post-mortem once its external security partners complete their review. It has also recommended developers pin configurations, set block confirmations at reorg-resistant levels, and run at least two DVNs — requirements it did not enforce before April 18.
Whether those commitments are enough to stop the outflows depends on how the remaining large asset issuers on its rails assess a protocol whose team approved a configuration now publicly acknowledged as a mistake.