Crypto exchange Kraken announced Thursday that it has changed its cross-chain provider from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP), becoming the latest major platform to join a growing exodus from the troubled messaging protocol. The decision comes in the wake of a devastating exploit on the Kelp DAO in April, which resulted in approximately $292 million in liquid restaking tokens being stolen by actors suspected to be linked to North Korea's Lazarus Group.
Kraken stated that it is deprecating its existing cross-chain infrastructure and migrating exclusively to Chainlink CCIP to secure Kraken Wrapped Bitcoin (kBTC) and all future wrapped tokens. The company emphasized that CCIP offers enterprise-grade infrastructure with strict security and risk management requirements, including certifications, a secure-by-default design, 16 independent nodes, and native rate limits. This move underscores the growing importance of robust cross-chain security in the decentralized finance (DeFi) ecosystem, where bridges and interoperability protocols have become prime targets for attackers.
The Kelp DAO exploit sent shockwaves through the crypto industry, as the stolen funds represented one of the largest cross-chain attacks in recent memory. In the aftermath, LayerZero issued what it called an 'overdue apology' on May 9, acknowledging that it had done a 'terrible job on comms over the past three weeks.' The protocol admitted that its internal RPCs (remote procedure calls) were attacked, with their 'source of truth poisoned,' while external RPC providers were simultaneously hit with a denial-of-service attack. However, LayerZero attributed the loss to Kelp's configuration, specifically its single-DVN (Decentralized Verifier Network) setup, asserting that no other applications were affected and that over $9 billion in bridged assets had been moved safely since the incident.
LayerZero's Security Under Scrutiny
LayerZero's troubles are not new. The protocol, which enables cross-chain messaging and token transfers, has faced criticism in the past for its reliance on oracles and relayers, which introduce trust assumptions. The recent exploit highlighted vulnerabilities in the configuration of decentralized verifier networks, prompting many protocols to reevaluate their cross-chain providers. Despite LayerZero's assurances, the damage to its reputation appears severe, with several high-profile migrations underway.
Kraken's decision is part of a broader trend. Kelp DAO itself announced that it is in the process of migrating to Chainlink's CCIP and has taken recovery steps, including burning the hacker's 117,132 rsETH tokens. The burn occurred as part of a broader effort to reopen withdrawals and restore user confidence. Solv Protocol followed suit on May 7, announcing it would migrate $700 million in tokenized Bitcoin from LayerZero to CCIP. Just a day later, onchain reinsurance protocol Re declared that it was moving its $475 million in total value locked (TVL) from LayerZero to Chainlink. According to MEXC, over $3 billion in TVL has migrated to CCIP since the Kelp hack, and numerous protocols have temporarily suspended bridging using LayerZero.
Chainlink CCIP Gains Momentum
Chainlink CCIP has positioned itself as the gold standard for cross-chain interoperability, particularly for institutions and large-scale DeFi applications. The protocol's defense-in-depth model includes multiple layers of security, such as decentralized oracle networks, rate limits, and smart contract audits. Lido, the world's largest Ethereum liquid staking protocol, also uses CCIP and praised its security model in a blog post on Thursday, stating that 'Chainlink's defense-in-depth model acts as the definitive standard for cross-chain interoperability.' This endorsement from a protocol managing over $30 billion in staked ether adds significant credibility to CCIP's growing adoption.
The migration trend reflects a broader shift in the DeFi landscape, where security has become the paramount concern following a series of bridge exploits over the past three years. Cross-chain bridges have been responsible for the majority of DeFi losses, with hacks on Ronin, Wormhole, and Nomad causing billions in damages. The Kelp DAO incident, while not strictly a bridge exploit, involved vulnerabilities in the cross-chain messaging layer, reigniting debates about the trade-offs between security and scalability in interoperability solutions.
Market Reactions and Token Performance
The market response to these developments has been muted for Chainlink's native token, LINK, which remains near bear market lows at around $10, down approximately 80% from its 2021 all-time high. This suggests that the market may be pricing in broader macroeconomic factors rather than protocol-specific events. In contrast, LayerZero's native token ZRO has declined over 30% since the April hack and is down more than 80% from its 2024 all-time high, according to CoinGecko. The disparity in token performance highlights the reputational damage incurred by LayerZero and the market's preference for more battle-tested infrastructure.
Despite the negative sentiment, LayerZero continues to facilitate billions in bridged assets. The protocol claims that no other applications were affected by the Kelp DAO exploit and that its security measures remain effective for properly configured deployments. However, the mass exodus of high-value protocols suggests that trust, once broken, is difficult to restore. LayerZero did not respond to requests for comment on the latest migrations.
The crypto community will be watching closely to see whether this trend continues or if LayerZero can recover through improved communication, enhanced security features, and potentially new partnerships. For now, Chainlink CCIP appears to be the clear beneficiary, cementing its role as a critical infrastructure layer in the multi-chain future of blockchain technology. The episode serves as a stark reminder of the risks inherent in cross-chain interactions and the importance of rigorous security audits, decentralized verification, and transparent incident response protocols.
As the industry continues to mature, the choice of cross-chain provider is becoming a strategic decision for protocols and exchanges alike. Kraken's switch, along with the other high-profile migrations, signals that security and reliability are now the primary drivers of interoperability adoption, outweighing factors like network fees, speed, or developer convenience. The coming months will reveal whether LayerZero can adapt to these new expectations or whether it will lose its position as a leading cross-chain messaging protocol.
Source: Cointelegraph News