On April 18, $292 million vanished from a LayerZero-powered bridge in minutes. The attack, attributed to the Lazarus Group, triggered an unprecedented TVL exodus. Kraken has just announced it’s migrating its tokenized assets to Chainlink CCIP. In under a month, more than $2.5 billion has left LayerZero. Cross-chain bridge infrastructure is consolidating around a single player.
Key Takeaways
- Kelp’s LayerZero-powered bridge was drained of 116,500 rsETH ($292M) on April 18 by the Lazarus Group
- Kraken migrates kBTC and its tokenized assets to Chainlink CCIP: ISO 27001, SOC 2 Type 2, 16 independent nodes
- Over $2.5 billion in TVL has left LayerZero for Chainlink in under a month (Kelp, Solv, Re, Kraken)
The Hack That Broke LayerZero’s Reputation
On April 18, the Kelp protocol lost 116,500 rsETH through a LayerZero-powered cross-chain bridge: $292 million gone in minutes. The exploit was attributed to the Lazarus Group, the North Korean state-sponsored hackers responsible for some of the largest crypto attacks of the past five years.
The attack vector was twofold. LayerZero Labs’ internal RPCs were compromised by the Lazarus Group while the platform’s external RPC provider simultaneously suffered a DDoS attack. The targeted configuration relied on a single internal verifier (DVN) to secure nine-figure assets. LayerZero later acknowledged this was a mistake: a single DVN should not secure high-value assets.
The crisis management made it worse. In its official statement, LayerZero admitted that “communication has been deplorable these past three weeks”, prioritizing a thorough incident report over immediate transparency. For protocols that had trusted billions to this infrastructure, three weeks of silence amounted to a breach of trust.
The ZRO token took the hit immediately: down 30% over the month, trading at $1.37. The confidence discount was priced in before protocols even started leaving.
Kraken Picks Chainlink: Four Criteria, No Ambiguity
Kraken announced the migration of kBTC, its wrapped Bitcoin, to Chainlink CCIP (Cross-Chain Interoperability Protocol). The entire cross-chain asset suite of the exchange is moving to the new infrastructure, not just wrapped Bitcoin.
The exchange’s official statement leaves no room for interpretation: the choice of Chainlink CCIP rests on “enterprise-grade infrastructure with strict security and risk management requirements.” Four criteria are cited explicitly: ISO 27001 and SOC 2 Type 2 certifications, a secure-by-default architecture, 16 independent nodes, and native rate limiting.
These four elements respond precisely to the vulnerabilities exposed by the Kelp hack. No multi-verifier setup, single RPC provider dependency, no transaction rate caps: Chainlink CCIP provides exactly the structural guarantees that LayerZero lacked when the exploit hit. This is not a comfort choice. It is a point-by-point technical response.
The migration by Kraken also marks a shift in how exchanges approach cross-chain infrastructure. Until now, major platforms left bridge selection to DeFi protocols. Now they are making that choice themselves, based on industrial certification criteria.
Also on Cryptonomic:
- XRP Goes Solo: Whale Accumulation Record, ETFs on Fire and JPMorgan
- JPMorgan Launches MONY on Ethereum: $100 Million Tokenized
- Top 3 Altcoins Closest to Their ATH in May 2026
$2.5 Billion in TVL Migrated: Not a Reaction, a Repositioning
Before Kraken, three major protocols had already left LayerZero for Chainlink. Kelp, the direct victim of the hack, migrated first. Solv Protocol followed with $700 million in tokenized Bitcoin. Re Protocol completed the sequence. Together, these migrations represent over $2.5 billion in TVL transferred to Chainlink CCIP in under a month.
LayerZero had captured a significant share of the bridge market through its flexible configuration model. That same flexibility, which allowed protocols to rely on a single verifier, became its undoing. The “configure as you wish” model showed its limit against a state-level adversary.
Chainlink has spent years building a reputation on technical rigor and oracle decentralization. The $2.5 billion migration to CCIP validates that strategy. In a market where a single vulnerability costs $292 million, structural security trumps functional flexibility. The same logic now guides institutional actors in their blockchain infrastructure choices, as we analyzed with the JPMorgan MONY fund launch on Ethereum: the underlying infrastructure has become a selection criterion as important as yield.
For LINK investors, the equation is straightforward. Every additional billion in TVL on Chainlink CCIP generates validation fees distributed to network nodes. The growth of CCIP adoption is a structural revenue driver for the protocol, beyond short-term price fluctuations.
Follow the story on Cryptonomic.
Pingback: Iran Launches Hormuz Safe: Bitcoin Maritime Insurance - Cryptonomic
Pingback: Bitcoin ETF Outflows Top $1 Billion as BTC Falls Below $77,000 - Cryptonomic