In the world of DeFi, trust is everything. And right now, one of the most widely used pieces of blockchain infrastructure is losing it fast.
Two major DeFi protocols, Solv Protocol and Kelp DAO, have pulled nearly $1 billion in combined assets away from LayerZero and moved them to Chainlink’s competing system. The reason? A string of devastating bridge hacks that have shaken confidence in how assets are moved between different blockchains.
This isn’t a technical dispute happening in some dark corner of crypto Twitter. This is real money moving in response to real losses. And the fallout could reshape how the entire DeFi industry thinks about security.
What Triggered the Exodus?
It started with the Kelp DAO hack in April. Attackers drained roughly 116,500 rsETH tokens worth approximately $292 million from Kelp’s bridge, which was built on LayerZero’s technology. The attack was later attributed to North Korea’s Lazarus Group, the same state-sponsored hacking operation behind several other major crypto exploits this year.
After the hack, a very public blame game broke out. LayerZero said Kelp was using a single-verifier setup for its bridge, meaning just one checkpoint was protecting hundreds of millions of dollars. LayerZero claimed it had recommended a more secure multi-verifier model, but Kelp chose not to use it.
Kelp fired back, saying that LayerZero personnel had reviewed and approved the exact configuration that was later exploited. In Kelp’s version of events, the setup wasn’t some rogue decision. It was signed off on by the people who built the system.
The truth likely sits somewhere in between. But for DeFi users who lost money, the finger-pointing doesn’t bring their funds back.
Solv Protocol Pulls $700 Million Out
The Kelp hack sent shockwaves through the DeFi community, and other protocols using LayerZero started asking hard questions about their own security.
Solv Protocol, which manages over $700 million in tokenized Bitcoin products (SolvBTC and xSolvBTC), was one of the first to act. On Thursday, Solv announced it is deprecating all LayerZero bridge support and migrating entirely to Chainlink’s Cross-Chain Interoperability Protocol, known as CCIP.
The migration covers bridges on Corn, Berachain, Rootstock, and TAC, essentially every blockchain where Solv’s tokenized Bitcoin products are available. Solv’s Chief Technology Officer Will Wang said the decision came after an extensive security review prompted by the recent wave of bridge attacks across the industry.
Kelp DAO itself has also announced plans to rebuild its cross-chain infrastructure around Chainlink’s CCIP, moving away from the LayerZero system that was at the centre of its $292 million exploit.
Combined, the two migrations represent close to $1 billion in assets shifting from one infrastructure provider to another. That’s an enormous vote of no confidence.
After an extensive security review, we have decided to deprecate @LayerZero_Core bridges for SolvBTC and xSolvBTC, and migrate to @Chainlink CCIP as our official cross-chain infrastructure solution for $700M+ in tokenized BTC (SolvBTC & xSolvBTC).
In light of recent industry… pic.twitter.com/t6y7v9rt8J
— Solv Protocol (@SolvProtocol) May 7, 2026
Why Bridges Are DeFi’s Weakest Link
To understand why this matters, you need to understand what bridges do. In simple terms, a bridge lets you move your crypto assets from one blockchain to another. If you have tokens on Ethereum but want to use them on Solana or another network, a bridge handles that transfer.
The problem is that bridges hold huge amounts of locked funds while managing complicated verification systems. That combination makes them one of the most attractive targets for hackers. When a bridge gets compromised, the losses tend to be massive because so much value is concentrated in one place.
The numbers tell the story. The Ronin bridge hack in 2022 lost $622 million. The WazirX bridge exploit in 2024 lost $230 million. The Kelp DAO attack this April lost $292 million. Bridges are consistently where the biggest losses happen in DeFi.
The core issue in many of these attacks is how transactions get verified. In Kelp’s case, the bridge relied on a single verifier to confirm that cross-chain transfers were legitimate. That meant one point of failure. One compromised checkpoint was all the attackers needed to drain the entire system.
What Makes Chainlink’s CCIP Different?
Chainlink’s CCIP uses a fundamentally different approach. Instead of relying on a single verifier, it uses multiple independent validators to confirm every cross-chain transaction. That means an attacker would need to compromise several separate systems simultaneously to execute an exploit, which is significantly harder.
CCIP also includes what Chainlink calls a “secure by default” framework, meaning protocols don’t have to manually configure their security settings to get strong protection. The system is designed to be robust from the start, reducing the risk of misconfiguration that contributed to the Kelp hack.
Johann Eid, Chainlink’s Chief Business Officer, said the migrations reflect a broader trend across DeFi. He described it as a “flight to quality” similar to what happened during DeFi Summer in 2020, when protocols rapidly consolidated around the infrastructure providers they trusted most.
Chainlink already powers price feeds and data services for many of the largest DeFi protocols. Adding cross-chain infrastructure to that portfolio positions it as an increasingly central piece of the DeFi stack.
What Does This Mean for LayerZero?
LayerZero isn’t going quietly. After the Kelp hack, the company contributed 10,000 ETH to a DeFi United recovery fund and announced that it would no longer sign messages for applications using single-verifier configurations. It has also mandated that all applications on its platform transition to multi-verifier setups.
Those are meaningful steps. But the damage to LayerZero’s reputation may already be done. When two protocols representing close to $1 billion in assets publicly announce they’re leaving your platform because of security concerns, that sends a signal to the rest of the market.
The bigger question is whether other DeFi protocols currently using LayerZero will follow Solv and Kelp’s lead. If the exodus continues, LayerZero could face a serious challenge to its position as one of the leading cross-chain infrastructure providers.
For now, the company has the chance to rebuild trust by implementing stronger default security measures and demonstrating that its updated multi-verifier model can prevent future attacks. But in DeFi, trust is hard to earn and easy to lose.
What DeFi Users Should Take Away From This
For everyday DeFi users, this story highlights a risk that’s easy to overlook. When you bridge assets between blockchains, you’re trusting the security of that bridge with your funds. Most users never think about which verification system their bridge uses or how many checkpoints stand between their money and a potential attacker.
That needs to change. Before bridging significant amounts of crypto, it’s worth checking which infrastructure a protocol uses, whether it’s been audited recently, and what security model protects cross-chain transfers. Protocols that have migrated to more robust systems like Chainlink’s CCIP are making a deliberate choice to prioritise user safety.
The DeFi industry is growing up. And part of growing up means taking security as seriously as innovation.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making any investment decisions.
