LayerZero Fallout Pushes $2B Crypto Protocols to Chainlink

Protocols controlling nearly $2 billion in crypto assets have announced migrating away from LayerZero after the cross-chain platform disclosed major security failures tied to April’s exploits. Tom Wan, Head of Data at Entropy Advisors, said KelpDAO, SolvProtocol, and re have started migrating to Chainlink CCIP, signaling rising concern over LayerZero’s security model after hackers linked to North Korea’s Lazarus Group compromised an internal RPC node.

The shift marks one of the largest trust setbacks for a cross-chain interoperability platform this year. KelpDAO alone represents about $1.5 billion in total value locked, while SolvProtocol and re add another $800 million combined. As a result, Chainlink CCIP has started gaining traction among protocols seeking stronger security guarantees for cross-chain transfers.

https://twitter.com/tomwanhh/status/2053200067612258438?ref_src=twsrc%5Etfw” target=”_blank” rel=”noopener

Wan questioned whether LayerZero’s public apology arrived too late to stop the outflows. He wrote, “Can an apology stop their clients from leaving to Chainlink or is this just the beginning.” However, several major token issuers still rely on LayerZero’s OFT infrastructure, including USDe/sUSDe by Ethena, weETH by Etherfi, USDT0 by Tether, thBILL by Theo, and WBTC by Bitgo. 

LayerZero admits major security weaknesses

LayerZero softened its stance after weeks of pressure from users, developers, and affected protocols following the April exploit. The company initially pointed to KelpDAO’s security configuration during the early investigation. However, LayerZero later acknowledged that its own system design created risks by allowing too much reliance on a single verifier for large transactions.

The company also disclosed new details about the breach. LayerZero said North Korea’s Lazarus Group compromised an internal RPC node tied to the attack. Additionally, the firm revealed an operational mistake involving one of its multisig signers. According to the statement, the signer had previously used a production hardware wallet for a personal transaction.

LayerZero admitted that its communication strategy worsened concerns across the market. The team wrote, “We’ve done a terrible job on comms over the past three weeks.” Moreover, the company said users wanted clearer answers immediately after the exploit instead of technical explanations delivered weeks later.

Security upgrades aim to restore confidence

LayerZero has started rolling out new security measures as pressure grows across the cross-chain market. The company removed support for high-risk 1/1 DVN setups after critics blamed weak verification structures for increasing security exposure during the April exploit. Consequently, LayerZero now plans to move most routes toward stricter 5/5 verifier configurations.

The protocol also continues upgrading its infrastructure to reduce operational risks. LayerZero is building a second DVN client in Rust to improve system diversity and lower dependence on a single software setup. Additionally, the company plans to increase multisig approval requirements from 3-of-5 to 7-of-10. Its OneSig system now lets signers verify transactions locally before signing approvals.

Despite the backlash, several ecosystem participants still support the protocol’s long-term model. Zerolore, Co-Founder of USDT0, described LayerZero as “the golden standard for cross chain interoperability.” He said projects handling large cross-chain liquidity must invest heavily in their own security systems instead of relying entirely on infrastructure providers.

Also Read: Weekly Wrap: Bitcoin Reclaims $80K, CLARITY Act Heads to Trump’s Desk, TON Explodes 120%