Cryptocurrency exchange Kraken announced on Thursday that it is migrating its cross-chain infrastructure from LayerZero to Chainlink's Cross-Chain Interoperability Protocol (CCIP). The decision places Kraken among a growing list of protocols abandoning LayerZero after the Kelp DAO exploit in April, which resulted in the theft of around $292 million in liquid restaking tokens.

Kraken will deprecate its existing cross-chain provider and adopt Chainlink CCIP as its exclusive cross-chain infrastructure for Kraken Wrapped Bitcoin (kBTC) and all future wrapped tokens. The exchange cited CCIP's enterprise-grade security, secure-by-default design, 16 independent nodes, and native rate limits as key factors. 'Chainlink CCIP offers enterprise-grade infrastructure with strict security and risk management requirements,' Kraken stated in its announcement.

Background on the LayerZero Controversy

LayerZero, an omnichain interoperability protocol, has been under intense scrutiny since the Kelp DAO exploit on April 19. Attackers, suspected to be linked to North Korea's Lazarus Group, stole approximately $292 million in liquid restaking tokens. The incident exposed weaknesses in LayerZero's security model, particularly its reliance on a single Decentralized Verifier Network (DVN) configuration.

On May 9, LayerZero issued an 'overdue apology,' admitting it had done a 'terrible job on comms over the past three weeks.' The team revealed that its internal RPCs (remote procedure calls) were attacked and had their 'source of truth poisoned,' while external RPC providers were also hit with a denial-of-service attack. However, LayerZero blamed Kelp DAO's configuration—specifically its single-DVN setup—as a direct cause of the exploit. LayerZero confirmed that no other application was affected and that over $9 billion in bridged assets had been moved safely since April 19.

Migration Away from LayerZero Accelerates

Kraken is not alone in moving to Chainlink CCIP. Kelp DAO itself announced it is in the process of migrating to CCIP and has burned 117,132 rsETH from the hacker's address as part of recovery efforts. Solv Protocol, which manages $700 million in tokenized Bitcoin, announced on May 7 that it is migrating from LayerZero to CCIP. On May 8, onchain reinsurance protocol Re followed suit, migrating its $475 million in total value locked.

According to data from MEXC, more than $3 billion in total value locked has been migrated to CCIP since the Kelp hack. Numerous protocols have suspended bridging via LayerZero. Lido, the world's largest Ethereum liquid staking protocol, also uses CCIP. In a blog post on Thursday, Lido explained, 'Chainlink's defense-in-depth model acts as the definitive standard for cross-chain interoperability.'

What Makes Chainlink CCIP Different?

Chainlink CCIP is designed for secure cross-chain communication. It uses a decentralized network of independent oracles, each running multiple nodes, to validate and relay messages between blockchains. The protocol includes built-in rate limits to prevent large-scale exploits, programmable token transfers, and support for arbitrary messaging. CCIP undergoes regular security audits and has achieved enterprise certifications such as SOC 2 and ISO 27001. Its architecture isolates risks by separating different layers of security, reducing the likelihood of a single point of failure.

In contrast, LayerZero relies on a system of 'Ultra Light Nodes' and 'Oracles' to verify cross-chain transactions. While this design reduces costs and improves efficiency, critics argue it introduces centralization risks. The Kelp exploit highlighted how misconfiguration of the DVN could lead to catastrophic losses. LayerZero has since implemented changes, including mandatory security audits for all DVN configurations, but confidence has been shaken.

Market Reaction to the Exodus

The exodus from LayerZero has had a muted impact on Chainlink's native token, LINK, which remains near bear market lows around $10—down 80% from its 2021 peak. However, LayerZero's ZRO token has suffered significantly. Since the April exploit, ZRO has declined over 30% and is down more than 80% from its 2024 all-time high, according to CoinGecko.

Kraken's switch is part of a broader trend of centralized exchanges and DeFi protocols prioritizing security over cost or speed. The decision to adopt CCIP for wrapped tokens like kBTC is particularly significant because these tokens represent claims on underlying Bitcoin, and any compromise could affect the entire ecosystem.

Implications for Cross-Chain Interoperability

The ongoing migration underscores the importance of robust security in the cross-chain space. As the crypto industry expands into multi-chain ecosystems, the ability to move assets seamlessly and securely between blockchains is critical. The Kelp DAO incident has forced protocols to reevaluate their infrastructure providers, leading to a consolidation around CCIP. Whether LayerZero can recover its reputation remains uncertain, but the loss of major clients like Kraken, Solv, and Re is a significant blow.

Other protocols are also watching closely. The migration of over $3 billion in TVL to CCIP within weeks suggests that the market demands higher assurance levels. Chainlink's established reputation as a decentralized oracle provider gives it an edge, but competition from other interoperability solutions remains. The industry is likely to see further shifts as security standards evolve.

Source: Cointelegraph News