Security breach shakes LayerZero

In April, an attacker exploited the LayerZero cross‑chain bridge used by Kelp, siphoning $293 million and creating a $300 million shortfall in DeFi. The breach also impacted Aave and other platforms, prompting KelpDAO to blame LayerZero’s security failure.

Protocol exodus

Following the incident, protocols with roughly $2 billion in total value locked (TVL) left LayerZero for alternatives. The wave began with KelpDAO, which alone controls $1.5 billion, and continued with SolvProtocol ($600 million), Re ($200 million) and others.

Root causes disclosed

LayerZero admitted that its internal RPC node was compromised by the Lazarus group and that a misconfigured DVN created a single point of failure, further eroding confidence.

Impact on Bridge volume

Bridge activity on LayerZero fell to a historic low of $91 million as users sought safer routes. Despite the outflow, some major assets—USDe, weETH, USDTO, thBILL and WBTC—continue to rely on LayerZero’s OFT, with Zerolore, co‑founder of USDT0, calling the protocol the “gold standard” for cross‑chain interoperability.

Chainlink CCIP gains momentum

As protocols migrated, Chainlink’s Cross‑Chain Interoperability Protocol (CCIP) saw a sharp rise in usage. Cross‑chain token value now exceeds $61 billion, and CCIP’s volume reached $19.4 billion, signaling growing market confidence.

Future outlook

The sustainability of CCIP’s growth hinges on LayerZero’s ability to restore trust. Any further security incident could accelerate the shift toward Chainlink’s solution.