A month after the KelpDAO exploit, the conversation has shifted once again-- and Crypto Twitter is finally talking about the underlying bridge vulnerabilities that could make the next attack far worse.

At first, the focus was the hack itself: a 1/1 LayerZero DVN setup, a compromised verifier path, nearly $600M of fake rsETH minted, and $292M in real ETH drained from Aave. It’s a story as old as DeFi, and, while large, is only one of more than $2B in bridge hacks that have plagued the industry since its inception.

However, at this point, it looks like protocols are beginning to take action.

KelpDAO, Solv, Re.xyz, Kraken, and Lombard have reportedly moved more than $4B in assets from LayerZero to Chainlink CCIP. As of their self-provided data, LayerZero is the largest provider of bridge services by assets secured; reportedly secures around $79B across 166 chains.

Large protocols that have recently announced a move from LayerZero to Chainlink CCIP include:

• KelpDAO: Announced on May 5, 2026. KelpDAO was the first to publicly break away and confirm its infrastructure shift following the exploit.

• Solv Protocol: Announced on May 7, 2026. The protocol shared details on X detailing how it would leverage CCIP to secure its tokenized Bitcoin.

• Re (re.xyz): Announced on May 8, 2026. The on-chain reinsurance protocol officially posted its transition to power the reUSD token safely.

• Kraken: Announced on May 14, 2026. The official @krakenfx X account posted that it was completely deprecating LayerZero to use CCIP as its exclusive cross-chain infrastructure.

• Lombard: Announced on May 15, 2026. Both the @Lombard_Finance and @chainlink X channels posted their joint confirmation regarding the $1B+ migration wave.

But is this a good idea-- and will it prevent the next bridge exploit? In most cases, it is. And, that depends, but it will certainly make it harder to conduct another attack just like this.

Here’s the rundown:

LayerZero’s model gives applications flexibility. Developers choose their own verifier networks, thresholds, and trade-offs. In theory, that’s great for customization and decentralization. In practice, it allowed a high-value protocol to run with a single critical verifier — and LayerZero later admitted it was a mistake to permit its DVN to secure high-value transactions in that configuration.

To be fair, LayerZero can be very safe, but its out-of-the-box configuration is an extremely unsafe way to secure funds-- and it takes teams significant setup time and efforts to bridge that gap. Most DeFi protocols are focused on product and business development, not becoming security experts, which naturally makes LayerZero a poor choice for many applications.

These protocols are just as responsible as LayerZero; they knew they were using a low-cost, DIY model, and if they didn’t understand the risks, they either didn’t read (or didn’t understand) LayerZero’s basic dev docs.

But flexibility and “Did you read the dev docs?” isn’t an excuse for letting protocols secure billions of dollars with a highly unsafe software configuration.

LayerZero’s belated “apology” posted May 8, 2026. Source: X.

Plus, LayerZero’s delayed response made things worse. Waiting nearly three weeks to speak directly, then opening with an apology for communications while minimizing the incident as 0.14% of applications and 0.36% of value, was not the message the DeFi community needed to hear.

The migration to CCIP is not just about Chainlink winning market share. It is about institutions choosing a little flexibility in exchange for fewer ways to catastrophically misconfigure security.

Here’s what you need to know.

1. Is CCIP really safer than LayerZero (and other bridges)?

In most cases, yes, including almost all out-of-the-box setups that don’t require at least 4/4 uncorrelated DVNs (protocol-operated verifier nodes that use LayerZero’s software) operated by reputable, known parties to reach consensus.

Other protocols offer less customization, but their out-of-the-box setups can provide even a large protocol quite a good amount of bridge security.

Below, we’ll take a look at LayerZero and compare it to Chainlink CCIP, the best-known and likely the most secure option, as well as two others: Wormhole and Axelar.

Bridge Security Protocol Comparison

LayerZero

Unlike protocols like Axelar or Chainlink CCIP, which rely on groups of independent node operators to verify transactions, LayerZero allows users to spin up their own verifier nodes, known as Decentralized Verifier Networks (DVNs).

Each application that uses LayerZero chooses its own DVN requirements: how many verifiers must sign off, and which ones. Until the KelpDAO attack occurred, dApps could use as little as one DVN; that number is now two.

That flexibility, along with low setup costs, can make the protocol attractive, but it’s also its biggest weakness.

KelpDAO used the default, 1/1 DVN LayerZero bridge setup that was permitted, but not recommended. Lazarus successfully compromised their DVN, allowing them to deposit nearly $600M of rsETH that didn’t exist into an Aave lending pool, as collateral to borrow $292M of real ETH.

Chainlink CCIP

• Node Count and Agreement: Chainlink’s Cross-Chain Interoperability Protocol (CCIP) comprises Decentralized Oracle Networks (DONs), each consisting of 16 independent node operators. To confirm a transaction, three types of DONs must be used in a three-stage process, as follows:

  • Committing DON: The Committing DON monitors the source chain. Once a transaction is finalized (e.g., after enough block confirmations), the nodes reach consensus on the message, bundle it into a “message root,” and write that root to the Commit Store contract on the destination chain.

  • Risk Management Network (RMN): The Risk Management Network’s (RMN’s) nodes independently pull the same data from the source chain and compare it to the root stored in the destination’s Commit Store. If the data matches, the RMN nodes “bless” the root.

  • Executing DON: After the “blessing,” the Executing DON takes the individual messages from a blessed root and submits them to the destination chain’s OnRamp to complete the transaction (e.g., minting tokens or triggering a smart contract).

• Node Correlation Reduction Strategy:

  • Node Distribution: According to information published on the Chainlink website, CCIP DONs: “are operated by a geographically distributed collection of Sybil-resistant, security-reviewed, independent operators”.

  • Infrastructure Policy: Furthermore, they state that: “Node operators implement infrastructure diversity, including on-premise bare-metal and multi-region cloud deployments, as well as operating robust RPC infrastructure with multiple layers of redundancies and verification checks.”

  • Codebase Diversity: The RMN is written in Rust, while the other DONs are written in Go, to help reduce correlation and potential node corruption.

• Validator List: Not all CCIP node addresses are mapped to names in a single list, but major partners are known: T-Systems (Deutsche Telekom), Vodafone, Swisscom, Infura, and BlockDaemon. The community website Chainlink Ecosystem provides an unofficial list here.

Wormhole

Wormhole uses a “Proof-of-Authority” model where nodes are known, high-reputation entities.

• Node Count & Agreement: Consists of 19 Guardians. Agreement requires 13 out of 19 (approx. 68%) to sign a Verifiable Action Approval (VAA).

• Exact Node Providers: The full list of 19 is public on the Wormhole Dashboard, including well-known operators such as Everstake, Chorus One, Figment, and ChainLayer.

• Infrastructure Strategy: Guardians must run full nodes for every chain they support to ensure they observe “ground truth” rather than relying on third-party RPC providers such as Infura or Alchemy.

Axelar

Axelar operates as a Cosmos-based chain, making its validator set and stake distribution the most transparent of the three.

• Node Count & Agreement: Capped at 75 active validators, currently 52 are live. A weighted supermajority (two-thirds, or about 66.7%) of the delegated stake is required for agreement.

  • Quadratic Voting: To prevent a small group of large stakers from controlling the bridge, Axelar uses quadratic voting. A validator’s weighted voting power equals the square root of their delegated stake, not the stake itself, as seen in the table below. In practice, this means doubling your voting power requires four times the capital.

  • Nakamoto Coefficient: Since voting power is determined by the square root of delegate stake, the minimum number of nodes required to reach 2/3 of quadratic power (voting power) is currently 27.

• Validator List: You can view the real-time list of all 75 operators, their voting power, and historical uptime on Axelarscan. Major entities include Everstake, Cosmostation, Figment, and Chorus One.

Top Axelar Network Validators: Apr. 30, 2026

Should DeFi protocols even keep using LayerZero?

Given all of this, why are any DeFi protocols still using LayerZero? Instead of trying to be DeFi protocol operators and infrastructure security experts, wouldn’t it just be easier for a team to trust Chainlink?

In many cases, the answer is yes. Chainlink nodes are operated by companies like Deutsche Telekom, T-Systems, and Swisscom. These companies have legal accountability, regulatory compliance requirements, and brand reputations to lose if something goes wrong:

However, there are some reasons why institutions may wish to use LayerZero, including:

• Chain coverage: CCIP supports around 60 chains; LayerZero supports nearly 170, including. Unichain, Ink, MegaETH, Plasma, all of which are L2s Kelp actually needed often.

• Switching costs: Migrating away from a service like LayerZero means redeploying contracts, re-auditing, and migrating liquidity. For institutional LayerZero clients, such as USDT0’s 29-chain deployment, it can easily take months and cost several million dollars.

• High-frequency, low-value messaging: A cross-chain DEX sending 10,000 messages/day at $1.50 each would cost $5.5M/year, which could be prohibitive. At LayerZero’s rates, that’s $100K–$300K, which is significantly more affordable.

2. The underlying problems with bridge security

Bridges are still the weakest link in DeFi security. DefiLlama lists the amount stolen from bridge hacks at $2.098B, accounting for around 27% of the total $7.738B in recorded DeFi hacks. Other prominent bridge hacks include the Apr. 1, 2026, Drift protocol bridge hack, which drained $285M from the Solana-based perp DEX, and the Mar. 2022 Ronin bridge hack, which drained $615M in ETH and USDC from the sidechain designed to host the then-popular game, Axie Infinity.

As previously mentioned, LayerZero is the single largest provider of bridge infrastructure services by assets secured; according to their official analytics, they currently secure around $79B across 166 chains. Chainlink CCIP is second; though they don’t list the value of the assets they secure, the unofficial Chainlink Ecosystem website lists it at around $60B. Other bridge infrastructure providers, like Axelar and Wormhole, secure significantly less, with Wormhole’s largest bridge, Portal, securing $2.29B and Axelar securing slightly more than $150M. Outside these infrastructure providers, tens of billions (possibly over $100B) are secured by standalone bridges, like Coinbase Bridge, and WBTC’s custodial setup.

LayerZero DVN setups as of Apr. 18, 2026

Unfortunately, according to research by Dune, the 1/1 setup, which has now been deprecated (LayerZero now requires 2/2), was used by 47% of 2,665 LayerZero client applications at the time of the attack (or at least those listed in the study). 45% used a 2/2 configuration, and only around 5% used a 3/3+ setup.

If hackers had successfully attacked all bridges with other 1/1 DVN configurations on Apr. 18th, billions more, perhaps up to $5-10 billion, could have been at risk.

Three of the protocols that secured the most value in the 90-day period sampled by the Dune study (approximately Jan. 20 to Apr. 20, 2026) and still showed a minimum 1/1 configuration as of Apr. 18, included:

• USDT0 ($3.98B TVL*, 29 chains): Tether’s multi-chain USDT. The largest stablecoin in crypto, now deployable natively across dozens of networks via LayerZero.

• Stargate ($116M TVL, 70 chains): The original LayerZero bridge, used for moving stablecoins and wrapped tokens.

• wBTC ($9.015B TVL**, 21 chains): In late 2024, BitGo selected LayerZero as the official interoperability provider to take WBTC “omnichain” using the OFT (Omnichain Fungible Token) standard. This means it secures wBTC transfers between Ethereum and other supported chains, such as Avalanche, BNB Chain, and Aptos, but does not secure WBTC on Ethereum.

*This represents the estimated TVL for UST0 and the Stargate bridge as of Apr. 18.

**While, as mentioned, LayerZero does not secure wBTC on Ethereum, in theory, a successful bridge hack could allow a user to bridge (or appear to bridge) a large percentage of the market cap of wBTC to a supported blockchain like Arbitrum, allowing the attacker to use this bridged wBTC as collateral for a loan on Aave or elsewhere.

What’s still at risk after the CCIP migrations?

While protocols have adopted some additional bridge security measures in the wake of the attack, they may not be enough. A 2/2, or even 3/3, configuration often provides a sufficient attack surface to enable serious damage.

On the lending side, as long as lenders in the DeFi ecosystem allow LSTs, LRTs, and other bridged assets as collateral without strict security measures such as real-time transaction monitoring, regular asset-based security reviews, and more conservative lending practices, such as time-based rate limits and lower leverage limits, attackers may still be able to obtain large loans via bridge exploits.

Below, we break down the universe of bridged assets into 5 risk tiers:

• Tier 0: 1/1 LayerZero DVN setups: Prev. ~$4-7B (Now $0)

• Tier 1: 2/2-3/3 LayerZero DVN setups: ~$60-70B

• Tier 2: Cross-chain LST/LRT lending collateral: ~$4.4B

• Tier 3: Total LST/LRT lending collateral: ~$16.7B

• Tier 4: All third-party bridged TVL: ~$350B

While this division of assets should be helpful in providing a rough estimate of bridge-exploit risk, it’s far from perfect, as a wide array of factors can affect the risk of any individual bridged asset.

Tier 0: 1/1 LayerZero DVN setups on Apr. 18: ~$4-7B ($0 Residual)

This exact attack vector is closed; as previously mentioned, the central LayerZero Labs DVN will not sign messages from any applications that utilize a 1/1 configuration.

Tier 1: 2/2-3/3 LayerZero DVN setups: ~$60-70B

While some larger projects, like the yield-based stablecoin protocol Ethena, which uses LayerZero to support its USDe ($3.90B market cap), staked USDe (sUSDe) ($1.97B market cap), and USTb ($627M market cap) stablecoins, as well as cross-chain iterations of its ENA token, upgraded from 2/4 to a stronger 4/4 DVN setup, as did the LST platform Ether.fi (currently $5.52B TVL).

However, most smaller projects that use LayerZero have not mentioned any security upgrades, and, if we assume, out of an abundance of caution, that they likely have not upgraded outside the 2/2-3/3 range, this could still leave ~$60-70B in assets that still have a relatively low level of security.

Tier 2: Cross-chain LST/LRT lending collateral: $3.32B*

The most similar asset type to rsETH is other liquid staking/restaking tokens deployed on non-origin chains (requiring bridge infrastructure to maintain their peg), which are currently accepted as collateral in lending protocols.

All of these are accepted as collateral across one or more major DeFi lenders, including Aave V3, Morpho, Compound, Euler, Benqi, and Venus.

*This figure represents the total value of tokens deposited as collateral — not the amount borrowed against them. At typical LTVs of 70–80%, the maximum theoretical loan exposure against this collateral would be roughly $3.9–4.4B.

Tier 3: Total LST/LRT lending collateral: $11.84B*

Across 99 token variants and 85 protocols, the full exposure to liquid staking and restaking tokens used as lending collateral is $11.84 billion, including mainnet positions. Even Ethereum mainnet LSTs/LRTs carry indirect risk: their backing relies on staking validators, oracle pricing, and protocol-level governance, each of which can be manipulated. If a token’s redemption mechanism is compromised anywhere in the stack, accepted collateral becomes bad debt.

*This is gross collateral value, not outstanding debt. At average DeFi LTVs, actual loans outstanding against this collateral are loosely estimated to be around $7B.

Tier 4: Total LST/LRT market cap: $59.1B

These assets require the core asset (i.e., ETH, staked ETH, SOL, staked SOL) to be secured via a bridge, so that users can mint the derivative asset, (i.e. staked ETH, restaked ETH, staked SOL, or restaked SOL). The holders of these staked or restaked tokens could lose funds in a bridge hack, but only the LSTs or LRTs used as collateral could lead to losses in adjacent lending platforms.

Tier 5: All third-party bridged TVL: $341B

This is the theoretical ceiling: all tokens currently bridged via third-party infrastructure across all chains. It includes stablecoins, wrapped assets, yield-bearing tokens, and everything else. Not all of it is used as collateral for lending, but all of it depends on bridge verification logic to maintain its legitimacy.

4. What do LayerZero users need to do to improve security?

While several major protocols have left LayerZero, not all will; and for those who choose to stay, they should be careful to make sure that their setup is sufficiently secure. While it might be nice to make a system “as secure as possible,” there are always tradeoffs between security, latency, and decentralization (i.e., the blockchain trilemma).

Therefore, before deciding on security tactics, it’s important to consider the broader truths behind blockchain consensus, as bridge systems, just like blockchains and dApps, also need to reach agreement on the transaction level.

We can make a few axiomatic statements about consensus in distributed systems, which can apply to both blockchains and bridges:

1. The more uncorrelated nodes a system requires to reach consensus (i.e., its Nakamoto Coefficient), the more secure it is.

2. In a distributed system, there is always some trade-off between security and liveness (most research suggests that BFT consensus provides a fair balance).

3. If the identity of a node operator is unknown and there are no consequences for that operator’s bad behavior, that node is at least equally likely to reduce security as to increase it.

Therefore, increasing the security of a blockchain bridging protocol like LayerZero relies on utilizing enough uncorrelated nodes with public operators who have something to lose if they behave badly or irresponsibly.

As we touched on earlier, LayerZero allows protocols to choose the number and identities of their validator nodes, unlike traditional bridge security providers. This means that protocols using LayerZero take on significantly more responsibility and must make more key decisions regarding bridge security.

Number of Bridge Verifier Nodes: Risk vs. Cost

Adding additional nodes is not particularly expensive. In practice, a single DVN instance costs roughly $200–$ 500/month on cloud infrastructure. A 4/4 setup with four independent operators would likely run $10,000–25,000/year all-in, less than 0.01% the assets that Kelp secured at the time of the exploit.

While the table assumes unanimous agreement (n/n), this is not required for LayerZero DVN setups. Applications determine the required threshold; 2/3 and 3/5 setups can also be implemented; however, it’s a good idea for systems to be Byzantine Fault Tolerant (BFT), meaning that at least ⅔ of the nodes would need to be compromised for the system to fail.

As previously mentioned, there is always a trade-off between liveness and safety. BFT systems are more resilient compared to unanimous consensus systems; a single offline node doesn’t halt the network. LayerZero Competitors like Chainlink (11/16) and Wormhole (13/19) require BFT-level consensus.

Node Operator/Verifier Identity

When setting up a LayerZero DVN, it’s not just the number, but also the identity of the node operators/verifiers that count.

In most cases, it’s better to use well-known providers (e.g., Google Cloud, Fidelity) that have a reputation to lose if they cause a preventable security failure. Since LayerZero is more of a DIY toolset, a protocol can choose its own DVN providers, while done-it-for-you services like Chainlink CCIP or Axelar (as we’ll discuss later) typically already work with well-known node operators.

Node Correlation

Even if you have a relatively large number of nodes operated by trusted, independent operators, ensuring there is little to no correlation among them is equally important. Even if each node is operated by a different trusted organization, uses the same cloud provider, or uses the same codebase, it may effectively be as easy a target as a single verifier.

What “uncorrelated” actually means, in order of importance:

• Different server infrastructure (AWS, bare metal, GCP; not all cloud)

• Different software stacks and internal security teams

• Different funding sources / no shared investors

• Different legal jurisdictions (can’t be subpoenaed simultaneously)

To provide a good example of the second bullet, Chainlink CCIP uses multiple Go and Rust, which, in theory, should make it more resistant to zero-day exploits.

3. What should protocols do now?

Fix the bridges

The first two sections of this article explain why many protocols are choosing to migrate from LayerZero to Chainlink CCIP. If a protocol does not have the time, budget, or security expertise to manage a custom bridge configuration, it should strongly consider using CCIP, Axelar, or another done-for-you model instead.

For teams that stay on LayerZero, the bare minimum should be clear: use multiple independent DVNs, avoid correlated infrastructure, publish verifier configurations, and treat bridge settings with the same seriousness as core smart contract upgrades.

Be stricter with bridged collateral

But the KelpDAO exploit was not just a bridge failure. It was also a lending-risk failure.

The attacker could only drain real ETH because Aave accepted bridged rsETH as collateral. That means lenders need to evaluate the full security stack behind bridged assets, not just the token contract itself.

Before accepting LSTs, LRTs, wrapped assets, or other bridged tokens as collateral, lending protocols should ask:

• What bridge secures this asset?

• How many verifiers are required?

• Who operates them?

• Are they independent and uncorrelated?

• Are there rate limits, circuit breakers, or supply reconciliation checks?

If the answer is unclear, the asset should be isolated, capped, or excluded entirely.

Invest more in security — especially the weak links

The deeper issue is that DeFi protocols often underinvest in boring but essential security work. This includes bridge monitoring, collateral reviews, RPC redundancy, phishing prevention, transaction simulation, formal verification, and multi-firm audits.

The exact budget will vary by protocol, but the principle is simple: if a protocol is earning millions in annual revenue while securing billions in user assets, security cannot be treated as a discretionary expense.

The KelpDAO exploit showed that attackers do not need to break the strongest part of the system. They only need to find the weakest verification layer attached to the largest pool of usable collateral.

That is why the LayerZero-to-CCIP migration matters. It closes one obvious failure mode. But unless lenders, bridges, and protocols also improve collateral standards and security spending, the next attack will simply move to the next weakest link.

The lesson: flexibility isn’t free

The LayerZero-to-CCIP migration isn’t a broad judgment on Chainlink’s superiority vs. LayerZero; it just means that Chainlink CCIP has a better product-market fit for most large DeFi protocols.

LayerZero can still be useful for teams that need deep customization, broad chain coverage, or lower-cost messaging. But those teams need to treat bridge configuration like core protocol security, not like a default setting they can accept without serious review.

For everyone else, the move to CCIP makes sense. Institutions usually prefer fewer knobs, fewer assumptions, and fewer ways to accidentally secure billions of dollars with a weak verifier setup.

But the bigger lesson goes beyond LayerZero. The KelpDAO exploit worked because three things lined up at once: a weak bridge configuration, high-value collateral, and a lending protocol willing to accept that collateral.

The highest-value target with the weakest verification layer and the most composable attack surface is the one that gets hit. The LayerZero 1/1 DVN-KelpDAO-Aave stack scored near-perfect on all three.

CCIP can reduce one failure mode. It cannot fix careless collateral onboarding, weak governance, poor monitoring, or chronic underinvestment in security.

DeFi does not need to become risk-free. That is impossible. But if protocols are earning millions in annual revenue while securing billions in assets, failing to fix simple security issues is inexcusable.

As DeFi users and investors, we deserve better.

Key Sources:

1. LayerZero, KelpDAO Incident Statement, Apr. 19, 2026 — https://layerzero.network/blog/kelpdao-incident-statement

2. Aave Governance Forum, rsETH Incident Report, Apr. 20, 2026 — https://governance.aave.com/t/rseth-incident-report-april-20-2026/24580

3. Chainalysis, Inside the KelpDAO Bridge Exploit, Apr. 2026 — https://www.chainalysis.com/blog/kelpdao-bridge-exploit-april-2026/

4. Dune Analytics, LayerZero DVN Setups Dashboard — https://dune.com/dune/layerzero-dvn-setups

5. LayerZero OFT Scan — https://layerzeroscan.com/oft

6. LayerZero Docs, Gasolina DVN Overview https://docs.layerzero.network/v2/workers/off-chain/gasolina-overview

7. QuillAudits, KelpDAO rsETH Hack Analysis — https://www.quillaudits.com/blog/hack-analysis/kelp-dao-hack

8. Wormhole Dashboard — https://wormhole.com/dashboard

9. Axelarscan — https://axelarscan.io/validators

10. DefiLlama, Bridged Token TVL & LST/LRT Lending Data — https://defillama.com