Kraken Drops LayerZero After Kelp DAO Incident Fuels Security Concerns

Crypto exchange Kraken announced on Thursday that it is replacing its cross-chain infrastructure provider, shifting away from LayerZero and adopting Chainlink’s Cross-Chain Interoperability Protocol (CCIP), in a broader industry reaction following the Kelp DAO exploit in April.

Kraken Moves kBTC and Wrapped Assets to Chainlink CCIP

According to the exchange, Kraken is discontinuing its current cross-chain setup and fully migrating to Chainlink CCIP as the exclusive infrastructure powering Kraken Wrapped Bitcoin (kBTC) along with all future wrapped asset products.

The company explained that the decision was driven by Chainlink’s “enterprise-grade security architecture,” highlighting features such as strict risk management frameworks, certification standards, a secure-by-default design, a network of 16 independent nodes, and built-in rate limiting mechanisms.

Kelp DAO Exploit Triggers Industry-Wide Reassessment

The shift comes in the aftermath of the Kelp DAO exploit in April, where attackers, believed to be linked to the Lazarus Group, stole approximately $292 million in liquid restaking tokens.

Since the incident, LayerZero has faced increased scrutiny across the crypto ecosystem, with multiple protocols reassessing their reliance on its infrastructure.

On May 9, LayerZero issued what it described as an “overdue apology,” admitting shortcomings in communication over the preceding weeks. The team stated that internal RPC systems were compromised, with their “source of truth poisoned,” while external RPC providers were simultaneously targeted by denial-of-service attacks.

However, LayerZero also argued that the incident was tied to Kelp DAO’s configuration choices, particularly its single-DVN (Decentralized Verifier Network) setup. The protocol emphasized that no other applications were impacted, noting that more than $9 billion in bridged assets had been processed since April 19.

Growing Wave of Migrations Away From LayerZero

Kraken is not the only entity shifting infrastructure providers. Kelp DAO itself has confirmed it is migrating to Chainlink CCIP and recently burned 117,132 rsETH linked to the attacker as part of its recovery process.

Other major moves include:

• Solv Protocol, which on May 7 announced migration to CCIP for its $700 million Bitcoin tokenization infrastructure.

Re (onchain reinsurance protocol), which on May 8 shifted $475 million in TVL away from LayerZero.

Multiple protocols, according to MEXC, collectively moving more than $3 billion in total value locked (TVL) to Chainlink CCIP post-exploit.

Meanwhile, leading Ethereum liquid staking protocol Lido has also integrated CCIP, calling Chainlink’s defense-in-depth model a “benchmark standard” for cross-chain security.

Market Reaction Remains Mixed Despite Security Shift

Despite the surge in adoption, Chainlink’s native token LINK showed no immediate price reaction and continues trading near bear market lows around $10, roughly 80% below its 2021 peak.

In contrast, LayerZero’s token ZRO has fallen more than 30% since the April exploit and remains down over 80% from its 2024 all-time high, according to market data from CoinGecko.

LayerZero has not issued a public response to recent industry migrations, and requests for comment have gone unanswered.

Security, Trust, and the New Cross-Chain Hierarchy

The aftermath of the Kelp DAO exploit marks a turning point in how cross-chain infrastructure is evaluated in crypto markets. What was once a competition driven largely by scalability and developer adoption is now increasingly defined by perceived security resilience and institutional-grade reliability.

The rapid migration toward Chainlink CCIP reflects a broader shift in market psychology: protocols are no longer optimizing solely for performance, but for survivability under coordinated attack scenarios. The fact that multiple high-value platforms, including Kraken and large TVL protocols, moved within weeks suggests that trust, once damaged at the infrastructure layer, is difficult to rebuild.

At the same time, the muted price reaction in LINK highlights a disconnect between fundamental adoption and market valuation, indicating that investors may still be pricing Chainlink based on macro crypto conditions rather than protocol-level expansion.

Ultimately, this episode reinforces a structural reality: in a multi-chain ecosystem increasingly targeted by sophisticated threat actors, cross-chain security providers are becoming systemic infrastructure, not optional middleware.