Several crypto projects are abandoning alternative oracle setups and moving to Chainlink after Chaos Labs disclosed it was the target of a sophisticated hacking attempt last weekend — an incident authorities say bears the hallmarks of a nation-state operation.
What happened
- Chaos Labs said the breach was limited to operational wallets used for routine on-chain tasks; its oracle network — which supplies price and data feeds to dApps — was not breached. Founder Omer Goldberg tweeted on May 7, 2026, that “the surface area was strictly contained to operational wallets,” and emphasized that “Chaos Oracles run in a fully isolated environment with nodes distributed globally, protected by layered security and cryptographic controls.”
- The company rotated all keys after detecting the attempt and reported no further suspicious activity. Cyber teams and authorities assisting the investigation told Chaos that the methods used are consistent with nation-state actors; no specific country has been named and the probe is ongoing.
Who is moving and why it matters
- Borrowing platform Tydro announced it is migrating to Chainlink’s oracle infrastructure following the incident.
- Solv Protocol also flagged plans to move its cross-chain setup away from LayerZero and toward Chainlink, citing recent industry events.
- Kelp DAO — itself still recovering from a damaging April exploit — is shifting its restaking token rsETH to Chainlink.
Those migrations reflect a broader loss of confidence in oracle and cross-chain alternatives and a “flight to safety” toward more widely trusted providers, even as Chaos Labs maintains its core oracle services were never compromised.
Bigger picture: state-backed threats and a turbulent April
- Authorities and security researchers have long warned that state-backed hacking groups are a major risk for crypto infrastructure. Reports suggest North Korea-linked actors alone stole at least $578 million in April across multiple incidents; Pyongyang denies involvement in global cybercrime.
- The Chaos Labs incident arrives amid a wave of high-profile attacks earlier in April, including the Kelp DAO exploit — one of the most damaging of the year — which rippled through the lending market and contributed to an $8 billion drop in Aave’s total value locked. Drift Protocol and more than a dozen other firms were also hit during that period.
What’s next
- Chaos Labs says it has activated its highest-severity incident response, is cooperating with authorities, and will release more details as the investigation allows. Meanwhile, several projects’ migration plans suggest the market may consolidate further around a small set of oracle providers as teams prioritize security and resilience.
The situation remains fluid; we’ll update with new details as they emerge.
Read more AI-generated news on: undefined/news
