Lombard becomes the latest protocol to jump ship to Chainlink CCIP as LayerZero outflows top $4 billion
A growing exodus from LayerZero toward Chainlink’s Cross-Chain Interoperability Protocol (CCIP) accelerated after an April 2026 exploit that drained $292 million — 116,500 rsETH — from Kelp DAO’s LayerZero-powered bridge. That breach has sparked a rush by major projects and exchanges to migrate cross-chain traffic to CCIP, citing stronger operational safeguards and enterprise-grade assurances.
Why projects are leaving
The exploit prompted LayerZero to acknowledge it “made a mistake” by allowing its verifier network to secure high-value assets under the configuration that was used. In the fallout, several high-profile migrations and commitments to Chainlink CCIP followed:
- Kraken: The exchange announced it will replace LayerZero with Chainlink CCIP as the exclusive cross-chain infrastructure for kBTC and all future Kraken-wrapped assets, pointing to CCIP’s enterprise-grade security and its ISO 27001 and SOC 2 Type II certifications.
- Kelp DAO: After the April exploit, Kelp moved its rsETH to Chainlink CCIP in early May while a dispute over responsibility with LayerZero continued. LayerZero has denied that the single-verifier configuration in question had been approved by its staff.
- Solv Protocol: On May 7, Solv shifted roughly $700 million in tokenized Bitcoin (including SolvBTC and xSolvBTC) off LayerZero and onto CCIP.
- Re.xyz: The platform migrated $475 million in TVL to CCIP, citing CCIP’s 16 independent validator nodes and built-in rate limits as decisive security features.
- Lombard: Joining this wave, Lombard also announced its move to Chainlink CCIP, adding to the more than $4 billion in migrations away from LayerZero.
Chainlink CCIP: credentials and scale
Projects point to CCIP’s operational track record and certifications as major selling points. Chainlink reports CCIP has supported over $28 trillion in cumulative on-chain transaction value and averages roughly $90 million in weekly token transfers. CCIP is also, to date, the only oracle platform holding both ISO 27001 and SOC 2 Type II certifications — credentials many institutional players say matter for custody and compliance.
LayerZero’s response and the road ahead
In response to the wave of criticism and migrations, LayerZero has removed support for 1-of-1 DVN (single-verifier) configurations and said it plans to move most routes toward stricter 5-of-5 verifier setups. The team also noted that despite the recent departures, more than $9 billion in bridged assets continued to flow through its infrastructure since April 19.
What this means
The episode highlights how quickly security incidents can reshape cross-chain infrastructure choices. For many custodial platforms and high-value asset issuers, formal certifications and multi-node verifier models are now non-negotiable. Whether LayerZero’s tighter verifier requirements will restore confidence — or whether CCIP will continue to consolidate market share — will be a key story for cross-chain liquidity and risk models in the months ahead.
Read more AI-generated news on: undefined/news
