Mass Exodus from LayerZero: KelpDAO and Solv Protocol Migrate to Chainlink After $292M rsETH Hack

Even as the scandal around frozen assets on AAVE begins to fade, LayerZero’s troubles appear to be just getting started.

In the past few days, several major DeFi protocols have publicly announced they are abandoning LayerZero’s infrastructure in favor of Chainlink CCIP, citing serious cross-chain messaging vulnerabilities. The total value of assets migrating already exceeds $1 billion, with some estimates reaching as high as $3 billion.

It all started with KelpDAO. On May 5, 2026, the protocol published a detailed post openly calling the hack of its wrapped token $rsETH a “LayerZero Hack.”

Recall: on April 18, 2026, attackers (identified by Chainalysis as linked to North Korea’s Lazarus Group) crafted a fake cross-chain message using a 1-of-1 DVN configuration (single validator - LayerZero Labs). This allowed them to drain 116,500 rsETH worth approximately $292 million, which was then used as collateral on Aave.

KelpDAO states that:

• The 1-of-1 configuration was the default recommended by LayerZero’s documentation and team.
• Over 47% of LayerZero OApp contracts were using the same setup.
• The attack exploited a compromise of LayerZero’s own infrastructure (RPC nodes, binaries, and lack of multi-provider quorum).

“LayerZero blamed its users for a problem caused by their own infrastructure,” KelpDAO emphasized.

The protocol has already begun migrating rsETH from LayerZero OFT to Chainlink’s Cross-Chain Token (CCT) standard via CCIP, a solution with multiple independent oracle networks and a multi-year track record with zero losses. The migration is gradual and requires no action from users.

LayerZero founder Bryan Pellegrino (@PrimordialAA) responded the same day: “Most of this is simply not true.” He published on-chain evidence showing that KelpDAO originally used a multi-DVN setup (LayerZero Labs + Google) and manually switched to 1-of-1 on April 1, 2024. According to him, the documentation repeatedly warned about the risks of 1/1 in production environments.

Later, LayerZero admitted the “mistake” of allowing its own DVN to secure high-value assets in 1/1 mode and has since banned such configurations.

Next came Solv Protocol, with over $700 million in TVL across tokenized Bitcoin products (SolvBTC and xSolvBTC). On May 7–8, the protocol officially announced it was fully discontinuing LayerZero bridges in favor of Chainlink CCIP across all chains (Corn, Berachain, Rootstock, TAC). The decision followed a comprehensive security review and consideration of recent incidents.

“We are moving to the safest cross-chain solution in the industry,” Solv stated.

According to sources, in the last 48 hours at least 14 protocols have paused or completely stopped using LayerZero bridges - including Re, Tydro, Huma Finance, and others. The total outflow of assets to Chainlink CCIP has already reached billions of dollars. DeFi TVL has dropped $15 billion since the April hack.

What’s next?

LayerZero is facing a full-blown crisis of trust. Many projects are reassessing the risks of DVN centralization and choosing solutions with greater decentralization and a proven track record (Chainlink CCIP has processed over $30 trillion with zero losses). For the market, this is a clear signal: security is now priority #1, even at the expense of speed and convenience.