Chainlink CCIP Gains $3B TVL After $292M KelpDAO Exploit

More than $3 billion in total value locked has migrated from LayerZero-style cross-chain rails onto Chainlink's Cross-Chain Interoperability Protocol (CCIP) following a $292 million exploit at KelpDAO. Chainlink confirmed the move, saying KelpDAO, Solv Protocol, Re, and Tydro have begun decommissioning legacy oracles and bridge systems in favor of CCIP. The shift is feeding directly into LINK's price action: the token jumped 15% to $10.52, its highest level since January.

Why it matters

Cross-chain bridges have long been one of crypto's most attacked surfaces — Chainalysis counts more than $2 billion stolen across 13 bridge hacks through 2022, with North Korean-linked groups among the most active. CCIP runs on Chainlink's decentralized oracle network infrastructure, which the project says now includes more than 2,000 oracle networks in production, securing over $110 billion in value across more than 70% of DeFi. That standardization is exactly what teams managing nine-figure treasuries are now shopping for.

LayerZero has admitted the configuration that failed was its responsibility. The protocol acknowledged that allowing its Decentralized Verifier Networks (DVNs) to function as the sole verifier for high-value cross-chain transactions "created a risk we simply didn't see." It also disclosed a previously unreported three-year-old incident in which a multisig signer used LayerZero hardware for a personal trade — the signer was removed, wallets rotated, and the protocol moved to a custom-built multisig framework.

Market impact

The rally has been backed by real supply tightening. Santiment data shows LINK's exchange reserves fell by 13.5 million LINK over five weeks, more than 10.5% of the supply recorded on exchanges in early April. That combination — TVL inflows plus shrinking float — is the setup bulls want to see, and it explains why the price move held rather than fading with the news cycle.

LayerZero is pushing back on the narrative. The protocol says more than $9 billion has moved through its infrastructure since the April attack, and that the KelpDAO breach affected 0.14% of network applications and roughly 0.36% of total value. Major assets including USDe, WBTC, and weETH remain active on the rails. Tom Wan, head of data at Entropy Advisors, framed the open question: can an apology slow the client exodus, or is this just the start?