Would crypto be better off without LayerZero?
Published on
The April 18th rsETH exploit cost DeFi $292 million and its most prominent crosschain infrastructure provider its reputation. Within weeks, protocols collectively managing over $4 billion in assets had migrated away from LayerZero. Chainlink called it a flight to safety. The market seemed to agree. But is crypto actually better off without LayerZero? This article is our attempt to answer that question honestly.
Introduction
On April 18th, one of the largest hacks ever recorded took place. LayerZero's infrastructure was compromised and, due to a weak cross-chain setup within KelpDAO's bridge, over $292 million were stolen by the Lazarus Group. The weeks that followed were both ugly and fascinating to follow, as protocols publicly pointed fingers and shifted blame.
The DeFi United initiative, pushed forward by Aave, LayerZero, and Kelp succeeded in collecting enough funds to fully refund affected users, but the story wasn’t over yet.
As the dust settles, one question remains: is crypto better off without LayerZero? Chainlink pushed forward a "flight to safety" narrative and took a visible victory lap on its competitor's compromised infrastructure. We think the answer is more complicated than that.
In this research you will find our opinion on this topic, as well as quotes from the two protocols involved: LayerZero, and Chainlink, as well as a public statement made by USDT0’s cofounder ZeroLore.
This piece is an opinion on the situation and the overall crosschain solutions of the industry.
For the full technical breakdown and ecosystem consequences, we have published two in-depth investigations linked below.
Loading post...
Loading post...
The communication War
When LayerZero's infrastructure was implicated in the April 18 rsETH exploit, the two main crosschain infrastructure providers engaged in heated arguments, and what we could call a communication war over socials.
The Timeline
April 18, 17:35 UTC - 116,500 rsETH ($293M) drained from KelpDAO's OFT bridge. The Lazarus Group executed a three-phase attack: compromising two LayerZero Labs internal RPC nodes, DDoSing the external failovers, and generating a valid attestation for a fabricated burn event. The bridge's 1-of-1 DVN configuration had no second opinion to call.
April 19 - LayerZero published its first public statement. The protocol "functioned exactly as intended." The phrase immediately became viral across the industry.
May 5 - KelpDAO released a counter-memo that included a Telegram screenshot of a LayerZero Labs team member approving the 1/1 configuration without flagging it as a risk. The memo also cited a Dune analysis showing that 47% of active OApp contracts were running 1/1 DVN configurations at the time of the hack. LayerZero claims that this was a selective screenshot and that it did not represent the conversation accurately.
May 6 to 16 - The migration wave. Kelp, Solv Protocol, Re, Kraken (and Ink), and Lombard announced successive moves to Chainlink CCIP, totaling approximately $4 billion in total AUM in under two weeks. It is worth noting that Solv and Lombard already integrated CCIP before this and simply moved some additional chains over.
May 9 - LayerZero published what it called an "overdue apology." Opening line: "We've done a terrible job on comms over the past three weeks."
Chainlink's "Flight to Safety"
Chainlink did not wait for the dust to settle. Within days of the exploit, the CCIP team was appearing in migration press releases and framing each announcement around protocols choosing a more secure solution to execute their crosschain transfers. We reached out to Chainlink to better understand what was happening.
"We are witnessing a 'flight to safety' happen in real time. Kraken, Lombard, Solv Protocol, Re, Tenbin, and Kelp DAO itself have all recently migrated to Chainlink CCIP, bringing over $4 billion in value with them. These leading protocols conducted extensive security reviews before deliberately deprecating their legacy bridging solutions." - Chainlink CCIP Team
The strategy was effective precisely because it was built on a real trend. The five migrating protocols shared a clear profile with Bitcoin-adjacent or hard-collateral assets where custodial trust is non-negotiable. Their decisions were rational based on what just happened, and Chainlink was taking advantage of this migration to highlight it publicly. The migration wave validated everything CCIP had been saying about opinionated security defaults.
While Chainlink was taking a victory lap on the timeline, LayerZero was struggling to align its own communications with those of its CEO, which created more confusion, and provoked more questioning from the community rather than answering their questions.
What LayerZero Said And Why
While we all want to see transparency, accountability, and overall recognition of mistakes, LayerZero’s communications read more as corporate and legal defense. The "functioned as intended” line was a reflex protecting them from future liabilities. LayerZero's post-mortem would later explicitly distinguish between "LayerZero the protocol" (immutable, permissionless, on-chain), and "LayerZero Labs," the organization that operates infrastructure to support it.
What the team failed to anticipate was how that precision would read to an industry that had just lost $293M and was looking for accountability, not legal architecture. We reached out to LayerZero’s team to provide additional context on these communications.
"We were caught off guard on the comms front. It's clear that this was one of the biggest failings. A ton was happening behind the scenes that put us on the defensive from the jump. That, combined with an instinct to communicate that there was no vulnerability in the protocol, led to some really lackluster comms, namely the 'functioned as intended' line which just completely missed the point. We also put the majority of our energy into 1:1 customer conversations, but the lack of external comms just made everything that much worse - it looked like we were hiding, not taking accountability."
"It's a really painful lesson, but an important one, and I think it only made sense for us to follow up with a clear public apology for screwing this up. We should have said a lot more, a lot sooner, a lot more clearly."
The apology that followed three weeks later was direct and unusual for a major protocol. It read like something a bunch of humans would write and not lawyers like the previous communications. The statement provided a clear contrast between shift-blaming and finger-pointing that took place before.
Before getting to the differences between Chainlink and LayerZero crosschain solutions, it’s worth discussing how the market felt since the beginning of the debacle. The hack took place on April 18th 2026. Before the hack, the prices for LINK and ZRO were evolving in a similar pattern. After April 18th, LINK started outperforming ZRO and the difference in performance reached 43.7% after the Kraken migration was announced. Since then, the market pulled both tokens back, bringing ZRO’s price further down and impacting LINK’s overperformance.
What’s the difference between Chainlink CCIP and LayerZero?
This is among the most underexplored dimensions of this story, and the answer reveals fundamentally different visions of what crosschain infrastructure should be. In this part of the research we will explore the costs of each infrastructure and who pays for this service.
LayerZero - DIY crosschain infrastructure
LayerZero’s core innovation lies in its configurability by different apps and protocols that decide to use their solution. The protocol has created an OFT (Omnichain Fungible Token) standard. In practice, if tokens are issued on one chain, they can be locked in the OFT Adapter (a smart contract that acts as custodian of native assets) to then be minted on the destination chain.
When users want to bridge it back to the original chain, the OFT issued on the bridged chain is burned and the native collateral is released from the OFT Adapter. In order for this to work, DApps need to set up their configuration with a certain number of DVNs that will have to approve crosschain transactions (X-out-of-Y DVNs) with a minimum of 2 different DVNs. It is up to the protocols to choose how many DVNs they want to integrate into their structure.
This allows a protocol like USDT0 to run a proprietary veto-powered DVN with invariance checks engineered specifically for its own threat model. A small experimental protocol can rely on other available DVNs for a cheaper price, iterate quickly, and make it usable as soon as they need it with almost no extra cost.
This means that the security model for each protocol relies both on DVNs working properly, as well as their own security setup.
"Our DVN will no longer sign as the sole required attestor on any channel. We're also working with partners across the ecosystem to harden their configurations where appropriate. We will also be significantly more selective around which OFTs we list within our first-party products." - LayerZero
Chainlink CCIP - Security as a Service
CCIP takes the opposite philosophical position entirely. Instead of letting DApps configure their own setup, Chainlink is responsible for the integration and management of assets transacting on the CCIP standard.
"We simply cannot expect every user to be a cross-chain infrastructure security expert. That is our job. That is why Chainlink CCIP is engineered to provide an enterprise-grade, strong baseline of security right out of the box."
Every CCIP lane is redundantly validated by 16 independent, security-reviewed node operators, each running its own isolated RPC infrastructure with no shared dependencies. A Risk Management Network, written by a separate Chainlink team, on independent hardware, continuously cross-checks what the Committing DON reported against actual chain state, and can pause any lane the moment it detects a discrepancy. When asked directly what would have happened if KelpDAO had used CCIP, this was Chainlink’s answer:
"If KelpDAO had been running exclusively on Chainlink CCIP, this attack would have failed. Fabricating a message under this model requires breaching multiple entities simultaneously. Every operator fetches source-chain state through its own isolated RPC infrastructure, so a compromised individual or breached server cannot unravel the network. Generating the forged attestation used in this hack is impossible on our architecture."
For protocols that want additional controls layered on top of CCIP's base posture, v1.6 introduced Token Developer Attestation (TDA). This allows asset issuers to run their own off-chain attestation service where a transaction is only processed if the issuer cryptographically attests to the source-chain burn or lock event. It addresses part of the flexibility gap without exposing the underlying security to developer misconfiguration.
Core differences between LayerZero’s OFT standard and Chainlink’s CCIP
| Dimension | LayerZero | Chainlink CCIP |
|---|---|---|
| Security model | Configurable DVN (X-of-Y-of-N, developer choice) | Fixed: 16 independent operators + Committing DON + RMN |
| Default security posture | Minimum 2 DVNs required | Maximum redundancy, non-overridable |
| Optional customization | Full - choose DVNs, set quorum, custom libraries | Token Developer Attestation (v1.6) |
| Chain coverage | 165+ | 78+ |
| Token standard | OFT (burn/mint embedded in token contract) | CCT (separate token pool, ERC-20 untouched) |
| Developer control over security | Full | None (or partial if TDA is applied) |
| Production since | 2021 | 2023 |
| All-time fees | ~$75.3M | ~$1.8M |
What are the costs?
While structural differences are interesting to cover, one of the things worth mentioning are the costs that both protocols apply to the end user for its crosschain infrastructure.
A user bridging on LayerZero pays three things: source-chain gas, a DVN verification fee, and a pre-paid executor fee covering destination gas. This represents approximately less than $1 to $5 per message regardless of transfer size and depends almost entirely on the chains used for bridging. The fee is amount-agnostic by design whether you bridge $100 or $100,000, the cost is identical. This is a structural advantage for institutional and corporate entities that constantly need to bridge assets in-and-out of chains, and power users across the crypto ecosystem that need to move big volumes.
It is also worth noting that LayerZero has captured $0 in protocol revenue from its messaging layer across its entire history. Every dollar of its $75.3M in all-time fees went to DVN and Executor operators. A fee switch mechanism, which would route an additional fee to ZRO buyback-and-burn, has been put to governance vote four times and has never passed quorum. ZRO's only active buyback source today is Stargate, which redirected 100% of its revenue to ZRO repurchases from March 2026 onward.
In 2026 LayerZero has so far processed over $57 billion in crosschain volume. Today the protocol remains the leader in this field representing around 87% of the total crosschain volume.
Chainlink operates on a different model.
"Whoever initiates a cross-chain message pays a single fee on the source chain, in LINK or in the chain's native gas token, and CCIP handles execution on the destination chain regardless of gas conditions. That fee breaks down into two parts: a blockchain fee, which covers the gas cost of executing the transaction on the destination chain, and a network fee, a fixed value which goes to the Chainlink Network as an economic incentive for the network's proper operation."
For lock/unlock routes, the network fee is 0.045% in LINK, making CCIP proportional to transfer size, where a $1,000 transfer costs approximately $0.45, a $100,000 transfer costs approximately $45. For burn/mint routes, the fee is flat at $0.225 to $1.50 regardless of size, comparable to LayerZero's flat fee model. Paying in LINK provides a 10-25% discount. All fees flow into the Chainlink Reserve, programmatically converted to LINK tokens to support long-term network sustainability and staker rewards.
The DefiLlama database tracks Chainlink's all-time fees at $56.26M. Chainlink provided OAK Research with transfer volume figures: approximately $1.2B in 2024, $10.8B in 2025, and over $8B in the first five months of 2026, with cumulative volume recently crossing $20B. These figures come from Chainlink directly and, if the pace holds, would make 2026 CCIP's highest-volume year on record surpassing all previous years combined.
Who stayed true to LayerZero and why?
While many protocols decided to stick with LayerZero’s infrastructure, we decided to highlight the two of them that generate most of the volume and have the highest TVL, as well as LayerZero’s stance on why the protocols decided to continue using their infrastructure.
Ethena
On April 19, Ethena paused its LayerZero bridge for USDe and sUSDe. Four days later it resumed the transfers with a better crosschain security infrastructure after upgrading its DVN configuration from 2/2 to 4/4. All four independent DVNs must now simultaneously attest every packet. The per-pathway rate limit remains in place as a hard circuit breaker.
The scale of what Ethena routes through LayerZero makes this decision significant. USDe is deployed across 29 chains. Of that supply, over $172M sits on TON, a chain where CCIP has no presence today. Migrating to CCIP would have immediately stranded a meaningful portion of USDe's supply without a viable cross-chain path. Ethena was also expanding to new chain deployments during the same window it was hardening its DVN configurations.
USDT0
USDT0 co-founder Zerolore was the most direct public voice in support of LayerZero after the hack.
"LayerZero is the golden standard for cross chain interoperability BECAUSE of its high level of customizability. Unfortunately, this means application owners need to invest serious resources to match the security standard that the capital moving through our rails demands. At USDT0 this has been our main priority from day 1. Security IS the product." - Zerolore, Co-Founder, USDT0
USDT0's architecture is fundamentally dependent on LayerZero for reasons that are not optional. USDT0's design premise is a single canonical USDT supply shared across chains. When a user moves USDT0 from Arbitrum to any destination, the supply is unified, not swapped between liquidity pools.
ZeroLore’s praise of the protocol is simultaneous with an acknowledgment that USDT0's safety came from internal investment in security engineering, not from LayerZero's defaults.
It also makes sense for a protocol like USDT0, the tokenisation, and liquidity layer of Tether, to be responsible for its own security. This is why LayerZero’s design makes the most sense where the choices in DVN setup as well as circuit breakers belongs entirely to the team instead of relying on an external provider.
Why these protocols stayed
When OAK Research asked LayerZero directly why protocols chose to remain after the hack, the answer went to the core architectural argument:
"The whole idea of the LayerZero protocol is to give power to the application developer. Different applications have different needs, and allowing each application to configure their own security stack to reflect those needs is exactly why we built the protocol. This meant the April incident was contained to a single application. This is because of the design of the LayerZero protocol's architecture: If something were to happen to any other crosschain protocol, 100% of the value is at risk." - LayerZero Team
This is something we’ve seen in the past with all the bridges hacks. Once the infrastructure is compromised, all assets are at risk. It doesn’t matter if one protocol is affected because all of the tokens rely on one single infrastructure creating a single point of failure. It is however important to note that before the hack, several DApps relied on a 1/1 DVN structure, but the impact was contained.
It is important to stress that the security within LayerZero’s infrastructure is managed by protocols themselves. Therefore, it is not the easiest solution to implement as it requires competent teams to handle this infrastructure along with guardrails and monitoring at an institutional level. Some smaller protocols also opt for LayerZero’s solution to benefit from the flexibility it offers. But in this situation we are seeing the largest protocols stick with LayerZero: they are capable of doing so and have the budget for it.
Would crypto be better without LayerZero?
Throughout the article, we believe that our stance is pretty clear. Even after what happened with the rsETH hack, crypto would not be better off without LayerZero. There are several elements that would support our view on this.
1 - The monopoly problem
If LayerZero were to disappear tomorrow, Chainlink CCIP would hold an effective monopoly over institutional-grade cross-chain infrastructure. CCIP would not earn this position through competition. It would inherit it through elimination. And monopolies, across every industry and every era, have tendency to become a worse solution for its customers and clients.
Think about AT&T, which controlled US telecommunications for decades and used that position to suppress innovation, raise prices, and resist the adoption of technologies it did not develop. Think about the legal scrutiny now placed on Google's Play Store dominance, where a platform with no viable competition sets pricing and policy unilaterally, with no market mechanism to correct it over time. Think about TicketMaster that imposed exorbitant fees on fans with poor service during peak hours of sales.
While these monopolies have nothing to do with crypto, it is pretty predictable how things would turn out if LayerZero were to disappear. Higher fees, less accepted chains, a single point of failure where if Chainlink’s infrastructure got compromised, protocols would all be affected. Chainlink addressed this concern when we reached out to them:
"On the single point of failure concern, I'd actually argue the opposite is true. A single point of failure exists when one server, organization, or employee can unilaterally compromise the entire trust model. That was the issue in the recent exploit. Moving value across chains requires 16 independent organizations reaching absolute consensus before any transaction settles."
Finally, LayerZero services chains that CCIP does not cover yet. This would mean high impact for chains that have not integrated Chainlink, migration of the entire infrastructure, or development of their own crosschain tool that would be far less secure than both CCIP or OFT standards.
The first argument for the title of this research and the question we are trying to find our answer to is: crypto would not be better off without LayerZero.
2 - Reading the room
Why are we still talking about the rsETH hack over two months after it happened?
While we covered the situation, pushed protocols for more transparency, and overall hoped for all users to get whole, the question about LayerZero’s role in our ecosystem going forward kept coming up.
Throughout the noise around the hack, terrible takes, poor communications, and victory laps that we’ve seen, we wanted to provide our stance on the situation after talking to the involved parties directly, asking the hard questions, and analysing the overall state of the crosschain infrastructure.
We have seen major protocols backing LayerZero, but we also saw protocols leaving the infrastructure the team has created. We are also aware that this piece might be interesting to read for any protocol or chain willing to expand to other ecosystems, but also know that there might be some fiery supporters of both sides that will think that we are too harsh or too soft in our opinion.
We believe that OAK Research exists to filter the noise, provide clear judgement, while remaining impartial in our research material. We are aware that the rsETH hack and everything that followed shows that crypto is still struggling to learn from its past mistakes and that we are likely going to see more hacks, more mistakes, and more terrible situations happen in the coming years. We do, however, remain optimistic about the fact that these hacks set a better path forward for all the parties involved and improve the competitive landscape for anyone trying to go crosschain.
Gain legitimacy and visibility
Become a partner of OAK Research
Reach a qualified audience through in-depth analyses and reports. Get in touch to discuss partnerships, project showcases, or any professional inquiry.
Therefore, the answer to our initial question here is again a hard no. We need alternatives that are capable of gathering strong builders around them that are able to deliver and push the industry forward. LayerZero succeeded in doing just that.
3 - Something we didn’t think was possible
While writing this research piece, we reached out to both LayerZero and Chainlink teams to provide quotes you’ve seen throughout the article, but also acknowledge something their main competitor succeeded in. We asked both teams the question we weren’t sure they would answer: what does your competitor do well? Well, they did.
Chainlink, on LayerZero
“The one area I'd give them credit on is the developer experience, particularly early on. Their CLI tooling made it fast to get from zero to a working integration, and that's a meaningful part of why they grew as quickly as they did in the early days. We were more focused on the underlying security and infrastructure work in that period for RWA and TradFi design partners, and as such we supported less blockchains at the time. That's changed significantly over the past year."
LayerZero, on Chainlink
“Chainlink has built an amazing oracle business and their marketing team is second to none. They do a great job on market positioning and I’m sure we could learn a lot from their ability to explain their product in simple terms which is something they’ve always done well.”
This is definitely the part that we are proud of achieving while covering both the rsETH hack, and trying to respond to the hard question many believed they had an answer to. During the heat of the moment, a lot of market participants tend to jump to conclusions without thinking of the consequences of what they are wishing for.
Wishing for LayerZero to go down for Chainlink to win is like betting on Arsenal to win against PSG just because you don’t like French people. It just makes no sense.
