Lombard Finance disclosed today that they are completely moving their more than $1 billion of Bitcoin-baked assets (LBTC, along with BTC.b) to Chainlink’s Cross-Chain Interoperability Protocol (CCIP) as their sole method for cross-chain infrastructure. This will result in the depreciation of LayerZero across Solana, Etherlink, Berachain, Corn, and TAC, with LayerZero on Morph and Swell also being fully deprecated.
What triggered the migration
After the recent KelpDAO incident cost $292 million in value-related issues, Lombard Finance initiated a “full internal security review” of its existing protocol. During this process, Lombard learned that their current configuration was still using a single verifier (1-of-1) configuration operated by LayerZero’s bridge technology. Lombard emphasized that the migration “prioritizes the safety and security of all Lombard users” while continuing to achieve a 100% uptime record of zero security incidents. Furthermore, the protocol also noted that the move reflects “where the market is heading, toward infrastructure that is secure by default and built to institutional standards.”
Why Chainlink CCIP
According to Lombard, Chainlink CCIP offers many benefits, including:
- Chainlink has a layered security design with a minimum of 16 unrelated node operators to guarantee that each bridge lane is secure
- The oracle has native risk controls, including rate limits that act as circuit breakers to prevent widespread contagion
- Institutional certifications, including System and Organization Controls 2 (SOC 2) Type 2 and International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001:2022
- Cross-Chain Token (CCT) standard enabling a “burn and mint” native bridging model with a single canonical token across chains, thus eliminating vendor lock-in
With migrating to Chainlink’s CCIP, Lombard has decided to adopt the CCT standard, so the protocol will own the token contracts on its own, without any specific CCIP dependencies (i.e., non-standard CCIP libraries or functions). Lombard will also be implementing additional layers of security where Lombard’s Security Consortium will verify transactions as an extra level of assurance, or additional attestation.
Other projects following suit
Since the KelpDAO exploit, other decentralized finance (DeFi) projects started moving away from LayerZero. On one hand, KelpDAO itself announced it was migrating to Chainlink CCIP, publicly disputing LayerZero’s account of the incident and accusing the protocol of approving the so-called single-verifier configuration. On the other hand, Solv Protocol also decided to move its more than $700 million tokenized Bitcoin portfolio from LayerZero to Chainlink CCIP. Combined with Lombard′s over 1 billion in assets, more than $2.7 billion in cross-chain value has now shifted away from LayerZero toward Chainlink in just two weeks.
Other big names in the space, like Kraken (moving its kBTC) and Re (onchain capital for real-world risk) protocol, with $475 million in total value locked (TVL) are also adopting Chainlink security infrastructure.
In a recent announcement, LayerZero admitted its fault in the Decentralized Verifier Network (DVN) minstake configuration, and publicly issued an “overdue apology.” Moreover, the LayerZero Labs team has pledged more than 10K ETH to Aave-led DeFi United efforts to recover rsETH users’ funds, which is already up and running.
Despite all of this, the protocol is suffering the consequences of a technical mistake that cost millions to the DeFi industry in one of the worst chapters in blockchain security. Nevertheless, they have just announced in a post that over $700 million of cross-chain volume flowed across LayerZero rails on April 14.