DeFi platforms shift oracle strategies following $293M Kelp DAO security breach
After a $293 million security breach revealed vulnerabilities in third-party oracle and bridge systems, Solv Protocol and additional DeFi platforms are transitioning to Chainlink's infrastructure.
The decentralized finance sector is conducting comprehensive security assessments of its blockchain oracle service providers following last month's $293 million Kelp DAO security incident. In the wake of this exploit, numerous protocols have disclosed their plans to transition toward Chainlink's infrastructure over the past several days, pointing to heightened security concerns regarding third-party oracle and bridge service providers.
Bitcoin DeFi platform Solv Protocol made an announcement on Thursday regarding its decision to transition to Chainlink's Cross-Chain Interoperability Protocol (CCIP) while phasing out LayerZero bridges. The decision followed what the platform described as an "extensive security review" that determined CCIP offered the "strongest security assurances" available.
Just one day before Solv's announcement, liquidity protocol Tydro revealed its own transition to Chainlink infrastructure. This move came after Chaos Labs, Tydro's former oracle provider, experienced a security incident that forced Tydro to temporarily suspend markets due to worries about the accuracy of its price feed data.
These infrastructure migrations follow an April 18 security breach where malicious actors successfully extracted 116,500 Kelp DAO restaked ETH (rsETH) tokens with an estimated value ranging from $290 million to $293 million. In response to this exploit, Kelp DAO implemented its own migration, moving its rsETH token to Chainlink's infrastructure and abandoning its former LayerZero-powered bridge solution after determining the breach stemmed from vulnerabilities in its cross-chain architecture.
However, LayerZero contested this characterization on April 20, asserting that the security breach occurred due to a single point of failure within Kelp DAO's own implementation approach. According to LayerZero, Kelp DAO had depended on just one LayerZero DVN as its sole verified pathway, a configuration the company had previously cautioned against.
DeFi protocols review oracle security after Kelp exploit
According to Zach Rynes, who serves as strategic initiatives lead at Chainlink Labs, the Kelp DAO security breach has functioned as a "wake-up call" throughout the DeFi provider ecosystem.
In conversation with Cointelegraph, Rynes explained that DeFi development teams performing security audits are increasingly choosing to replace legacy oracle and bridge infrastructure with Chainlink's technology stack to enhance fundamental security measures. He further noted that several additional DeFi protocols are currently in discussions about potential infrastructure migrations to Chainlink in the aftermath of the exploit.
Marcin Kazmierczak, co-founder of RedStone, which holds the position as the fourth-largest blockchain oracle provider, emphasized to Cointelegraph that oracle providers demonstrating extensive operational histories combined with robust reliability metrics are gaining heightened importance as security breaches persist throughout the industry. Kazmierczak also highlighted that RedStone has maintained a "fully reliable track record" throughout its operations.
Tydro also reached out to Redstone as an emergency response following the Chaos Labs oracle incident, and Redstone delivered support services to assist in restoring oracle feed functionality for the protocol.
Oracle consolidation raises new questions for DeFi
In the aftermath of the Kelp DAO security incident, Kazmierczak indicated that only a limited number of specialized service providers may possess the capacity to satisfy the "demand and reliability requirements" emerging from increasing institutional involvement in decentralized finance.
"A smaller set of trusted oracles is forming in the market," he stated, further explaining that as financial capital becomes increasingly concentrated around providers who have established proven performance records, the probability of oracle-related security exploits might decrease.
Addressing questions regarding the potential risks associated with numerous DeFi protocols becoming dependent on a reduced number of providers, Rynes emphasized that Chainlink's technological infrastructure was specifically engineered to maintain functionality during extreme market conditions.
He referenced several historical periods including the 2020 Covid market crash, the 2022 FTX collapse and significant volatility events occurring in 2025, noting that Chainlink maintained continuous operations throughout all of those market disruptions.
Nik Kunkel, founder of Chronicle, which ranks as the second-largest oracle provider, expressed concerns that excessive dependence on any single infrastructure provider will invariably introduce additional risk factors.
"There are risks anytime a large portion of an ecosystem depends on a single piece of infrastructure," Kunkel explained to Cointelegraph, emphasizing that mitigating those risk factors also necessitates that data infrastructure maintains independent transparency and verifiable characteristics.
Chainlink maintains its position as the dominant oracle provider controlling a 58% market share while securing more than $32 billion in total value, based on data from DefiLlama. Chronicle occupies the second position with $7.6 billion in total value secured, whereas RedStone holds the fourth position with $3.7 billion, accounting for a 6.7% market share.