Written by Zoltan Vardai⁠, Staff Writer. Reviewed by Christina Comben⁠, Staff Editor.

Written by Zoltan Vardai⁠, Staff Writer.

Reviewed by Christina Comben⁠, Staff Editor.

Kelp DAO exploit prompts DeFi protocols to rethink oracle providers

Latest NewsPublishedMay 8, 2026

Solv Protocol and other DeFi projects are migrating to Chainlink infrastructure after the $293 million exploit exposed risks in third-party bridge and oracle setups.

Decentralized finance protocols are reevaluating their blockchain oracle providers’ security after the fallout from the $293 million Kelp DAO exploit last month. Several protocols have revealed migrations to Chainlink infrastructure in recent days, citing security concerns around third-party oracle and bridge providers.

On Thursday, Bitcoin DeFi platform Solv Protocol revealed it would migrate to Chainlink’s Cross-Chain Interoperability Protocol (CCIP) and replace LayerZero bridges, citing an “extensive security review” concluding that CCIP provided the “strongest security assurances.” 

A day earlier, liquidity protocol Tydro also stated it was moving to Chainlink after its previous oracle provider, Chaos Labs, suffered an incident that prompted Tydro to pause markets over concerns about inaccurate price feeds.

The migrations come after an April 18 exploit in which attackers drained 116,500 Kelp DAO restaked ETH (rsETH) tokens worth between $290 million and $293 million. Following the exploit, Kelp DAO also migrated its rsETH token to Chainlink, moving away from its previous LayerZero-powered bridge after attributing the incident to weaknesses in its cross-chain setup.

Source: Solv Protocol

LayerZero, nevertheless, stated on April 20 that the exploit resulted from a single point of failure in Kelp DAO’s implementation, which relied on a single LayerZero DVN as the only verified path despite prior warnings against that configuration.

DeFi protocols review oracle security after Kelp exploit

The Kelp DAO exploit triggered a “wake-up call” for DeFi providers, as reported by Zach Rynes, strategic initiatives lead at Chainlink Labs.

Related: Aave liquidates Kelp DAO hacker’s rsETH positions on Ethereum, Arbitrum

Rynes told Cointelegraph that DeFi teams conducting security reviews are increasingly deciding to replace older oracle and bridge systems with Chainlink infrastructure to strengthen baseline security protections, and multiple other DeFi protocols are discussing potential migrations to Chainlink following the exploit.

Oracle providers with long operating histories and strong reliability are becoming increasingly crucial as hacks continue across the sector, Marcin Kazmierczak, co-founder of RedStone, the fourth-largest blockchain oracle provider, told Cointelegraph, adding that RedStone has also kept a “fully reliable track record.”

Redstone was also contacted by Tydro as an emergency measure after the Chaos Labs oracle attack and provided support to help restore oracle feeds for the protocol.

Source: Redstone

Oracle consolidation raises new questions for DeFi

Following the Kelp DAO exploit, only a smaller group of specialized providers may be able to meet the “demand and reliability requirements” created by growing institutional participation in DeFi, Kazmierczak stated.

“A smaller set of trusted oracles is forming in the market,” he stated, adding that as capital concentrates around providers with proven track records, the risk of oracle-related exploits could decline.

When asked about the risks of multiple DeFi protocols depending on fewer providers, Rynes stated Chainlink’s infrastructure was designed to withstand extreme market conditions.

He pointed to periods including the 2020 Covid market crash, the 2022 FTX collapse and major volatility events in 2025, saying Chainlink continued operating throughout those disruptions.

Related: Arbitrum vote to release $71M in frozen Kelp exploit ETH set to pass

Nik Kunkel, founder of Chronicle, the second-largest oracle provider, stated that an overreliance on a single infrastructure provider will always present additional risks.

“There are risks anytime a large portion of an ecosystem depends on a single piece of infrastructure,” Kunkel told Cointelegraph, adding that reducing those risks also requires data infrastructure to remain independently transparent and verifiable.

Top Oracle providers by market share. Source: DefiLlama.com

Chainlink remains the largest oracle provider with a 58% market share and more than $32 billion in value secured, as reported by DefiLlama. Chronicle ranks second with $7.6 billion in total value secured, while RedStone holds fourth place with $3.7 billion, representing a 6.7% market share.

Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

• DeFi
• Hacks
• Cybersecurity
• Chainlink
• Cryptocurrencies
• Blockchain

More on the subject

Coinbase restores trading after AWS outage disrupts markets

21 hours ago

Ezra Reguerra

Mantle tokenholders approve 30K ETH Aave credit facility after rsETH exploit

23 hours ago

Ezra Reguerra

Polygon reduces block time to 1.75 seconds as payments push accelerates

May 7, 2026

Zoltan Vardai

Coinbase restores trading after AWS outage disrupts markets

21 hours ago

Ezra Reguerra

Mantle tokenholders approve 30K ETH Aave credit facility after rsETH exploit

23 hours ago

Ezra Reguerra

Polygon reduces block time to 1.75 seconds as payments push accelerates

May 7, 2026

Zoltan Vardai