cointelegraph.com
Decentralized finance protocols are reevaluating their blockchain oracle providers’ security after the fallout from the $293 million Kelp DAO exploit last month. Several protocols have announced migrations to Chainlink infrastructure in recent days, citing security concerns around third-party oracle and bridge providers.
On Thursday, Bitcoin DeFi platform Solv Protocol announced it would migrate to Chainlink’s Cross-Chain Interoperability Protocol (CCIP) and replace LayerZero bridges, citing an “extensive security review” concluding that CCIP provided the “strongest security assurances.”
A day earlier, liquidity protocol Tydro also said it was moving to Chainlink after its previous oracle provider, Chaos Labs, suffered an incident that prompted Tydro to pause markets over concerns about inaccurate price feeds.
The migrations come after an April 18 exploit in which attackers drained 116,500 Kelp DAO restaked ETH (rsETH) tokens worth between $290 million and $293 million. Following the exploit, Kelp DAO also migrated its rsETH token to Chainlink, moving away from its previous LayerZero-powered bridge after attributing the incident to weaknesses in its cross-chain setup.
Source: Solv Protocol
LayerZero, however, said on April 20 that the exploit resulted from a single point of failure in Kelp DAO’s implementation, which relied on a single LayerZero DVN as the only verified path despite prior warnings against that configuration.
DeFi protocols review oracle security after Kelp exploit
The Kelp DAO exploit triggered a “wake-up call” for DeFi providers, according to Zach Rynes, strategic initiatives lead at Chainlink Labs.
Rynes told Cointelegraph that DeFi teams conducting security reviews are increasingly deciding to replace older oracle and bridge systems with Chainlink infrastructure to strengthen baseline security protections, and multiple other DeFi protocols are discussing potential migrations to Chainlink following the exploit.
Oracle providers with long operating histories and strong reliability are becoming increasingly important as hacks continue across the sector, Marcin Kazmierczak, co-founder of RedStone, the fourth-largest blockchain oracle provider, told Cointelegraph, adding that RedStone has also kept a “fully reliable track record.”
Redstone was also contacted by Tydro as an emergency measure after the Chaos Labs oracle attack and provided support to help restore oracle feeds for the protocol.
Source: Redstone
Oracle consolidation raises new questions for DeFi
Following the Kelp DAO exploit, only a smaller group of specialized providers may be able to meet the “demand and reliability requirements” created by growing institutional participation in DeFi, Kazmierczak said.
“A smaller set of trusted oracles is forming in the market,” he said, adding that as capital concentrates around providers with proven track records, the risk of oracle-related exploits could decline.
When asked about the risks of multiple DeFi protocols depending on fewer providers, Rynes said Chainlink’s infrastructure was designed to withstand extreme market conditions.
He pointed to periods including the 2020 Covid market crash, the 2022 FTX collapse and major volatility events in 2025, saying Chainlink continued operating throughout those disruptions.
Nik Kunkel, founder of Chronicle, the second-largest oracle provider, said that an overreliance on a single infrastructure provider will always present additional risks.
“There are risks anytime a large portion of an ecosystem depends on a single piece of infrastructure,” Kunkel told Cointelegraph, adding that reducing those risks also requires data infrastructure to remain independently transparent and verifiable.
Top Oracle providers by market share. Source: DefiLlama.com
Chainlink remains the largest oracle provider with a 58% market share and more than $32 billion in value secured, according to DefiLlama. Chronicle ranks second with $7.6 billion in total value secured, while RedStone holds fourth place with $3.7 billion, representing a 6.7% market share.
Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express