Lombard Finance is migrating more than $1 billion in Bitcoin-backed assets to Chainlink’s Cross-Chain Interoperability Protocol (CCIP), deprecating LayerZero infrastructure after a security review prompted by a recent high-profile exploit.
"Lombard’s internal reviews showed that Chainlink CCIP provides the highest level of cross-chain security in the industry," Jacob Phillips, co-founder of Lombard, said. He added that migrating the protocol's bitcoin-backed tokens, LBTC and BTC.b, to CCIP gives users stronger assurances as Lombard expands.
The move is part of a wider trend that has seen protocols managing roughly $4 billion in assets shift toward Chainlink’s bridge infrastructure. The migration follows the $292 million drain from Kelp DAO’s LayerZero-powered bridge in April, an event that has forced DeFi protocols to reassess the risks associated with cross-chain messaging systems. Other projects making similar moves include Kelp DAO itself, Solv Protocol, Re, and crypto exchange Kraken.
For protocols issuing liquid-staked assets or tokenized products across multiple blockchains, bridge security has evolved from a technical choice into a primary balance sheet concern. The series of migrations suggests the market is beginning to reprice bridge risk and favor infrastructure with more robust, verifiable security models.
A Broader Flight to Safety
Lombard’s decision, announced May 15, will see CCIP replace LayerZero as the exclusive cross-chain infrastructure for its assets on Solana, Etherlink, Berachain, Corn, and TAC. The protocol will also fully discontinue its use of LayerZero on the Ethereum layer-2 network Morph and the staking protocol Swell.
The firm framed the decision as a direct response to heightened security risks. "This decision prioritizes the safety and security of all Lombard users and reflects our commitment to maintaining the security record we've built since day one, zero security incidents and 100% uptime," the firm stated. The Kelp DAO exploit, attributed to North Korean hackers who "poisoned" internal RPCs, created a clear inflection point for protocols built on LayerZero's infrastructure.
Why Chainlink CCIP?
In its reasoning, Lombard cited CCIP’s defense-in-depth architecture, which includes decentralized oracle networks, independent security-reviewed node operators, native rate limits, and a fully audited codebase.
As part of the migration, Lombard is also adopting Chainlink’s Cross-Chain Token (CCT) standard. This enables a native burn-and-mint bridging model, allowing for a single canonical version of a token across multiple chains rather than relying on locked collateral and wrapped representations. The protocol also plans to add its own security layer, a "Security Consortium," to act as an additional validation layer on top of CCIP, giving it fine-grained control over how its assets move between chains.
"We are witnessing a continued flight to safety across the industry," said Johann Eid, chief business officer at Chainlink Labs, framing the migration as a shift toward institutional-grade infrastructure.
This article is for informational purposes only and does not constitute investment advice.
