Decentralized finance protocols are reevaluating their blockchain oracle providers’ security after the fallout from the $293 million Kelp DAO exploit last month. Several protocols have announced migrations to Chainlink infrastructure in recent days, citing security concerns around third-party oracle and bridge providers.

The April 18 exploit saw attackers drain 116,500 Kelp DAO restaked ETH (rsETH) tokens worth between $290 million and $293 million. The breach was attributed to weaknesses in Kelp DAO’s cross-chain setup, which relied on a single LayerZero DVN as the verified path—a configuration that the LayerZero team had previously warned against. Following the incident, Kelp DAO migrated its rsETH token to Chainlink, moving away from its previous LayerZero-powered bridge.

Ripple effects across the DeFi ecosystem

The exploit has triggered a wave of security reviews across the DeFi sector. On Thursday, Bitcoin DeFi platform Solv Protocol announced it would migrate to Chainlink’s Cross-Chain Interoperability Protocol (CCIP) and replace LayerZero bridges. The decision followed an extensive security review that concluded CCIP provided the strongest security assurances. A day earlier, liquidity protocol Tydro also moved to Chainlink after its previous oracle provider, Chaos Labs, suffered an incident that prompted Tydro to pause markets over concerns about inaccurate price feeds.

Zach Rynes, strategic initiatives lead at Chainlink Labs, described the Kelp DAO exploit as a wake-up call for DeFi providers. He told Cointelegraph that teams conducting security reviews are increasingly deciding to replace older oracle and bridge systems with Chainlink infrastructure to strengthen baseline security protections. According to Rynes, multiple other DeFi protocols are discussing potential migrations to Chainlink following the exploit.

The importance of reliable oracle providers

Oracle providers with long operating histories and strong reliability are becoming increasingly important as hacks continue across the sector. Marcin Kazmierczak, co-founder of RedStone—the fourth-largest blockchain oracle provider—told Cointelegraph that his firm has maintained a fully reliable track record. RedStone was also contacted by Tydro as an emergency measure after the Chaos Labs oracle attack and provided support to help restore oracle feeds for the protocol.

Kazmierczak noted that following the Kelp DAO exploit, only a smaller group of specialized providers may be able to meet the demand and reliability requirements created by growing institutional participation in DeFi. He said a smaller set of trusted oracles is forming in the market, and as capital concentrates around providers with proven track records, the risk of oracle-related exploits could decline.

Consolidation risks and industry debate

However, the trend toward consolidation has raised new questions. When asked about the risks of multiple DeFi protocols depending on fewer providers, Rynes argued that Chainlink’s infrastructure was designed to withstand extreme market conditions. He pointed to periods including the 2020 Covid market crash, the 2022 FTX collapse, and major volatility events in 2025, saying Chainlink continued operating throughout those disruptions.

Nik Kunkel, founder of Chronicle—the second-largest oracle provider—offered a contrasting view. He cautioned that an overreliance on a single infrastructure provider will always present additional risks. Kunkel told Cointelegraph that reducing those risks also requires data infrastructure to remain independently transparent and verifiable. His comments highlight the ongoing tension between security consolidation and the need for a diversified, resilient oracle ecosystem.

Market share and current landscape

According to DefiLlama, Chainlink remains the largest oracle provider with a 58% market share and more than $32 billion in value secured. Chronicle ranks second with $7.6 billion in total value secured, while RedStone holds fourth place with $3.7 billion, representing a 6.7% market share. The Kelp DAO exploit has accelerated the migration of value toward Chainlink, but it has also sparked a broader conversation about whether the industry is becoming overly dependent on a single infrastructure layer.

The debate is particularly relevant given the growing involvement of institutional investors in DeFi. These participants typically demand high levels of security and reliability, which may push them toward established providers like Chainlink. Yet, as Kunkel noted, concentration also creates a single point of failure at a systemic level. If Chainlink were to experience a significant outage or compromise, the impact on the broader DeFi ecosystem could be catastrophic.

In response to these concerns, some protocols are exploring hybrid approaches that combine multiple oracle providers or use decentralized data aggregation mechanisms. However, such solutions often increase complexity and cost, making them less attractive for smaller projects. The industry appears to be at a crossroads, balancing the immediate security benefits of migrating to proven infrastructure against the long-term risks of overcentralization.

Meanwhile, the Kelp DAO incident continues to unfold. Aave has liquidated the hacker's rsETH positions on Ethereum and Arbitrum, recovering some funds. An Arbitrum vote to release $71 million in frozen Kelp exploit ETH is set to pass, allowing further recovery efforts. White hat hackers have also returned $190,000 to Renegade within hours of hacking that protocol, demonstrating the mixed outcomes of security breaches in the DeFi space.

As the industry digests these events, one thing is clear: the oracle security landscape will remain a focal point for DeFi protocols seeking to protect user funds and maintain trust. The migration trends initiated by the Kelp DAO exploit are likely to continue, shaping the infrastructure choices of decentralized finance for years to come.

Source: Cointelegraph News