Solv Moves $700M+ in Tokenized Bitcoin to Chainlink CCIP After Bridge Security Concerns

Solv Protocol is moving more than $700 million in tokenized Bitcoin assets from LayerZero to Chainlink CCIP, a loud sign that bridge security is no longer optional for serious DeFi.

• More than $700 million in tokenized Bitcoin is shifting to Chainlink CCIP
• SolvBTC and xSolvBTC are the assets being migrated
• LayerZero support will be phased out on Corn, Berachain, Rootstock, and TAC
• The move comes after fresh scrutiny of cross-chain security and recent bridge exploits

For Solv, this is not just a plumbing upgrade. It is a blunt statement that the days of shrugging at cross-chain risk are over, especially when tokenized Bitcoin is on the line. If a protocol is handling hundreds of millions in BTC-linked assets, a sloppy bridge setup is not a minor inconvenience — it is an open invitation to get mugged by the chain crime scene.

Solv said it reviewed its cross-chain systems and recent bridge hacks before deciding to make Chainlink CCIP its official cross-chain infrastructure. In practical terms, that means Solv is choosing a different way to move data and value between blockchains, with a stronger emphasis on security and verification. The protocol will phase out LayerZero support for Corn, Berachain, Rootstock, and TAC as part of the migration.

The assets involved are SolvBTC and xSolvBTC, Solv’s tokenized Bitcoin products. Tokenized Bitcoin means BTC-linked assets issued on other chains so users can put Bitcoin exposure to work in DeFi without moving native BTC around directly. That opens the door to lending, trading, and yield strategies, but it also drags in one of crypto’s most reliable failure points: the bridge.

And bridges have a terrible reputation for good reason. A cross-chain bridge is the system that lets assets or messages move between blockchains. If that system is weak, poorly configured, or built around assumptions that fail under pressure, attackers can exploit it even when the underlying smart contracts look fine on paper. In DeFi, the seam is often where the blood gets in.

The timing of Solv’s move makes a lot of sense once you look at the fallout from the Kelp DAO rsETH exploit. In that incident, an attacker drained 116,500 rsETH from a LayerZero-powered bridge. Some of the stolen funds were later used as collateral on Aave v3 before parts of the haul were frozen. Aave eventually completed liquidation of the attacker’s final rsETH-backed positions on Ethereum and Arbitrum, and the recovered collateral was moved to Recovery Guardian, a multisig wallet controlled by DeFi United.

A multisig wallet is exactly what it sounds like: a wallet that needs multiple approvals before funds can move. That setup is common in crypto because it reduces the risk of one compromised key turning into a total disaster. Of course, when you need a committee to rescue the wreckage, the phrase “decentralized finance” starts sounding a bit like “group project finance.”

The Kelp DAO mess is still not fully settled. A separate legal dispute involves 30,765 ETH, worth about $71 million, frozen by Arbitrum DAO. DeFi United still needs support from Circle, Ethena, Frax, and Ink to restore rsETH backing. That is a reminder that in DeFi, the technical failure is often followed by a governance soap opera, complete with frozen assets, public accusations, and a lot of people explaining why the thing that exploded was definitely not their fault.

The blame over Kelp DAO is still disputed. Kelp DAO said LayerZero approved the single-verifier setup that was blamed for the exploit. LayerZero CEO Bryan Pellegrino pushed back, saying Kelp moved away from a default multi-verifier setup. That’s an important distinction: a multi-verifier setup spreads trust across more than one check, while a single-verifier setup concentrates risk in one place. In a bridge system, that difference can be the gap between “secure enough” and “please don’t show this to the hackers.”

OpenZeppelin also weighed in and said there was no public evidence of a broken smart contract in the Kelp DAO case. That suggests the failure may have been less about obviously bad code and more about bridge operations, integration settings, and the kind of configuration choices that nobody thinks about until the exploit thread is already on fire. That matters because a lot of crypto drama gets lazily blamed on “the smart contract,” when the real problem is often everything wrapped around it.

Solv CTO Will Wang framed the migration in plain language:

“Security is the foundation of everything we build at Solv.”

That sounds like corporate boilerplate until you remember what is at stake. Tokenized Bitcoin is not a meme coin experiment. It is an attempt to move serious BTC-backed value through a web of interoperable chains without letting the infrastructure become a giant honeypot. At this scale, “we’ll patch it later” is not a strategy — it is a confession.

So why does Chainlink CCIP matter here? CCIP stands for Cross-Chain Interoperability Protocol, Chainlink’s system for moving data and assets across blockchains with a security model that many teams view as more conservative than typical bridge design. Solv is effectively betting that stronger cross-chain security is worth the operational tradeoffs. For a protocol moving more than $700 million in tokenized Bitcoin, that is not paranoia. It is basic adult supervision.

That said, CCIP is not magic. No bridge or interoperability layer is invincible just because it has a respected name attached to it. Any system that moves value between chains still has to deal with implementation risk, governance risk, and the possibility of human error. What Solv is doing is choosing the setup it believes offers better defenses against the exact class of failures that keeps wrecking DeFi. That’s not a guarantee, but it is a lot better than acting surprised after the exploit.

LayerZero is also worth keeping in perspective. It remains a major piece of cross-chain infrastructure and is used across DeFi for messaging and asset movement. The criticism here is not that LayerZero is some cartoon villain twirling a mustache in a server room. The criticism is that bridge systems, even when widely used, can become fragile when verifier assumptions, integrations, or deployment choices are wrong. In other words: the weakest link is often not the code everyone is staring at, but the plumbing nobody wanted to babysit.

For Bitcoin-focused DeFi, this is the real headline. Tokenized Bitcoin is becoming more serious, but the security bar is rising just as fast. The value proposition only works if users and protocols can trust the bridge layer not to turn into a theft machine. Otherwise, the entire promise of portable BTC exposure across chains becomes a very expensive exercise in risk tourism.

There is also a broader market signal here. Protocols that handle large amounts of capital are increasingly unwilling to gamble on brittle cross-chain setups, especially after a string of bridge-related failures across DeFi. That does not mean every project will rush to CCIP or that every LayerZero deployment is doomed. It does mean bridge security is now a front-line business decision, not a backend footnote.

Solv’s move is also part reputation management, whether the team says that outright or not. When a protocol holding tokenized Bitcoin changes its cross-chain stack after a high-profile exploit elsewhere, the message to users is obvious: we are not waiting to become the next headline. In crypto, that kind of caution can be the difference between credibility and becoming a cautionary tale with a token ticker.

• Why did Solv leave LayerZero?
  Solv said it reviewed its cross-chain systems and recent bridge hacks, including the Kelp DAO incident, and decided Chainlink CCIP better fits its security needs.
• How much value is being migrated?
  More than $700 million in tokenized Bitcoin assets.
• Which assets are affected?
  SolvBTC and xSolvBTC are the main assets moving to Chainlink CCIP.
• What is tokenized Bitcoin?
  It is BTC-linked value issued on other blockchains so users can use Bitcoin exposure in DeFi apps without directly moving native BTC across every chain.
• Why is bridge security such a big deal?
  Bridges are one of DeFi’s biggest attack surfaces. If the cross-chain verification or integration layer fails, attackers can drain assets even when the smart contracts themselves are not obviously broken.
• Was LayerZero proven to be at fault in the Kelp DAO exploit?
  No. The dispute is unresolved. Kelp DAO and LayerZero disagree on whether the verifier setup was the problem, and OpenZeppelin said there was no public evidence of a broken smart contract.
• Does Chainlink CCIP guarantee safety?
  No. It is being chosen because Solv believes it offers stronger cross-chain security, but any bridge or interoperability layer still needs constant scrutiny.
• What does this mean for Bitcoin DeFi?
  It shows that Bitcoin-linked DeFi is growing up fast, but also that serious capital will increasingly demand serious infrastructure instead of bridge roulette.

Solv’s decision is a reminder that adoption without strong security is just a faster way to lose money. Tokenized Bitcoin can be a powerful piece of the DeFi stack, but only if the cross-chain infrastructure underneath it can hold up under real-world pressure. Otherwise, all the composability in the world just gives hackers more doors to kick in.