We are long past the experimental phase of cross-chain interoperability. With hundreds of public and private blockchains in production, and more launching daily, it is clear that inter-chain connectivity is a foundational requirement for the global financial system and its hundreds of trillions in assets to move onchain. It’s how digital assets maximize liquidity and issuers enable global distribution.

However, not all cross-chain infrastructure is built the same.

In practice, cross-chain solutions presented as secure often compromise on fundamental infrastructure security design through insecure or unsafe defaults, centralized node deployments and dependencies, missing risk controls and monitoring, and operationally onerous architectures that require developers and asset issuers to become cross-chain infrastructure experts just to achieve a basic level of security assurance.

With nearly $3 billion stolen in cross-chain bridge hacks, the risks associated with insecure and centralized cross-chain infrastructure present an existential risk to the growth of onchain finance. Simply put, institutional capital will not migrate onchain in any meaningful way unless the underlying infrastructure meets the highest security standards. 

Cross-chain exploits are not inevitable, rather they are the direct result of poor design choices and development shortcuts, often meant to save costs. These risks can be avoided by moving away from “decentralized in name only” solutions toward truly decentralized and secure networks with defense-in-depth architecture built into their foundation.

In this post, we explore how the Chainlink Cross-Chain Interoperability Protocol (CCIP) delivers the strongest cross-chain security guarantees in the blockchain industry and why a security-first foundation is critical to bringing institutional capital onchain at scale.

Chainlink’s Security-First Foundation, Proven Over 7+ Years

“You’re not building the systems for the 363 days when everything is smooth. You’re building the system for the 2 days when everything goes crazy.”—Sergey Nazarov

Managing global liquidity requires infrastructure free of single points of failure. The traditional financial system processes quadrillions in value every year, so a security-first approach is non-negotiable. The Chainlink platform and CCIP are precisely designed for this exact scale and complexity. To bring global finance onchain, the infrastructure must meet and exceed the standards of existing systems.

From its inception, Chainlink has focused on building highly secure, reliable, and decentralized infrastructure, as it is the absolute prerequisite for bringing the world’s assets onchain. Chainlink first invented the “Decentralized Oracle Network” or DON in 2017, which took the principles of decentralization and cryptographic verification achieved with blockchains and applied it to a broader range of data and interoperability capabilities, unlocking more advanced smart contract applications. Since launching on mainnet in 2019, Chainlink DON infrastructure has securely enabled over $29 trillion in transaction value across 80+ public and private blockchains and powered the rise of the DeFi economy.

Over 600+ engineers, researchers, security experts, data scientists, and DevOps professionals support the research and development behind 2,000+ in-production Chainlink DONs. Through this rigorous and principled approach to infrastructure security and decentralization, Chainlink has become the industry standard for how offchain systems connect onchain.

This same design philosophy that has enabled Chainlink DONs to secure 70%+ of global DeFi markets through reliable market data has also been applied to cross-chain interoperability through CCIP. A secure-by-default, defense-in-depth design is fundamental to the Chainlink platform, and CCIP is no different, making it unmatched in the cross-chain interoperability space.

Chainlink CCIP: Defense-In-Depth, Secure-by-Default

Robust cross-chain security and decentralization should be a fundamental property built into the interoperability protocol itself. That is why CCIP is secure-by-default, providing strong security guarantees out-of-the-box rather than expecting all application developers and asset issuers to be experienced cross-chain infrastructure security experts. 

Cross-chain risk is addressed at the protocol-level, with CCIP providing safe defaults that ensure a robust foundation for safety and resilience, while also enabling developers to layer in additional optional layers of security controls such as issuer attestations, rate limits and circuit breakers, permissioning and compliance tooling, and other enhancements.

Decentralized Observation and Validation

CCIP’s secure-by-default model is implemented through Chainlink’s defense-in-depth DON architecture. Rather than relying on a single verifier, machine, or infrastructure provider, the Chainlink DONs securing CCIP are composed of 16 independent, professional node operators, who validate cross-chain transactions through decentralized consensus. These nodes are operated by a geographically distributed collection of Sybil-resistant, security-reviewed, independent operators with significant experience running mission-critical infrastructure across telecommunications, cloud, and Web3. 

Node operators implement infrastructure diversity, including on-premise bare-metal and multi-region cloud deployments, as well as operating robust RPC infrastructure with multiple layers of redundancies and verification checks. During the October 20, 2025 AWS outage that impacted major web services and other cross-chain providers, CCIP experienced no downtime and remained fully operational thanks to this infrastructure diversity. Node operators in the Chainlink ecosystem include global enterprises, leading Web3 DevOps teams, and experienced Chainlink ecosystem projects. 

A cross-chain system is only as secure as the inputs it observes before verification begins. Observation determines what happened on the source chain, while verification determines whether those observed events are sufficient to authorize an action on the destination chain. If observation is weak or centralized, invalid state can enter the system. Garbage in, garbage out. 

A bridge can appear decentralized at the verifier layer while still relying on an opaque, correlated, or shortcut-heavy observation layer underneath it. Adding more verifiers on top of a single point of failure does not produce meaningful security. Presenting this vulnerable architecture as a distributed network creates the false impression of a secure system, otherwise known as “decentralization theater.”

CCIP is designed so that both the observation and validation layers of the protocol are decentralized across multiple independent operators and infrastructure. Chainlink DONs observe source-chain state, reach offchain consensus on committed messages, and then execute only after proof verification on the destination chain. This architecture is designed to mitigate reliance on any single observer, endpoint, or infrastructure provider.

Built-In Risk Controls

Robust financial infrastructure must contain risk, especially when conditions are abnormal, such as extreme market volatility or geopolitical instability. Robust monitoring oversight and multi-layered safeguards reduce the impact of incidents and provide additional time for response, mirroring how resilient systems are structured in traditional financial markets. Cross-chain infrastructure without these protections are flying blind, magnifying the contagion associated with any incident. 

Chainlink CCIP’s architecture goes beyond decentralized validation by incorporating robust risk monitoring and control features, including (but not limited to) configurable rate limits that can act as circuit breakers during abnormal conditions. Asset issuers can also directly participate in the verification process through Token Developer Attestations, providing attestation proofs that are verified onchain before any cross-chain transactions are processed for their cross-chain tokens. Furthermore, developers and asset issuers can incorporate additional optional compliance and permissioning logic through Chainlink’s Automated Compliance Engine (ACE), enabling pre-transaction checks and policy enforcement, which are fundamental requirements for regulated digital assets.

Together, decentralized validation and protocol-level risk controls provide a strong and resilient foundation for secure interoperability.

Eliminating Vendor Lock-In

Security also includes giving issuers complete flexibility and control over their assets and contracts. CCIP underpins the Cross-Chain Token (CCT) standard, enabling any new or existing token to become securely cross-chain-enabled. CCTs unlock self-serve deployments, full control and ownership for developers, enhanced programmability, and zero-slippage transfers—all backed by CCIP’s industry-standard defense-in-depth security. 

CCTs are token logic agnostic, meaning asset issuers and developers can deploy pre-audited token pool contracts to turn any ERC20-compatible token into a CCT or deploy their own custom token pool contracts for bespoke token use cases. 

Importantly, CCTs do not require token developers to inherit any CCIP-specific code within their token’s smart contract. The CCT standard eliminates vendor lock-in by granting token issuers autonomy and ownership over their token contracts without inheriting or relying on any specific CCIP libraries or functions. That gives teams more control over how they evolve their cross-chain design over time without the risk of code suddenly changing under the hood.

Chainlink: Proven At Scale Across DeFi and Capital Markets

This security-first approach and the major investment in decentralization are why Chainlink is the market-leading oracle platform, spanning data, interoperability, compliance, privacy, and orchestration. 

Notably, Chainlink is the only data and interoperability oracle platform meeting key institutional security standards (SOC 2 Type 2, SOC 2 Type 1, ISO/IEC 27001:2022 certification), validated by a Big four accounting firm Deloitte & Touche LLP. For the world’s largest institutions and enterprises, these independent examinations and attestations validate that Chainlink repeatedly upholds the highest security and operational controls.

CCIP is already being adopted within institutional environments where security, compliance, and reliability are fundamental requirements:

• Swift partnered with Chainlink to enable financial institutions to connect to any existing public/private blockchain using Chainlink and their existing Swift infrastructure and messaging standards (ISO 20022).
• Chainlink and 24 of the world’s largest financial institutions and market infrastructures, including Swift, DTCC, Euroclear, UBS, and Wellington Management, used CCIP to distribute validated corporate actions data across DTCC’s blockchain ecosystem and additional public and private blockchains.
• Chainlink powered cross-border DvP settlement between the Central Bank of Brazil and Hong Kong Monetary Authority (HKMA). In the solution, ANZ, China AMC, and Fidelity International leveraged Chainlink CCIP and ACE to meet both institutional cross-chain interoperability and compliance requirements.
• ANZ Bank and Fidelity International leveraged CCIP under phase 2 of the HKMA’s e-HKD program to power secure messaging and value transfer of e-HKD across jurisdictions and chains.
• As part of the Monetary Authority of Singapore’s (MAS) Project Guardian, SBI Digital Markets, UBS Asset Management, and Chainlink successfully demonstrated how Chainlink and a Digital Transfer Agent (DTA) smart contract enable the creation of tokenized funds with automated fund management operations. CCIP is used to process fund lifecycle activities.
• In MAS’ Project Guardian, ANZ, ADDX, and Chainlink partnered on a use case supporting the entire lifecycle of tokenized commercial paper. The use case leverages ADDX’s investment platform, ANZ’s Digital Asset Services, and CCIP Private Transactions.
• Apex Group and Chainlink created an institutional-grade stablecoin infrastructure solution supporting the Bermuda Monetary Authority’s embedded supervision initiative, powered by CCIP and other Chainlink services.
• ANZ demonstrated an advanced Delivery vs Payment use case leveraging Chainlink CCIP.
• SBI Digital Markets is adopting Chainlink as its exclusive infrastructure solution to power its end-to-end digital assets platform.

CCIP is also widely adopted by the largest DeFi and tokenized asset protocols:

• Aave uses CCIP to enable cross-chain GHO transfers and cross-chain governance.
• Lido adopted CCIP as the official cross-chain infrastructure for Wrapped Staked Ether (wstETH) and also uses CCIP to enable staking from layer-2 networks.
• Coinbase selected CCIP as the exclusive cross-chain infrastructure for all Coinbase Wrapped Assets, including cbETH, cbBTC, cbDOGE, cbLTC, cbADA, and cbXRP.
• Base integrated CCIP to secure the Base-Solana Bridge alongside Coinbase, unlocking native Solana asset support on Base and unified liquidity between both ecosystems.
• Ondo selected Chainlink as the official oracle infrastructure powering data for its regulated tokenized stocks platform and establishing CCIP as the preferred interoperability solution for financial institutions collaborating with Ondo.
• xStocks adopted CCIP to power xBridge, the cross-chain bridge that enables tokenized equities to be transferred between Solana, Ethereum, and more.
• Maple Finance upgraded syrupUSDC to the CCT standard, making it natively transferable across chains via CCIP.

Powering The Future of Interoperability With Chainlink-Grade Security

The industry has reached an inflection point where tokenized assets and traditional financial assets are moving onchain. The infrastructure supporting this transition must be secure to support global-scale adoption.

Chainlink has spent more than 7 years building secure and reliable oracle infrastructure for the blockchain economy. CCIP extends that same security-first philosophy to interoperability, enabling value and data to move across chains with the security guarantees required for realizing onchain finance at global scale.

If you want to learn more about CCIP’s underlying architecture and start building highly secure and reliable cross-chain apps, check out the CCIP developer documentation.