Ripple's former CTO David Schwartz issued a stark warning today, revealing that his security review for the upcoming RLUSD stablecoin uncovered a systemic vulnerability now linked to the KelpDAO incident. Schwartz stated that while robust security controls exist across DeFi bridge designs, development teams are consistently pressured to adopt weaker, 'lighter' configurations that prioritize operational ease and scalability over user protection—a trade-off creating what he calls a 'recurring problem' at the heart of the ecosystem.

Ex-Ripple CTO Warns Bridge Failures Could Repeat

“One thing I noticed is that most schemes were very well designed and had really strong mechanisms available to protect against exactly the type of attack the the KelpDAO/rsETH situation seems to have been caused by,” Schwartz wrote. “However, one thing I noticed was that they generally in effect recommended not bothering to use the most important security mechanisms because they have convenience and operational complexity costs.”

The former Ripple-CTO is not saying bridge teams lack security features on paper. He is saying some business models are built around making those features optional, even when the assets secured can eventually grow large enough to make the tradeoff untenable.

“Their sales pitch was that they have the best security features but they’re easy to use and scale assuming you don’t use the security features,” he wrote. “I have a funny feeling part of the problem is going to be something like KelpDAO choosing not to use key LayerZero security features out of convenience. I hope I’m wrong.”

The broader concern, in Schwartz’s framing, is incentive design. If applications are allowed to choose their own trust assumptions, competition can drift toward lower-friction setups rather than higher-assurance ones. That point was raised explicitly by XRP community figure Vet, who argued that letting applications define their own security inevitably “races to the bottom.”

Schwartz partly pushed back, saying simpler setups can make sense when value is still small, or where assets are already backed by a trusted issuer and can be frozen. But he also suggested that in open crypto markets, temporary shortcuts have a way of becoming permanent.

“That gets insanely complicated. I’d say probably not,” the former Ripple CTO wrote when asked whether projects could face liability for losses. “But the whole DeFi bridging industry is infected with people using moderate security because ‘we just need to get it working, we’ll improve it later’ that grows to protecting huge amounts of money and the later improvements never come.”

He was similarly blunt on the industry’s habit of relearning the same lesson after each blowup. “We could wait until we have a perfect solution, but that’s not the choice everyone has made,” Schwartz said. “So every once in a while, we’re going to have a big failure and then everyone will be careful for a month or two and the cycle will repeat.”

Overall, Schwartz frames the issue as structural: DeFi keeps trying to scale cross-chain liquidity before it has solved how to govern bridge risk at the level other people’s money demands. Even Schwartz, while defending some narrower uses of simpler bridge setups, conceded that decentralized governance remains ill-suited to hard security decisions around custodial risk.

The backdrop is the April 18 rsETH incident involving KelpDAO. An attacker exploited KelpDAO’s LayerZero-powered rsETH bridge and drained 116,500 rsETH, valued at roughly $290 million. Aave’s Guardian then froze rsETH and wrsETH markets across the deployments where the asset was listed, stressing that Aave itself had not been hacked and that the issue was scoped to the asset rather than the lending protocol.

Aave later said all pools remained operational, but the freeze halted new deposits and new borrows against rsETH collateral while the situation was assessed. The episode quickly turned into a broader DeFi risk event because rsETH had been integrated into lending markets, raising fresh questions about collateral standards, bridge configuration choices and whether convenience-first interoperability is still being underpriced across the stack.

At press time, XRP traded at $1.40.