Ripple's Chief Technology Officer has issued a critical warning that cross-chain bridges remain dangerously vulnerable to exploits similar to the $292 million KelpDAO breach, potentially triggering a 10% correction in bridge-dependent DeFi assets. His alarming assessment emerged during security evaluations for Ripple's upcoming RLUSD stablecoin, revealing that essential security mechanisms are often treated as optional by development teams to avoid operational complexity. 'They generally in effect recommended not bothering to use the most important security mechanisms because they have convenience and operational complexity costs,' Schwartz stated, highlighting systemic negligence despite the availability of top-tier security tools.

Schwartz says DeFi platforms prioritize cross-chain expansion over security

In his post, Schwartz also highlighted that the rush to scale across chains has created a growth-first, safety-second culture in which the most important safeguards are being ditched. He asserted that most platforms’ selling points emphasize easy integration, with the unspoken expectation that the most robust security tools wouldn’t actually be used.

Additionally, he said the KelpDAO attack reflects a dangerous pattern in which teams opt for convenience over the best-in-class security already available to them— similar to what he observed during his DeFi evaluations.

He stated, “I have a funny feeling part of the problem is going to be something like KelpDAO choosing not to use key LayerZero security features out of convenience.”

More recently, some analysts also sounded the alarm that Wrapped XRP (wXRP) on Solana could be the next domino to fall, since it relies on third-party issuers, and it carries the same counterparty risks that just cost KelpDAO $292 million. XRP Ledger validator, VET on X, wrote, “wXRP is an issued asset; it doesn’t come close to holding native XRP via self-custody from a risk POV.”

However, some cross-chain protocols have already started putting up defenses. Flare, for instance, temporarily suspended FXRP bridging activity, holding off any token redemptions.

How did KelpDAO lose $292 million?

Some $292 million was lost in the KelpDAO exploit, and early findings showed that the North Korea-linked Lazarus Group, and in particular TraderTraitor, was complicit. In a single transaction targeting Kelp’s LayerZero bridge, an attacker stole 116,500 rsETH, or around 18% of the token’s circulating supply.

The exploit was intended to poison the RPC infrastructure by gaining access to sufficient RPC endpoints used by LayerZero Labs’ DVN to vet transactions. However, this breach affected only KelpDAO’s rsETH configuration, with no spillover across any other cross-chain assets or applications.

Blockchain investigator ZachXBT first sounded the alarm on his Telegram channel, and later security companies Cyvers and PeckShield quickly corroborated the theft. Cyvers also showed the hacker topped up their wallet with Tornado Cash just 10 hours before the attack — an old-hat trick to cover their tracks before a heist.

Following the exploit, the tokens were deposited into Aave V3 to borrow ETH and WETH, and blockchain data later revealed subsequent laundering through Tornado Cash. The attacker had taken out roughly 74,000 ETH and WETH in loans, building over $236 million in liabilities across three lending platforms, with one wallet holding approximately $120 million in ETH from Aave.

Schwartz had also commented soon after the KelpDAO exploit. He described the attack as sophisticated and noted that it exploited KelpDAO’s lack of oversight. Ripple’s former CTO, Joel Katz, also blamed KelpDAO’s flimsy security setup for the exploit and contended that, unlike the firm, RLUSD takes a security-first approach to bridging.

The crypto card with no spending limits. Get 3% cashback and instant mobile payments. Claim your Ether.fi card.