David Schwartz: KelpDAO Exploit Highlights Bridge Trade-Offs

On April 19, Ripple CTO Emeritus David Schwartz posted on X that he had reviewed multiple DeFi bridging systems for use with RLUSD, focusing specifically on security and risk. He wrote that many bridge designs look sound on paper but that choices made at deployment and during operation can reduce those protections.

Schwartz described his findings in a post: “I evaluated a lot of DeFi bridging systems for use by RLUSD. I was almost exclusively focused on the security and risk aspect.” He added that teams often recommend against using some of the most important security mechanisms because they introduce operational complexity and reduce convenience. “One thing I noticed was that they generally in effect recommended not bothering to use the most important security mechanisms because they have convenience and operational complexity costs,” he wrote.

He raised collateral concerns related to those operational choices. Schwartz warned that backing assets may not be fully available in stress events if operators are unlikely to deploy backup mechanisms. He wrote: “An asset is not fully collateralized if there’s serious doubts whether the supposed backing will actually be used to back the asset, and I think an across the board haircut is not unlikely.” The comment followed scrutiny of the KelpDAO incident and questions about rsETH as DeFi collateral.

On April 20, Schwartz posted a follow-up about the KelpDAO exploit, calling the attack more complex than he expected and pointing to implementation and operational issues. “The attack was way more sophisticated than I expected and aimed at LayerZero infrastructure taking advantage of KelpDAO laziness,” he wrote. That post emphasized gaps in deployment practices rather than a single flaw in interoperability tools.

Bridges are protocols that move tokens or data between blockchains. LayerZero is one of several interoperability frameworks used by projects. Schwartz did not identify a confirmed root cause for the KelpDAO incident; his posts described a pattern in which optional safeguards are sometimes left unused because they add friction during integration or expansion.

Schwartz’s remarks drew attention to how design-level security can differ from protections in live deployments when teams prioritize faster integrations or simpler operations. The KelpDAO episode and related scrutiny of rsETH have prompted questions about how much protection is actually enabled during deployments and how market participants should treat collateral that might not be readily available under stress.