David Schwartz, Ripple’s chief technology officer, issued a new warning to the decentralized finance (DeFi) sector, warning that widely used cross-chain bridges may be vulnerable to the same structural weaknesses that enabled the recent KelpDAO exploit, one of the biggest cryptocurrency hacks of 2026. At X, he said he has reviewed several DeFi infrastructures, focusing solely on security and risk.
His comments come days after attackers drained roughly $292 million in assets from KelpDAO’s rsETH bridge, a hack that has reignited concerns about the security of cross-chain infrastructure.
Based on his research, he determined that most DeFi systems include top-notch security tools, but the very mechanisms designed to prevent KelpDAO-style attacks are treated as optional. He says this is largely because teams don’t want to bear the costs of additional operational complexity.
“They generally recommended against using the most important security mechanisms because they involved convenience costs and operational complexity,” he wrote.
Schwartz said his concerns arose during bridge systems’ evaluations of Ripple’s plans RLUSD stablecoin. While many protocols appear robust by design, he said real-world deployments are often inadequate because teams prioritize convenience and rapid scaling over strict security practices.
DeFi platforms prioritize cross-chain scaling at the expense of security, Schwartz says
In his position, Schwartz also Highlight The rush to expand across chains has created a culture of growth first and safety second, where the most important safeguards are thrown away. He stressed that most of the points of sale on the platforms confirm this Easy integrationwith the unspoken expectation that the most powerful security tools will never actually be used.
Additionally, he said the KelpDAO attack reflects a dangerous pattern in which teams choose comfort over the best security already available to them — similar to what he observed during his DeFi evaluations.
“I have a funny feeling that part of the problem will be something like KelpDAO choosing not to use LayerZero’s key security features out of convenience,” he said.
Recently, some analysts have also sounded the alarm that Wrapped XRP (wXRP) on Solana could be the next domino to fall, since it relies on third-party issuers, and carries the same counterparty risk that cost KelpDAO $292 million. XRP Ledger auditor, VET on
However, some cross-chain protocols have already started putting up defenses. For example, Flare temporarily suspended FXRP bridging activity, halting any token redemptions.
How did KelpDAO lose $292 million?
About $292 million was lost in the KelpDAO exploit and early results Show Which is linked to North Korea Lazarus Groupand in particular TraderTraitor, was complicit. In one transaction targeting Kelp’s LayerZero bridge, an attacker stole 116,500 rsETH, or about 18% of the token’s circulating supply.
The goal of this exploit was to poison the RPC infrastructure by gaining access to sufficient RPC endpoints used by LayerZero Labs’ DVN to inspect transactions. However, this hack only affected KelpDAO’s rsETH configuration, without any spillover across any other on-chain assets or applications.
Blockchain investigator ZachXBT first raised the alarm on his Telegram channel, and security firms Cyvers and PeckShield quickly confirmed the theft. Cyvers also showed that the hacker filled his wallet with Tornado Cash just 10 hours before the attack – an old trick to cover his tracks before the heist.
After the exploit, tokens were deposited into Aave V3 to borrow ETH and WETH, and blockchain data later revealed subsequent laundering through Tornado Cash. The attacker took approximately 74,000 ETH and WETH in loans, accumulating liabilities of over $236 million across three lending platforms, with one wallet containing approximately $120 million worth of ETH from Aave.
Schwartz was also suspended shortly after the KelpDAO exploit. He described the attack as sophisticated and noted that it took advantage of KelpDAO’s lack of oversight. Ripple’s former CTO Joel Katz, too Blame KelpDAO’s Vulnerable Security Setup for Exploitation He emphasized that, unlike the company, RLUSD takes a security-first approach to bridging.
