Ripple CTO: Cross-chain bridges may repeat KelpDAO via LayerZero
Ripple CTO David Schwartz says many DeFi cross-chain bridges may be structurally vulnerable and could repeat the KelpDAO hack patterns. After reviewing multiple DeFi infrastructures with a security-first lens, he argues teams often skip key security mechanisms for convenience and operational cost—despite stronger protections being available.
Schwartz linked the warning to the KelpDAO incident, which reportedly drained about $292M. Attackers stole 116,500 rsETH (about 18% of circulating supply) via Kelp’s LayerZero bridge, allegedly targeting LayerZero’s RPC/verification process by gaining access to enough RPC endpoints used by LayerZero DVNs.
He added that investigations tied the breach to North Korea-linked Lazarus Group (TraderTraitor). Post-exploit flows reportedly moved into Aave v3 deposits, then laundering via Tornado Cash. The attacker reportedly built around $236M in liabilities across three lending platforms, including loans totaling roughly 74,000 ETH and WETH.
The latest reporting also connects Schwartz’s concerns to Ripple’s planned RLUSD stablecoin bridging, where he suggests “convenience” may have led to not fully using certain LayerZero security features.
Separately, analysts warn Wrapped XRP (wXRP) on Solana could be next because it depends on third-party issuers and similar counterparty risks; XRP Ledger validator VET on X notes wXRP is an issued asset with a different risk profile than native XRP. Some defenses have started, including Flare temporarily suspending FXRP bridging.
For traders, the takeaway is that DeFi cross-chain risk remains a weak point. Expect continued scrutiny—and potential repricing—of bridge-related exposure, especially collateral and lending flows that can turn a bridge exploit into liquidations and bad debt.
Bearish
The news reinforces that DeFi cross-chain bridges can fail at the verification/security-design layer, turning a single exploit into large downstream losses (borrow activity, liquidations, and frozen markets). While no direct statement says XRP or SOL will be devalued, the repeated KelpDAO parallels—and the added focus on RLUSD bridging choices—raise perceived tail risk for bridge-linked assets and lending collateral.
Short-term, traders may reduce risk exposure to bridge-dependent tokens and watch for volatility spikes around any collateral or lending positions tied to cross-chain routes. If flows like Aave collateral usage accelerate after incidents, it can pressure related market liquidity.
Long-term, the probability of continued bridge-specific security scrutiny and “repricing” is higher. Even defensive suspensions (e.g., FXRP bridging pause) can fragment liquidity and keep sentiment cautious. Net effect is more likely bearish for bridge-related exposure rather than a broad bullish catalyst.