David Schwartz, CTO Emeritus at Ripple, made a pointed observation this week after the Kelp DAO rsETH bridge was mined for approximately $292 million.
He saw this coming. Not this specific attack, but the conditions that made it possible.
“I have evaluated numerous DeFi bridging systems intended for use by RLUSD,” Schwartz wrote on
The Sales Pitch That Buried Security Features
What Schwartz described is a trend he encountered repeatedly during his evaluation process. Bridge vendors would promote their most advanced security features, then almost immediately suggest that these features were optional and that most customers chose not to use them.
“They generally recommended not bothering to use the most important security mechanisms because they incur convenience costs and operational complexity,” he writes. “We were often presented with the simplicity and ease of adding more channels with the implicit assumption that we wouldn’t bother using the best security features they had.”
“Their selling point was that they had the best security features, but were easy to use and easy to scale, provided you didn’t use the security features,” he said.
What really happened to Kelp DAO
On April 19, Kelp DAO identified suspicious cross-chain activity involving rsETH and suspended contracts on mainnet and several Layer 2 networks. Approximately 116,500 rsETH was drained through LayerZero-related contract calls, worth approximately $292 million at current prices.
D2 Finance’s on-chain analysis traced the root cause to a private key leak on the source chain, creating a trust issue with OApp nodes that the attacker exploited to manipulate the bridge.
Schwartz offered his own hypothesis about what probably went wrong with the protocol. “I have a funny feeling that part of the problem will be that KelpDAO chose not to use key security features of LayerZero out of convenience,” he wrote.
LayerZero itself offers robust security mechanisms, including decentralized verification networks. The question investigators are currently examining is whether Kelp DAO configured its implementation using a minimal security configuration, specifically a single point of failure with LayerZero Labs as the sole verifier, rather than the more complex but significantly more secure options available.