Ripple’s Chief Technology Officer, David Schwartz, has issued a fresh warning to the decentralized finance (DeFi) sector, cautioning that widely used cross-chain bridges may be vulnerable to the same structural weaknesses that enabled the recent KelpDAO exploit, one of the largest crypto hacks of 2026. On X, he said he had reviewed several DeFi infrastructures, focusing solely on security and risk.
His remarks come days after attackers drained roughly $292 million worth of assets from KelpDAO’s rsETH bridge, a breach that has reignited concerns about the security of cross-chain infrastructure.
Based on his research, he determined that most DeFi systems include top-tier security tools, but the very mechanisms designed to prevent KelpDAO-style attacks are treated as optional. This, he says, is largely because teams don’t want to bear additional operational complexity costs.
He wrote, “They generally in effect recommended not bothering to use the most important security mechanisms because they have convenience and operational complexity costs.”
Schwartz said his concerns emerged during evaluations of bridge systems for Ripple’s planned RLUSD stablecoin. While many protocols appear robust in design, he argued that real-world deployments often fall short because teams prioritize convenience and rapid expansion over strict security practices.
Schwartz says DeFi platforms prioritize cross-chain expansion over security
In his post, Schwartz also highlighted that the rush to scale across chains has created a growth-first, safety-second culture in which the most important safeguards are being ditched. He asserted that most platforms’ selling points emphasize easy integration, with the unspoken expectation that the most robust security tools wouldn’t actually be used.
Additionally, he said the KelpDAO attack reflects a dangerous pattern in which teams opt for convenience over the best-in-class security already available to them— similar to what he observed during his DeFi evaluations.
He stated, “I have a funny feeling part of the problem is going to be something like KelpDAO choosing not to use key LayerZero security features out of convenience.”
More recently, some analysts also sounded the alarm that Wrapped XRP (wXRP) on Solana could be the next domino to fall, since it relies on third-party issuers, and it carries the same counterparty risks that just cost KelpDAO $292 million. XRP Ledger validator, VET on X, wrote, “wXRP is an issued asset; it doesn’t come close to holding native XRP via self-custody from a risk POV.”
However, some cross-chain protocols have already started putting up defenses. Flare, for instance, temporarily suspended FXRP bridging activity, holding off any token redemptions.
How did KelpDAO lose $292 million?
Some $292 million was lost in the KelpDAO exploit, and early findings showed that the North Korea-linked Lazarus Group, and in particular TraderTraitor, was complicit. In a single transaction targeting Kelp’s LayerZero bridge, an attacker stole 116,500 rsETH, or around 18% of the token’s circulating supply.
The exploit was intended to poison the RPC infrastructure by gaining access to sufficient RPC endpoints used by LayerZero Labs’ DVN to vet transactions. However, this breach affected only KelpDAO’s rsETH configuration, with no spillover across any other cross-chain assets or applications.
Blockchain investigator ZachXBT first sounded the alarm on his Telegram channel, and later security companies Cyvers and PeckShield quickly corroborated the theft. Cyvers also showed the hacker topped up their wallet with Tornado Cash just 10 hours before the attack — an old-hat trick to cover their tracks before a heist.
Following the exploit, the tokens were deposited into Aave V3 to borrow ETH and WETH, and blockchain data later revealed subsequent laundering through Tornado Cash. The attacker had taken out roughly 74,000 ETH and WETH in loans, building over $236 million in liabilities across three lending platforms, with one wallet holding approximately $120 million in ETH from Aave.
Schwartz had also commented soon after the KelpDAO exploit. He described the attack as sophisticated and noted that it exploited KelpDAO’s lack of oversight. Ripple’s former CTO, Joel Katz, also blamed KelpDAO’s flimsy security setup for the exploit and contended that, unlike the firm, RLUSD takes a security-first approach to bridging.
