David Schwartz, Ripple’s CTO Emeritus, said the Kelp DAO exploit reflects a wider problem in cross-chain infrastructure. He said many bridge systems offer strong protections, yet teams are often encouraged to use simpler setups that reduce operational costs. His comments came after Kelp DAO’s rsETH bridge was exploited on April 18, with about 116,500 rsETH drained in one of the largest DeFi losses of 2026 so far. The remarks placed fresh attention on how bridge operators balance speed, cost, and security when deploying products tied to large pools of value.
Ripple CTO Links RLUSD Review to Bridge Security Choices
David Schwartz said he evaluated multiple DeFi bridging systems while reviewing options for RLUSD, with most of his focus placed on risk and security. He wrote that many of the systems appeared well designed and included mechanisms that could address the type of failure seen in the Kelp DAO case.
He added that the problem was not always the absence of security tools. Instead, providers often promoted ease of deployment and rapid chain expansion in ways that assumed projects would avoid the strongest protections. In the latest XRP news tied to Ripple’s stablecoin planning, Schwartz framed that trade-off as a recurring weakness across bridge deployments.
Kelp DAO Exploit Renewed Focus on LayerZero Setup
Kelp DAO’s rsETH bridge was exploited on April 18, with a loss of roughly $290 million to $292 million. Public reporting and incident analysis said the attacker drained 116,500 rsETH through LayerZero-related bridge activity, with the exploit becoming the biggest DeFi breach of 2026 to date.
Technical reviews published after the attack pointed to a weak verification setup as a central issue. One widely cited analysis said the bridge configuration relied on a one-of-one verifier model, creating a single point of failure that allowed a forged message to release assets from escrow. That structure has become central to the discussion around whether the breach stemmed from optional security settings not being fully used.
Following the Kelp DAO exploit, Aave’s total value locked fell sharply as attackers reportedly used stolen rsETH as collateral to borrow wETH on Aave v3. Aave then froze several rsETH and wETH markets after the incident left the protocol exposed to an estimated $195 million in bad debt.
Ripple Executive Points to Convenience Over Safety
Schwartz said he had a “funny feeling” that part of the problem could involve Kelp DAO not using key LayerZero security features for the sake of convenience. His remarks aligned with broader concerns that some bridge teams adopt lighter configurations during early growth stages and delay stronger controls until later.
That view adds another layer to current XRP news coverage because RLUSD is still being evaluated with infrastructure risk in mind. Schwartz’s comments suggest Ripple’s internal review gave heavy weight to how bridging systems are configured in practice, not only how they look on paper.
Therefore, the exploit has triggered a wider debate over who should bear responsibility for safe bridge design. Some developers argue that applications need flexibility to choose their own verification model, while critics say that freedom can create pressure to adopt weaker defaults that are easier to launch and maintain.
