•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
David Schwartz, CTO Emeritus at Ripple, said he had anticipated the broader conditions that made the Kelp DAO rsETH bridge exploit possible, even if he did not foresee the specific attack. The exploit was reported to involve approximately $292 million.
In a post on X, Schwartz said his evaluation of DeFi bridging systems for use by RLUSD focused heavily on security and risk. He wrote that many bridging schemes appeared well designed and included strong protections against the type of attack seen in the Kelp DAO incident.
However, Schwartz said he repeatedly encountered a pattern during vendor evaluations: bridge providers would highlight their most advanced security features, then suggest those protections were optional and that most customers would not use them.
“They generally in effect recommended not bothering to use the most important security mechanisms because they have convenience and operational complexity costs,” Schwartz wrote. He added that providers often pitched simplicity and ease of adding more chains, with an implicit assumption that customers would not use the best security features available.
On April 19, Kelp DAO identified suspicious cross-chain activity involving rsETH and paused contracts across mainnet and multiple Layer 2 networks.
According to the report, approximately 116,500 rsETH was drained through LayerZero-related contract calls, valued at around $292 million at current prices.
On-chain analysis from D2 Finance traced the root cause to a private key leak on the source chain. The leak created a trust issue with OApp nodes, which the attacker then exploited to manipulate the bridge.
Schwartz offered a hypothesis about what may have gone wrong at the protocol configuration level. He wrote that the problem “is going to be something like KelpDAO choosing not to use key LayerZero security features out of convenience.”
He noted that LayerZero offers security mechanisms, including decentralized verification networks. Investigators are now examining whether Kelp DAO configured its implementation using a minimal security setup—potentially relying on a single point of failure with LayerZero Labs as the sole verifier—rather than more complex options that are described as significantly more secure.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
