David Schwartz, former CTO of Ripple, has weighed in on growing concerns around DeFi bridge security — and offered reassurance to XRP Ledger (XRPL) users that their network is not inherently vulnerable to the same kind of attack that hit Kelp DAO.
Why this matters
The Kelp DAO breach — in which roughly $292 million in rsETH was stolen and immediately used as collateral on Aave — renewed focus on how cross-chain bridges can be exploited when verification and messaging rules aren’t strictly enforced. In an X post on April 20, Schwartz argued that whether a system is vulnerable depends less on the idea of “bridges” themselves and more on how those bridges are designed, implemented, and configured.
Security often exists on paper — but not in practice
Schwartz, who reviewed DeFi bridging options during work on Ripple’s RLUSD stablecoin, said many bridge designs already include mechanisms capable of preventing the type of fraudulent cross-chain message manipulation seen in the Kelp incident. The problem, he noted, is that those protections are frequently optional or left disabled. Bridge providers tend to market themselves as “super safe” while prioritizing ease of use and fast deployment, which encourages developers to pick simpler — and sometimes less secure — configurations. Schwartz views this trade-off between convenience and operational complexity as a systemic weakness that leaves otherwise well-designed systems exposed.
Why XRPL users are less exposed
According to Schwartz, XRPL’s architecture reduces dependence on third-party bridge infrastructure. The ledger’s built-in transaction finality and lack of reliance on external cross-chain messaging for core functions means it’s structurally less exposed to attacks that rely on tricking bridge validators or falsifying cross-chain instructions. In short: XRPL’s design limits the attack surface that afflicted systems like Kelp DAO’s rsETH setup.
Bottom line
Bridges can be safe — but only if their security features are fully implemented and maintained. Schwartz’s point: the problem is often human and operational (choices about configuration and convenience), not just technical. For XRPL users, the ledger’s architecture provides a degree of inherent protection from the class of bridge-driven exploits that recently hit Kelp DAO.
Read more AI-generated news on: undefined/news
