David Schwartz, CTO Emeritus at Ripple, made a direct observation this week after the Kelp DAO rsETH bridge was spent on nearly $292 million.
He had seen this coming. Not the actual attack, but the circumstances that led to it.
Schwartz wrote on X. “I focused on security and risk. One thing I noticed was that many systems were very well designed and had strong defense mechanisms to fight exactly what KelpDAO looks like.”
Stores That Bury Defense Equipment
What Schwartz explained it’s a process that he encountered repeatedly during the evaluation process. Bridge operators can put their safety equipment at the highest level, then immediately show that the product was unnecessary and that many customers chose not to use it.
“Instead they recommend not bothering to use the most important security measures because they have difficulties and problems to work with,” he wrote. “Often we put the simplicity and ease of adding more chains thinking that we wouldn’t bother using the security they had.”
“Their marketing was that they have great security but are easy to use and scale, assuming you don’t use security,” he said.
What happened to Kelp DAO
On April 19, Kelp DAO detected suspicious activity related to rsETH and suspended contracts across the mainnet and several Layer 2 networks. About 116,500 rsETH were downloaded via calls related to LayerZero, worth about $292 million at current prices.
Chain analysis from D2 Finance found the cause of the private key loss in transit, creating a trust issue with the OApp nodes that the attacker used to compromise the bridge.
Schwartz offered his thoughts on what may have gone wrong at the protocol level. “I have a funny feeling that part of the problem will be KelpDAO choosing not to use LayerZero’s security requirements because of the complexity,” he wrote.
LayerZero itself provides robust security measures including authentication networks. The researchers who are now evaluating is that if Kelp DAO prepared its installation using a small security installation, especially one failure with LayerZero Labs as the only proof, instead of the difficult but the most secure options available.
Trust CoinPedia:
CoinPedia has been providing accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our team of expert researchers and journalists, following strict Editorial guidelines based on EEAT (Effectiveness, Expertise, Validity, Trustworthiness). Each article is checked against a reputable site to ensure accuracy, visibility, and credibility. Our review process ensures an unbiased review when we develop exchanges, platforms, or tools. We strive to provide timely updates on all aspects of crypto & blockchain, from startups to industry executives.
Investment Disclaimer:
All opinions and information shared represent the author’s opinion on market conditions. Please do your own research before making any financial decisions. Neither the author nor the publisher is responsible for your financial decisions.
Offers and Promotions:
Sponsored content and affiliate links can be viewed on our website. Advertisements are clearly identifiable, and our content is not independent of our advertisers.
