According to BroadChain, at 15:00 on April 22, NewsBTC reported that David Schwartz, former CTO of Ripple, recently shared his views on the security issues of DeFi cross-chain bridges, assuring XRP Ledger (XRPL) users that the network would not suffer attacks similar to the Kelp DAO vulnerability. He pointed out that the vulnerability of cross-chain bridge systems primarily depends on their design implementation and the degree of reliance on third-party bridge infrastructure.
In a post on the X platform on April 20, Schwartz explained that users in the XRPL ecosystem are in a different situation compared to those exposed to the risks of the Kelp DAO cross-chain bridge. Previously, Kelp DAO suffered a major security attack due to vulnerabilities in its bridging infrastructure, resulting in the theft of approximately $292 million worth of rsETH tokens, which were immediately used as collateral for debt on the lending protocol Aave.
He stated that past reviews of DeFi cross-chain bridge systems, including those evaluated for Ripple's stablecoin RLUSD, have heavily focused on security design. Many systems already have mechanisms in place to prevent fraudulent cross-chain message manipulation, as seen in the Kelp DAO attack, but the actual effectiveness of these protections depends on whether projects fully enable these security measures.
Schwartz highlighted a common issue in DeFi infrastructure: security features often exist but are frequently optional. While most bridge providers promote their systems as "super secure," they often emphasize ease of use and cross-chain deployment speed, leading to some robust security settings being made optional or disabled. Developers tend to choose simpler configurations rather than enabling the full suite of security options.
This trade-off between convenience and operational complexity costs leads some teams to avoid more robust setup solutions, creating security gaps that expose systems to preventable attacks. For XRPL users, the blockchain's reliance on bridge security systems is significantly reduced, structurally limiting exposure to risks similar to the Kelp DAO incident.
Schwartz emphasized that XRPL operates fundamentally differently from DeFi ecosystems that rely on external bridges. In systems like Kelp DAO's rsETH, assets flow across chains through third-party bridge protocols, introducing additional failure points if verification rules are not strictly enforced. In contrast, XRPL's design includes built-in transaction finality, and its core functions do not rely on similar external cross-chain message infrastructure, significantly reducing the risk of security vulnerabilities such as bridge validator deception or forged cross-chain instructions.