{"id":900387,"date":"2026-04-20T13:16:35","date_gmt":"2026-04-20T18:16:35","guid":{"rendered":"https:\/\/newsycanuse.com\/index.php\/2026\/04\/20\/ripple-cto-says-rlusd-evaluation-exposed-the-same-risk-that-drained-292m-from-kelp-dao\/"},"modified":"2026-04-20T13:16:35","modified_gmt":"2026-04-20T18:16:35","slug":"ripple-cto-says-rlusd-evaluation-exposed-the-same-risk-that-drained-292m-from-kelp-dao","status":"publish","type":"post","link":"https:\/\/newsycanuse.com\/index.php\/2026\/04\/20\/ripple-cto-says-rlusd-evaluation-exposed-the-same-risk-that-drained-292m-from-kelp-dao\/","title":{"rendered":"Ripple CTO Says RLUSD Evaluation Exposed the Same Risk That Drained $292M From Kelp DAO"},"content":{"rendered":"<div role=\"main\" id=\"main-content-row\">\n<article id=\"the-post\" data-post-url=\"https:\/\/coinpedia.org\/news\/ripple-cto-says-rlusd-evaluation-exposed-the-same-risk-that-drained-292m-from-kelp-dao\/\" data-post-title=\"Ripple CTO Says RLUSD Evaluation Exposed the Same Risk That Drained $292M From Kelp DAO\" data-post-edit=\"https:\/\/coinpedia.org\/wp-admin\/post.php?post=558935&#038;action=edit\">\n<div>\n<figure><img width=\"1200\" height=\"628\" src=\"https:\/\/image.coinpedia.org\/wp-content\/uploads\/2026\/03\/12173103\/Millions-Are-Tracking-XRPs-Price-Daily-Ripple-CTO-Says-They-Are-Looking-at-the-Wrong-Thing-1.webp\" alt=\"XRP Japan carry trade impact\" data-main-img=\"1\" decoding=\"async\" fetchpriority=\"high\"  ><\/figure>\n<\/div>\n<div>\n<p>David Schwartz, CTO Emeritus at Ripple, had a pointed observation this week after the Kelp DAO rsETH bridge was exploited for approximately $292 million.<\/p>\n<p>He had seen this coming. Not this specific attack, but the conditions that made it possible.<\/p>\n<p>\u201cI evaluated a lot of DeFi bridging systems for use by RLUSD,\u201d Schwartz wrote on X. \u201cI was almost exclusively focused on the security and risk aspect. One thing I noticed is that most schemes were very well designed and had really strong mechanisms available to protect against exactly the type of attack the KelpDAO situation seems to have been caused by.\u201d<\/p>\n<h2 id=\"h-the-sales-pitch-that-buried-the-security-features\">The Sales Pitch That Buried the Security Features<\/h2>\n<p><a href=\"https:\/\/x.com\/JoelKatz\" rel=\"nofollow\">What Schwartz described<\/a> is a pattern he encountered repeatedly during his evaluation process. Bridge providers would pitch their most advanced security features prominently, then almost immediately suggest that those features were optional and that most customers chose not to use them.<\/p>\n<p>\u201cThey generally in effect recommended not bothering to use the most important security mechanisms because they have convenience and operational complexity costs,\u201d he wrote. \u201cWe were frequently pitched the simplicity and ease of adding more chains with the implicit assumption we wouldn\u2019t bother using the best security features they had.\u201d<\/p>\n<p>\u201cTheir sales pitch was that they have the best security features but they\u2019re easy to use and scale, assuming you don\u2019t use the security features,\u201d he said.<\/p>\n<h2 id=\"h-what-actually-happened-to-kelp-dao\">What Actually Happened to Kelp DAO<\/h2>\n<p>On April 19, Kelp DAO identified suspicious cross-chain activity involving rsETH and paused contracts across mainnet and multiple Layer 2 networks. Approximately 116,500 rsETH was drained through LayerZero-related contract calls, worth around $292 million at current prices.<\/p>\n<p>On-chain analysis from D2 Finance traced the root cause to a private key leak on the source chain, creating a trust issue with OApp nodes that the attacker exploited to manipulate the bridge.<\/p>\n<p>Schwartz offered his own hypothesis about what likely went wrong at the protocol level. \u201cI have a funny feeling part of the problem is going to be something like KelpDAO choosing not to use key LayerZero security features out of convenience,\u201d he wrote.<\/p>\n<p>LayerZero itself offers robust security mechanisms including decentralised verification networks. The question investigators are now examining is whether Kelp DAO configured its implementation using a minimal security setup, specifically a single point of failure with LayerZero Labs as the sole verifier, rather than the more complex but significantly more secure options available.<\/p>\n<\/div>\n<div>\n<h3>Trust with CoinPedia:<\/h3>\n<p>CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto &#038; blockchain, right from startups to industry majors.<\/p>\n<h3>Investment Disclaimer:<\/h3>\n<p>All opinions and insights shared represent the author&#8217;s own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.<\/p>\n<h3>Sponsored and Advertisements:<\/h3>\n<p>Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.<\/p>\n<\/div>\n<div>\n<h2>We&#8217;d Love to Hear Your Thoughts on This Article!<\/h2>\n<div>\n<h4>Was this writing helpful?<\/h4>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/coinpedia.org\/news\/ripple-cto-says-rlusd-evaluation-exposed-the-same-risk-that-drained-292m-from-kelp-dao\/\" class=\"button purchase\" rel=\"nofollow noopener\" target=\"_blank\">Read More<\/a><br \/>\n \ufeffAnjali Belgaumkar<\/p>\n","protected":false},"excerpt":{"rendered":"<p>David Schwartz, CTO Emeritus at Ripple, had a pointed observation this week after the Kelp DAO rsETH bridge was exploited for approximately $292 million. He had seen this coming. Not this specific attack, but the conditions that made it possible. \u201cI evaluated a lot of DeFi bridging systems for use by RLUSD,\u201d Schwartz wrote on<\/p>\n","protected":false},"author":1,"featured_media":900388,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25213,140013],"tags":[],"class_list":["post-900387","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ripple","category-rlusd"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/900387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/comments?post=900387"}],"version-history":[{"count":0,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/posts\/900387\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media\/900388"}],"wp:attachment":[{"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/media?parent=900387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/categories?post=900387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newsycanuse.com\/index.php\/wp-json\/wp\/v2\/tags?post=900387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}