Ripple CTO Emeritus David Schwartz, said his review of DeFi bridge designs for Ripple’s RLUSD surfaced a recurring problem that may now be at the center of the KelpDAO/rsETH incident: critical security controls exist, but teams are often nudged toward lighter configurations because they are easier to operate and faster to scale. In a series of posts on X, Schwartz said he evaluated “a lot of DeFi bridging systems” for potential RLUSD use and focused “almost exclusively” on security and risk. What stood out, he wrote, was not a lack of tooling. In his telling, many systems already offered strong protections against the kind of failure now being discussed around KelpDAO. The problem was that those protections often came with friction. Ex-Ripple CTO Warns Bridge Failures Could Repeat “One thing I noticed is that most schemes were very well designed and had really strong mechanisms available to protect against exactly the type of attack the the KelpDAO/rsETH situation seems to have been caused by,” Schwartz wrote. “However, one thing I noticed was that they generally in effect recommended not bothering to use the most important security mechanisms because they have convenience and operational complexity costs.” The former Ripple-CTO is not saying bridge teams lack security features on paper. He is saying some business models are built around making those features optional, even when the assets secured can eventually grow large enough to make the tradeoff untenable. “Their sales pitch was that they have the best security features but they’re easy to use and scale assuming you don’t use the security features,” he wrote. “I have a funny feeling part of the problem is going to be something like KelpDAO choosing not to use key LayerZero security features out of convenience. I hope I’m wrong.” The broader concern, in Schwartz’s framing, is incentive design. If applications are allowed to choose their own trust assumptions, competition can drift toward lower-friction setups rather than higher-assurance ones. That point was raised explicitly by XRP community figure Vet, who argued that letting applications define their own security inevitably “races to the bottom.” Schwartz partly pushed back, saying simpler setups can make sense when value is still small, or where assets are already backed by a trusted issuer and can be frozen. But he also suggested that in open crypto markets, temporary shortcuts have a way of becoming permanent. “That gets insanely complicated. I’d say probably not,” the former Ripple CTO wrote when asked whether projects could face liability for losses. “But the whole DeFi bridging industry is infected with people using moderate security because ‘we just need to get it working, we’ll improve it later’ that grows to protecting huge amounts of money and the later improvements never come.” He was similarly blunt on the industry’s habit of relearning the same lesson after each blowup. “We could wait until we have a perfect solution, but that’s not the choice everyone has made,” Schwartz said. “So every once in a while, we’re going to have a big failure and then everyone will be careful for a month or two and the cycle will repeat.” Overall, Schwartz frames the issue as structural: DeFi keeps trying to scale cross-chain liquidity before it has solved how to govern bridge risk at the level other people’s money demands. Even Schwartz, while defending some narrower uses of simpler bridge setups, conceded that decentralized governance remains ill-suited to hard security decisions around custodial risk. The backdrop is the April 18 rsETH incident involving KelpDAO . An attacker exploited KelpDAO’s LayerZero-powered rsETH bridge and drained 116,500 rsETH, valued at roughly $290 million. Aave’s Guardian then froze rsETH and wrsETH markets across the deployments where the asset was listed, stressing that Aave itself had not been hacked and that the issue was scoped to the asset rather than the lending protocol. Aave later said all pools remained operational, but the freeze halted new deposits and new borrows against rsETH collateral while the situation was assessed. The episode quickly turned into a broader DeFi risk event because rsETH had been integrated into lending markets, raising fresh questions about collateral standards, bridge configuration choices and whether convenience-first interoperability is still being underpriced across the stack. At press time, XRP traded at $1.40.
