{"id":83310,"date":"2026-04-20T07:32:07","date_gmt":"2026-04-20T07:32:07","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=83310"},"modified":"2026-04-20T07:32:07","modified_gmt":"2026-04-20T07:32:07","slug":"ripple-cto-emeritus-warns-rlusd-review-exposed-a-defi-security-red-flag","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=83310","title":{"rendered":"Ripple CTO Emeritus Warns RLUSD Review Exposed A DeFi Security Red Flag"},"content":{"rendered":"
\n

Ripple CTO Emeritus David Schwartz, said his review of DeFi bridge designs for Ripple\u2019s RLUSD surfaced a recurring problem that may now be at the center of the KelpDAO\/rsETH incident: critical security controls exist, but teams are often nudged toward lighter configurations because they are easier to operate and faster to scale.<\/p>\n

In a series of posts<\/a> on X, Schwartz said he evaluated \u201ca lot of DeFi bridging systems\u201d for potential RLUSD use<\/a> and focused \u201calmost exclusively\u201d on security and risk. What stood out, he wrote, was not a lack of tooling. In his telling, many systems already offered strong protections against the kind of failure now being discussed around KelpDAO. The problem was that those protections often came with friction.<\/p>\n

Ex-Ripple CTO Warns Bridge Failures Could Repeat<\/h2>\n

\u201cOne thing I noticed is that most schemes were very well designed and had really strong mechanisms available to protect against exactly the type of attack the the KelpDAO\/rsETH situation seems to have been caused by,\u201d Schwartz wrote. \u201cHowever, one thing I noticed was that they generally in effect recommended not bothering to use the most important security mechanisms because they have convenience and operational complexity costs.\u201d<\/p>\n

The former Ripple-CTO is not saying bridge teams lack security features on paper. He is saying some business models are built around making those features optional, even when the assets secured can eventually grow large enough to make the tradeoff untenable.<\/p>\n

\u201cTheir sales pitch was that they have the best security features but they\u2019re easy to use and scale assuming you don\u2019t use the security features,\u201d he wrote. \u201cI have a funny feeling part of the problem is going to be something like KelpDAO choosing not to use key LayerZero security features out of convenience. I hope I\u2019m wrong.\u201d<\/p>\n

The broader concern, in Schwartz\u2019s framing, is incentive design. If applications are allowed to choose their own trust assumptions, competition can drift toward lower-friction setups rather than higher-assurance ones. That point was raised explicitly by XRP community figure Vet, who argued that letting applications define their own security inevitably \u201craces to the bottom.\u201d<\/p>\n

Schwartz partly pushed back, saying simpler setups can make sense when value is still small, or where assets are already backed by a trusted issuer and can be frozen.<\/a> But he also suggested that in open crypto markets, temporary shortcuts have a way of becoming permanent.<\/p>\n

\u201cThat gets insanely complicated. I\u2019d say probably not,\u201d the former Ripple CTO wrote when asked whether projects could face liability for losses. \u201cBut the whole DeFi bridging industry is infected with people using moderate security because \u2018we just need to get it working, we\u2019ll improve it later\u2019 that grows to protecting huge amounts of money and the later improvements never come.\u201d<\/p>\n

He was similarly blunt on the industry\u2019s habit of relearning the same lesson after each blowup. \u201cWe could wait until we have a perfect solution, but that\u2019s not the choice everyone has made,\u201d Schwartz said. \u201cSo every once in a while, we\u2019re going to have a big failure and then everyone will be careful for a month or two and the cycle will repeat.\u201d<\/p>\n

Overall, Schwartz frames the issue as structural: DeFi keeps trying to scale cross-chain liquidity before it has solved how to govern bridge risk at the level other people\u2019s money demands. Even Schwartz, while defending some narrower uses of simpler bridge setups, conceded that decentralized governance remains ill-suited to hard security decisions around custodial risk.<\/p>\n

The backdrop is the April 18 rsETH incident involving KelpDAO<\/a>. An attacker exploited KelpDAO\u2019s LayerZero-powered rsETH bridge and drained 116,500 rsETH, valued at roughly $290 million. Aave\u2019s Guardian then froze rsETH and wrsETH markets across the deployments where the asset was listed, stressing that Aave itself had not been hacked and that the issue was scoped to the asset rather than the lending protocol.<\/p>\n

Aave later said all pools remained operational, but the freeze halted new deposits and new borrows against rsETH collateral while the situation was assessed. The episode quickly turned into a broader DeFi risk event because rsETH had been integrated into lending markets, raising fresh questions about collateral standards, bridge configuration choices and whether convenience-first interoperability is still being underpriced across the stack.<\/p>\n

At press time, XRP traded at $1.40.<\/p>\n

\"XRP<\/div>\n","protected":false},"excerpt":{"rendered":"

Ripple CTO Emeritus David Schwartz, said his review of DeFi bridge designs for Ripple\u2019s RLUSD surfaced a recurring problem that may now be at the center of the KelpDAO\/rsETH incident: critical security controls exist, but teams are often nudged toward lighter configurations because they are easier to operate and faster to scale. In a series […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-83310","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/83310","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=83310"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/83310\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=83310"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=83310"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=83310"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}