The $292 million exploit linked to KelpDAO is the latest in a long line of crypto bridge hacks, underscoring how the systems designed to connect blockchains have become some of the easiest ways to break them.
The incident involved KelpDAO’s use of LayerZero’s cross-chain messaging system, a type of infrastructure commonly used to move data and assets between blockchains.
Bridges are intended to let users move assets from one blockchain to another, such as from Ethereum to another network. But instead of acting as seamless connections, they have repeatedly become weak points, draining billions of dollars in recent years.
So why does this keep happening?
Crypto ecosystem leaders say the answer doesn’t just lie in bad code or careless mistakes. The problem is more fundamental; it is primarily in the way bridges are built.
The core problem: the trust of the intermediary
To understand the problem, it helps to look at what a bridge actually does.
If you move tokens from one blockchain to another, the second chain will need proof that your tokens existed and were locked on the first. In an ideal world it would verify that itself. In reality, that is too expensive and complex.
“Most bridges don’t fully verify what happened on another chain,” says Ben Fisch, CEO of Espresso Systems. “Instead, they rely on a smaller system to report it [second] system becomes the thing you trust.”
So instead of independently verifying the truth, Bridge outsources it, often to small validator groups or third-party networks like LayerZero or Axelar. This shortcut entails risks. In the Kelp DAO-related exploit, attackers targeted the data coming into the bridge.
“Attackers have compromised nodes and given the system a false version of reality,” Fisch said. “The bridge worked as designed. He just believed the wrong information.”
Bridge hacks often look different on the surface. Some involve stolen keys, others involve faulty smart contracts. But experts say these are symptoms of a deeper problem. The real problem lies in the way the systems are designed.
“Anything that can go wrong will go wrong, and bridge hacks are a perfect example of that,” says Sergej Kunz, co-founder of 1inch. “You see vulnerabilities in the code, centralization problems, social engineering and even economic attacks. Usually it’s a mix.”
How bridges work
Bridges look simple to users. You click a button and move assets from one blockchain to another. Behind the scenes, the process is more complicated.
First, your tokens are locked to the original blockchain. Then a separate system confirms that the tokens are locked. This system usually consists of a small group of operators or validators. Those operators then send a message to the second blockchain stating that the tokens have been locked so that new ones can be issued. If that message is accepted, the second chain will create a new version of your tokens. These are wrapped tokens, such as rsETH or WBTC.
The problem is that this process relies on the trust of the person sending that message. If attackers compromise that system, they can send a fake message and create tokens that were never supported on the original chain.
“In the worst case, the system doesn’t actually check anything,” says Fisch. “It’s just relying on someone else’s version of events.”
When one failure spreads
Why hasn’t the industry repaired these bridges, given how often bridges fail?
Part of the answer comes down to incentives. “Safety is often not the highest priority,” says Kunz. “Teams are focused on launching quickly, growing users and increasing overall value.”
Building secure systems takes time and money. Many DeFi projects operate with limited resources, making it difficult to invest heavily in audits, monitoring and infrastructure.
At the same time, projects are racing to support more blockchains. Every new integration adds complexity. “Each new connection adds more assumptions,” Fisch said.
Bridge hacks rarely remain under control. Bridged assets are used in credit protocols, liquidity pools and return strategies. When these assets are compromised, the damage spreads.
“Other platforms may consider a hacked asset as legitimate,” Kunz said. “This is how contamination occurs.” Users are rarely told how a bridge actually works or what can go wrong.
There are ways to make bridges safer. Fisch says a key step is eliminating discrete points of failure by relying on independent data sources rather than shared infrastructure.
In practice, these ‘data sources’ are computers that look at blockchains and report what has happened. They can be managed by the bridge itself, by external networks such as LayerZero, or by infrastructure providers. But many rely on the same underlying services, meaning a single compromised source can send bad data across multiple systems.
“If everyone relies on the same source, you haven’t reduced the risk,” he said. “You just copied it.”
Other approaches include hardware protection and better monitoring to catch misconfigurations early. Some developers are also working on designs that verify data directly using cryptography instead of intermediaries.
Kunz believes a more fundamental change is needed. “As long as we rely on validator-based bridges, these problems will continue,” he said.
Read more: North Korea’s crypto heist playbook is expanding and DeFi is increasingly being hit