A single forged signature drained $292M from KelpDAO on Saturday and triggered a $6.6 billion run on Aave. The bridges that kept running all had one thing in common.
By John Egan, Head of Product, Polygon Labs
Between Saturday evening and Sunday morning, a single forged message on a single cross-chain bridge turned into DeFi’s worst week since FTX.
An attacker drained $292 million of rsETH from KelpDAO’s LayerZero bridge, used it as collateral to borrow real ether on Aave, and stuck the protocol with $123 million to $230 million in potential bad debt before markets could freeze.
Within 24 hours, users pulled $6.6 billion out of Aave. Lido, SparkLend, Fluid, Upshift, and Ethena all paused the relevant markets or bridges. rsETH on more than twenty chains became collateral of uncertain backing overnight.
Polygon escaped the contagion. Agglayer’s unified ZK bridge operated without incident. No Polygon-connected chain had to freeze contracts. Polygon PoS & Agglayer bridges processed approximately $200M in volume post hack, while much of DeFi and bridging paused.
That Agglayer held up under that kind of stress reflects a design choice we made early: math proof-based ZK verification and accounting live on-chain, so the system doesn’t depend on a small set of operators getting it right under pressure. Polygon pioneered ZK proving for Agglayer bridging back in July 2024.
One forensic detail is worth holding onto. The root cause was a single verifier. One signature, on the LayerZero V2 route between Unichain and Ethereum, waved through a message corresponding to no real deposit. The bridge released 116,500 rsETH to the attacker’s wallet, roughly one in six rsETH tokens ever issued.
This is unfortunately the predictable outcome of an industry that secures tens of billions of dollars with trust assumptions that held up when bridges moved a few million dollars and nobody sophisticated was watching.
Three exploits in three weeks, all traced to the same broken assumption: that a handful of signers can be trusted with a hundred-billion-dollar industry.
Nine out of ten cross-chain apps trust one or two signers with everything
Most cross-chain infrastructure in crypto works like a notary desk. A small committee watches activity on one chain and attests to it on another. The committee might be a five-key multisig, a decentralized verifier network, a relayer set, or an oracle committee.
Compromise the committee or the data feeds underneath it, and the bridge will happily notarize a lie.
The shorthand making the rounds for this is MultisigFi. The technically precise name is trusted off-chain attestation. Either label points at the same category of design.
A sweep of active LayerZero applications on Dune found 47% running a 1-of-1 verifier configuration. Another 45% run 2-of-2. Fewer than 5% run 3-of-3 or anything stronger. For nine out of ten cross-chain apps, one or two compromised signers is the entire security model between user funds and an attacker.
This high risk pattern isn’t new. Lazarus has been draining cross-chain bridges since 2022, taking $620M from Ronin and $100M from Harmony before moving on to Drift and, in all likelihood, Kelp. What’s changed is the cadence. AI-assisted audits let small teams probe operational infrastructure at a rate that used to require years by hand. Misconfigurations that once stayed hidden beneath layers of obfuscation now get found by relentless AI-driven automation.
Drift drained $285 million on April 1, attributed to Lazarus. Polkadot’s Hyperbridge minted a billion wrapped DOT on Ethereum on April 13 through a Merkle proof replay, though thin destination liquidity capped realized losses around $2.5 million per the postmortem. KelpDAO on Saturday made it three strikes.
Agglayer replaces signers with ZK proofs and enforces accounting at the protocol level
Agglayer validates cross-chain activity with mathematical proofs rather than a committee of attestors.
The core technology is a zero-knowledge proof, which is best understood as a tiny cryptographic receipt. The receipt proves that a complex computation was performed correctly, and any machine can verify it in milliseconds without redoing the work. Either the math holds and the withdrawal clears, or it doesn’t.
Other designs – like LayerZero, Wormhole or Chainlink – have been described as essentially a multisig of validators who attest to the state of chains. Each of these validators in turn rely on a quorum of RPCs and other offchain infra. In the case of the KelpDAO hack – it appears the validator’s underlying RPCs were compromised, causing it to sign the malicious transaction.
With Agglayer, there’s no validator judgment to manipulate, no RPC feed to poison. The signers that get compromised in every other bridge hack don’t exist in this architecture, because the architecture doesn’t need them.
Layered on top of that, Agglayer enforces what we call pessimistic proofs. Think of it as the bridge’s accountant who trusts nobody and verifies everything.
Every chain connected to Agglayer has a running balance of what it has received and what it has sent. Before any withdrawal finalizes, the math has to add up. Any other outcome, including if a chain tries to withdraw more of an asset than it actually has, the proof defaults to failure and nothing moves. Strict firewalls between chains.
This is the design choice that blocks the entire infinite-mint category of attack. The historical record is instructive. Wormhole, February 2022: $325 million, a skipped signature check on the guardian committee. BNB Chain Bridge, October 2022: $570 million, a proof verifier bug. Polkadot’s Hyperbridge last week: a billion unbacked tokens through a proof replay. KelpDAO on Saturday: one DVN approving a forged message for $292 million.
Different bugs, identical outcome. A bridge releasing assets that were never backed on the other side.
If we re-run the KelpDAO scenario through Agglayer’s accounting the pessimistic proof fails to validate the attacker’s withdrawal of 116,500 rsETH because the accounting shows no corresponding deposit. So the withdrawal is blocked and no funds leave the system.
Agglayer’s accounting catches the outcome at the door. Even if upstream verification has a bug, the infinite mint can’t clear into the rest of the system.
Agglayer is open source, works across stacks, and settles in minutes
Agglayer is the only ZK bridge that’s fully open source, with no protocol fee and open to anyone thanks to no commercial licensing. It’s stack-agnostic by design, so ZK rollups, optimistic rollups, proof-of-stake chains, EVM, and non-EVM all coordinate through the same infrastructure without giving up their own security models.
On speed: optimistic bridges connecting Arbitrum and Optimism to Ethereum make users wait seven days for a fraud challenge window to close. Agglayer uses validity proofs that verify state actively, so transfers settle in minutes once the proof lands on L1. Fast Interop Phase 1 ships May 27 with roughly three-minute cross-chain settlement, dropping to sub-minute later this year.
$2.4 trillion settled, zero bridge exploits, and one team on call
Good architecture isn’t enough on its own. Surviving this threat environment also takes having seen the failure modes at scale.
Polygon has processed $2.4 trillion in cumulative stablecoin settlement volume. 6.4 billion transactions. 159 million unique wallets. 99.99% uptime over five years. Zero bridge exploits on Agglayer. Revolut, Stripe, Paxos, and Tazapay put production payment volume on Polygon after months of vendor risk review, compliance sign-off, and technical due diligence. That kind of integration doesn’t happen on infrastructure institutions have to worry about.
When the KelpDAO exploit started surfacing this weekend, our security team paused LayerZero integrations across the ecosystem before the root cause was publicly disclosed. That call gets made in twenty minutes rather than twenty hours because one team owns the full stack.
Polygon’s rapid response did not end there. Its Product, Security and Support teams worked hand in hand through the weekend with our institutional partners, providing white glove support on how to best respond to the crisis and access liquidity.
When a fintech integrates Polygon to bring assets on-chain, tap into yield, or run a cross-chain swap, the rails underneath are cryptographic proofs an adversary cannot forge, run by a team that has seen every variant of this weekend before.
When an institution chooses CDK to launch its own chain, native Agglayer connectivity ships with the deployment. No separate bridge project, no third-party integration, no additional vendor negotiation. The same security architecture that held this weekend arrives with the chain, along with immediate access to the liquidity and cross-chain activity of every other chain in the network.
That connectivity is also what separates Polygon’s blockchain-as-a-service from every other enterprise chain option. Canton, Tempo, and Hyperledger give institutions privacy but wall them off from global liquidity. Public L2s give liquidity but expose positions, counterparties, and transactions to the world. CDK chains connect to the full crypto economy through Agglayer without broadcasting any of it. This is what institutional-caliber crypto infrastructure looks like.
Polygon’s bet has been that institutions eventually want the same things from crypto infrastructure they want from every other financial rail: predictable behavior under stress, accountability when something goes wrong, and security that doesn’t rest on anyone’s good behavior. We’ve been building toward that standard for five years and $2.4 trillion in settlement volume. Last weekend was a preview of why it matters.
The post How Polygon Agglayer Held Through DeFi’s Worst Week Since FTX appeared first on BeInCrypto.
Go to Source to See Full Article
Author: John Egan
