One forged signature drained $292 million from KelpDAO on Saturday and sparked a $6.6 billion run on Aave. The bridges that kept running had one thing in common.
Written by John Egan, Head of Product at Polygon Labs
Between Saturday evening and Sunday morning, a single forged message on a single cross-chain bridge turned into the worst week for DeFi since FTX.
An attacker drained $292 million of rsETH from KelpDAO’s LayerZero bridge, used it as collateral to borrow real ether on Aave, and suspended the protocol for $123 million to $230 million in potential bad debt before the markets froze.
Within 24 hours, users withdrew $6.6 billion from Aave. Lido, SparkLend, Fluid, Upshift, and Ethena have temporarily suspended their respective marketplaces or bridges. rsETH on more than twenty chains became a collateral for uncertain support overnight.
Polygon escaped the infection. The Agglayer’s ZK Consolidated Bridge was commissioned without incident. No chain connected to Polygon has had to freeze contracts. Polygon PoS bridges and Aglayer processed nearly $200 million in post-hack volume, while many DeFi and bridges paused.
The Agglayer’s resilience under this kind of pressure reflects a design choice we made early on: ZK verification based on mathematical proof and accounting directly on-chain, so the system isn’t dependent on a small group of operators getting it right under pressure. Polygon led the ZK demonstration of the Agglayer bridge in July 2024.
One criminal detail is worth holding on to. The root cause was the single validator. One signature, on the LayerZero V2 route between Unichain and Ethereum, was waved off with a message corresponding to no real deposit. The bridge released 116,500 rsETH to the attacker’s wallet, roughly one in six rsETH tokens ever issued.
This is unfortunately the predictable outcome of an industry that believes tens of billions of dollars in assumptions of trust that endured when bridges moved a few million dollars and no one was watching.
Three vulnerabilities in three weeks, all due to the same false assumption: that a handful of signatories can be trusted in a hundred-billion-dollar industry.
Nine out of ten cross-chain apps trust one or two signatories for everything
Most of the cross-chain infrastructure in cryptocurrencies works like a notary office. A small committee monitors activity in one chain and attests to it in another. The committee may be made up of five multi-signature keys, a decentralized verification network, a relay group, or an oracle committee.
Flatten the commission or the data feeds underneath, and the bridge will gladly authenticate the lie.
The abbreviation doing the rounds for this is MultisigFi. The technically accurate name is an off-chain trusted certificate. Either classification refers to the same design category.
A survey of active LayerZero apps on Dune found that 47% of them were running a 1-of-1 validator configuration. Another 45% were running 2-of-2. Less than 5% were running 3-of-3 or something stronger. For nine out of ten applications across the chain, one or two compromised signers represent the complete security pattern between the user’s funds and the attacker.
This high-risk pattern is not new. Lazarus has been draining cross-chain bridges since 2022, taking in $620 million from Ronin and $100 million from Harmony before moving on to Drift and, most likely, Kelp. What has changed is the rhythm. AI-powered audits allow small teams to explore operational infrastructure at a rate that previously required years of manual work. Misconfigurations that remained hidden under layers of obfuscation are now being discovered through continuous AI-driven automation.
The drift drained $285 million on April 1, attributed to Lazarus. Polkadot’s Hyperbridge minted 1 billion wrapped DOT on Ethereum on April 13 via a Merkle reoffer, though poor destination liquidity limited realized losses to around $2.5 million post-mortem. KelpDAO on Saturday had three hits.
Agglayer replaces signers with ZK proofs and enforces accountability at the protocol level
Agglayer validates cross-chain activity using mathematical proofs instead of a committee of validators.
The underlying technology is zero-knowledge proof, which can be best understood as a small cryptographic receipt. The receipt proves that a complex calculation was performed correctly, and any device can verify it in milliseconds without rework. Either the accounts hold and the withdrawal clears, or it doesn’t.
Other designs – such as LayerZero, Wormhole, or Chainlink – have been described as essentially a multisig of validators that attest to the state of the chains. Each of these validators in turn relies on a quorum for RPCs and other IRs. In the case of the KelpDAO hack – the validator’s underlying RPCs appear to have been compromised, resulting in the malicious transaction being signed.
With Agglayer, there is no auditor judgment to manipulate, and no RPC feed to poison. The signers that are compromised in all other bridge hacks do not exist in this architecture, because the architecture does not need them.
Above all, Aglayer imposes what we call pessimistic proofs. Think of it like a bridge accountant who trusts no one and checks everything.
Each chain connected to Agglayer has a running balance of what it has received and what it has sent. Before completing any withdrawal, you must add up the math. Any other outcome, including if the chain tries to withdraw more assets than it already has, the proof fails and nothing moves. Strict cross-chain firewalls.
This is a design choice that blocks the infinite attack class entirely. The historical record is useful. Wormhole, February 2022: $325 million, passes signature check to trustee committee. BNB Chain Bridge, October 2022: $570 million, proof verification error. Polkadot Hyperbridge last week: 1 billion tokens not supported by replay. KelpDAO on Saturday: 1 DVN approves forged message for $292 million.
Different errors, identical results. Bridge releases assets that were not supported on the other side.
If we replay the KelpDAO scenario through Agglayer’s accounting, the pessimistic proof will fail to validate the attacker’s withdrawal of 116,500 rsETH because the accounting shows no corresponding deposit. So withdrawal is blocked and no funds leave the system.
Aglayer’s accountant discovers the result at the door. Even if the initial verification contains an error, Infinite Coin will not be able to access the rest of the system.
Agglayer is open source, works across stacks, and installs in minutes
Aglayer is the only ZK bridge that is completely open source, with no protocol fees and open to anyone thanks to no commercial license. They are not stack-dependent by design, so ZK sets, optimistic sets, proof-of-stake chains, EVM, and non-EVM are orchestrated through the same infrastructure without giving up their security models.
On Speed: Optimistic bridges connecting Arbitrum and Optimism to Ethereum make users wait seven days for the fraud challenge window to close. Agglayer uses proofs of validity that actively check the state, so transfers are settled in minutes once the proof reaches L1. The first phase of Fast Interop ships on May 27 with approximately three minutes of cross-chain leveling, dropping to less than a minute later this year.
$2.4 trillion settled, no bridge exploits, and one team on call
Good architecture is not enough in itself. Surviving this threat environment also requires seeing failure modes at scale.
Polygon has processed $2.4 trillion in cumulative stablecoin settlement volume. 6.4 billion transactions. 159 million unique wallets. 99.99% uptime over five years. Exploiting zero bridge on Aglayer. Revolut, Stripe, Paxos, and Tazapay placed production payouts on Polygon after months of vendor risk review, compliance signing, and technical due diligence. This type of integration doesn’t happen in infrastructure organizations that you have to worry about.
When the KelpDAO exploit began emerging this weekend, our security team temporarily paused LayerZero integrations across the ecosystem before publicly disclosing the root cause. This call is made in twenty minutes instead of twenty hours because one team owns the entire deck.
Polygon’s quick response did not end there. Its Product, Security and Support teams worked side-by-side over the weekend with our institutional partners, providing comprehensive support on how to best respond to the crisis and access liquidity.
When a fintech company integrates Polygon to bring assets on-chain, leverage yield, or trigger an on-chain swap, the rails underneath are cryptographic proofs that an adversary cannot forge, run by a team that has seen every variation of this weekend before.
When an organization chooses a CDK to launch its own series, the original Agglayer connection comes with publishing. There is no separate bridge project, no third-party integration, and no additional negotiations with the vendor. The same security architecture that took place this weekend arrives on-chain, along with instant access to liquidity and cross-chain activity for every other chain in the network.
This connection is also what separates Polygon’s blockchain-as-a-service from every other enterprise chain option. Canton, Tempo and Hyperledger give organizations privacy but insulate them from global liquidity. Public L2s provide liquidity but expose positions, counterparties and transactions to the world. CDK chains connect to the entire crypto economy through Agglayer without broadcasting any of it. This is what institutional-grade cryptocurrency infrastructure looks like.
Polygon’s bet was that institutions ultimately want the same things from cryptocurrency infrastructure that they want from every other financial industry: predictable behavior under pressure, accountability when something goes wrong, and security that doesn’t depend on anyone’s good behavior. We have been working to achieve this benchmark for five years and $2.4 trillion in settlement volume. Last weekend was a preview of why it matters.
this post How Polygon Aglayer held up during DeFi’s worst week since FTX appeared first on BeInCrypto.
