Introduction
This week, the security of cross-chain DeFi protocols came under scrutiny following major incidents involving ZetaChain and KelpDAO. These breaches exposed not only technical weaknesses but also the broader difficulties of safeguarding multi-chain infrastructures. As cross-chain activity increases, so does the importance of strong, adaptable security practices.
ZetaChain: Mainnet Activity Halted After Breach
On April 28, ZetaChain suspended all cross-chain transactions on its mainnet after its GatewayEVM contract was attacked. According to the project, only internal wallets were affected, and user funds remained secure. While DefiLlama estimated the loss at $300,000, ZetaChain has not confirmed this figure and has promised a detailed postmortem. This event shows that even established platforms can be disrupted when core contracts are compromised, threatening operational stability and user confidence.
The decision to halt cross-chain activity prioritized user safety and transparency, reflecting a growing trend among DeFi protocols to act decisively in the face of security threats, even at the cost of temporary disruption.
KelpDAO: Off-Chain Infrastructure Targeted
The KelpDAO exploit, with losses reported near $292 million, highlighted the risks posed by off-chain dependencies. Unlike typical smart contract vulnerabilities, attackers compromised data nodes supporting the bridge, tricking the system into releasing 116,500 rsETH on Ethereum without a matching token burn on the source chain. On-chain, transactions appeared routine, and standard monitoring tools failed to detect the breach. However, the bridge’s core accounting logic was violated, allowing the exploit to proceed undetected initially.
This incident underscores that DeFi protocols are only as secure as their least protected off-chain component. Security focused solely on on-chain activity is insufficient when off-chain systems can be manipulated. The KelpDAO case emphasizes the need for robust quorum design and real-time monitoring that can track the state of the entire system, not just individual transactions.
Containment and Response
Despite the scale of the KelpDAO breach, prompt action helped contain further losses. KelpDAO paused its contracts, reportedly preventing an additional $95 million from being exploited. The Arbitrum Security Council also intervened to freeze about 30,000 ETH downstream, demonstrating that coordinated responses can help limit the impact of even large-scale attacks.
ZetaChain’s immediate suspension of cross-chain activity similarly aimed to protect user funds and maintain trust. These responses highlight the increasing importance of rapid, transparent crisis management alongside preventative security measures in the cross-chain ecosystem.
Implications for DeFi Users
The events of the week serve as a reminder for both users and protocols to regularly reassess risk when operating across multiple chains. Relying on a single verifier or data source introduces potential points of failure. Users should exercise caution and conduct due diligence when interacting with bridges, routers, and other cross-chain tools.
As security strategies adapt, so do attacker methods. Monitoring the overall state of cross-chain protocols—rather than just individual transactions—may become a new standard. Still, no system is immune to risk, making operational vigilance and the ability to respond quickly essential for protecting assets and maintaining confidence.
Conclusion: Looking Ahead
Cross-chain infrastructure remains vital to DeFi, but recent attacks have highlighted its vulnerabilities. As protocols work to understand these incidents and strengthen defenses, users and operators must remain alert to new risks. For those moving assets between networks, it is increasingly important to evaluate available options and the security measures in place.
For a detailed technical analysis of the KelpDAO exploit and the role of off-chain dependencies, see the Chainalysis: KelpDAO Bridge Exploit Analysis.
To manage risk and optimize your cross-chain activity, use the Chainspot Router to check routes, compare options, and find the most secure and efficient onchain path for your next transfer.
