New York$293 million stolen from KelpDAO via bridge vulnerability.
Lido and Spark are repositioning toward “boring,” low-yield designs, as Lido’s Eugene Mamin said inherited infrastructure risk now exceeds smart-contract bugs.
Deposits at Spark are rising as users rotate into simpler collateral structures, Phoenix Labs CEO Sam MacPherson said.
Sources: CoinDesk
WHY BRIDGES BLEED
A cross-chain bridge is a smart contract that locks tokens on one chain and mints wrapped copies on another. That single contract ends up holding the entire pooled value of everyone who ever crossed — a honeypot whose security is only as strong as its weakest verification step.
THE INHERITED-RISK STACK
Modern DeFi protocols compose on top of each other: a liquid-restaking token wraps a staking token that wraps ETH, then gets bridged, then deposited as collateral. Each layer adds yield and inherits every bug in every layer beneath it. A flaw three layers down still drains the top.
THE BIGGEST BRIDGE LOSSES
Bridge exploits have produced some of the largest single thefts in financial history — not just crypto history. The KelpDAO loss sits in the same league as nation-state-sized heists, which is why institutional capital is pulling back from composable yield structures.
THE FLIGHT TO BORING
When risk is repriced, capital rotates from high-yield composable structures toward simpler designs — single-collateral vaults, audited primitives, no bridges. The pattern echoes traditional finance after every credit crisis: complexity earned a premium until it didn't.
WHO HUNTS BRIDGES
State-aligned actors — North Korea's Lazarus Group above all — specialize in bridge exploits because the attack surface is narrow, the payoff is concentrated, and the laundering path through mixers and stablecoins is well-mapped. Bridges are now a recognized national-security target, not just a fintech bug.