Kelp DAO 遭駭 2.92 億美元一事顯示，為何 crypto bridges 仍是該產業最脆弱的環節之一

📄完整原文· 由 trafilatura 自動擷取6416 字

The $292 million Kelp DAO exploit shows why crypto bridges are still one of the industry's weakest links The problem is structural and as long as bridges depend on complex systems with shared infrastructure and hidden trust assumptions, they will remain vulnerable. What to know: - Crypto bridge hacks like the $292 million Kelp DAO exploit keep happening because bridges rely on trusted intermediaries and external data sources rather than fully verifying blockchain activity, creating easy opportunities for attackers to manipulate. - The problem is structural, not just bugs or mistakes, and as long as bridges depend on complex systems with shared infrastructure and hidden trust assumptions, they will remain vulnerable. The $292 million exploit tied to KelpDAO is the latest in a long line of crypto bridge hacks, underscoring how the systems designed to connect blockchains have become some of the easiest ways to break them. The incident involved KelpDAO’s use of LayerZero’s cross-chain messaging system, a type of infrastructure widely used to move data and assets between blockchains. Bridges are meant to let users move assets from one blockchain to another, like from Ethereum to a different network. But instead of acting as seamless connectors, they have repeatedly turned into weak points, draining billions of dollars over the past few years. So why does this keep happening? Crypto ecosystem leaders say the answer is not just bad code or careless mistakes. The problem is more fundamental; it is in how bridges are built in the first place. The core problem: trusting the middleman To understand the issue, it helps to look at what a bridge actually does. If you move tokens from one blockchain to another, the second chain needs proof that your tokens existed and were locked on the first one. In an ideal world, it would verify that itself. In reality, that is too expensive and complex. “Most bridges don’t fully verify what happened on another chain,” said Ben Fisch, CEO of Espresso Systems. “Instead, they rely on a smaller system to report it. That [second] system becomes the thing you trust.” So instead of independently checking the truth, bridges outsource it, often to small validator groups or external networks like LayerZero or Axelar. That shortcut creates risk. In the Kelp DAO-related exploit, attackers targeted the data feeding into the bridge. “Attackers compromised nodes and fed the system a false version of reality,” Fisch said. “The bridge worked as designed. It just believed the wrong information.” Bridge hacks often look different on the surface. Some involve stolen keys, others faulty smart contracts. But experts say those are symptoms of a deeper issue. The real problem lies in how the systems are designed. “Anything that can go wrong will go wrong, and bridge hacks are a perfect example,” said Sergej Kunz, co-founder of 1inch. “You see code vulnerabilities, centralization issues, social engineering, even economic attacks. Usually it’s a mix.” How bridges work For users, bridges look simple. You click a button and move assets from one blockchain to another. Behind the scenes, the process is more complicated. First, your tokens are locked on the original blockchain. Then a separate system confirms that the tokens are locked. This system usually consists of a small group of operators or validators. Those operators then send a message to the second blockchain saying the tokens were locked so new ones can be issued. If that message is accepted, the second chain creates a new version of your tokens. These are wrapped tokens, like rsETH or WBTC. The problem is that this process depends on trusting whoever sends that message. If attackers compromise that system, they can send a false message and create tokens that were never backed on the original chain. “The worst case is when the system isn’t really checking anything,” Fisch said. “It’s just trusting someone else’s version of events.” When one failure spreads Given how often bridges fail, why has the industry not fixed them? Part of the answer comes down to incentives. “Security is often not the top priority,” Kunz said. “Teams focus on launching quickly, growing users and increasing total value locked.” Building secure systems takes time and money. Many DeFi projects operate with limited resources, making it difficult to invest heavily in audits, monitoring and infrastructure. At the same time, projects are racing to support more blockchains. Each new integration adds complexity. “Every new connection adds more assumptions,” Fisch said. Bridge hacks rarely stay contained. Bridged assets are used across lending protocols, liquidity pools and yield strategies. If those assets are compromised, the damage spreads. “Other platforms may treat a hacked asset as legitimate,” Kunz said. “That’s how contagion happens.” Users are rarely told how a bridge actually works or what could go wrong. There are ways to make bridges safer. Fisch says one key step is removing single points of failure by relying on independent data sources rather than shared infrastructure. In practice, these “data sources” are computers that watch blockchains and report what happened. They might be run by the bridge itself, by outside networks like LayerZero, or by infrastructure providers. But many rely on the same underlying services, meaning a single compromised source can feed bad data across multiple systems. “If everyone is relying on the same source, you haven’t reduced risk,” he said. “You’ve just copied it.” Other approaches include hardware protections and better monitoring to catch misconfigurations early. Some developers are also working on designs that verify data directly using cryptography instead of intermediaries. Kunz believes a more fundamental shift is needed. “As long as we rely on validator-based bridges, these problems will continue,” he said. Read more: North Korea’s crypto heist playbook is expanding and DeFi keeps getting hit More For You Also: DPRK hacking crypto, Aave contagion and Coinbase on quantum computing. What to know: Welcome to The Protocol, CoinDesk's weekly wrap of the most important stories in cryptocurrency tech development. I’m Margaux Nijkerk, a reporter at CoinDesk. In this issue: - 2026's biggest crypto exploit: $292 million gets drained from Kelp DAO with wrapped ether stranded across 20 chains - North Korea’s crypto heist playbook is...

資料狀態✓ 已擷取全文閱讀原文（CoinDesk）

🔍歷史類似事件· 關鍵字 + 標的比對6 則

2026-04-18

2026 年最大的加密貨幣漏洞攻擊：Kelp DAO 遭駭 2.92 億美元，wrapped ether 被困在 20 條鏈上

相似度 280%關鍵字 exploit/kelp/dao

2026-04-18

2026 年最大的加密貨幣漏洞攻擊：Kelp DAO 被盜走 2.92 億美元，wrapped ether 困在 20 條鏈上

相似度 280%關鍵字 exploit/kelp/dao

2026-04-21

Arbitrum 凍結了與 Kelp DAO 漏洞攻擊相關的 7100 萬美元 ETH

相似度 230%關鍵字 dao/million/exploit

2026-04-20

在 Kelp DAO 橋接漏洞引發 DeFi 混亂後，Aave 可能面臨高達 2.3 億美元的損失

相似度 230%關鍵字 dao/million/exploit

2026-04-22

The Protocol：Kelp DAO 遭駭損失 2.92 億美元

相似度 180%關鍵字 dao/million/kelp

2026-04-22

Kraken 為 2025 年提交了 5,600 萬份加密貨幣稅務表格。其中三分之一的金額低於 $1

相似度 180%關鍵字 million/crypto/one

💡 目前用關鍵字 + 標的比對（MVP）· 之後會升級為 embedding 語意搜尋

原始資訊

ID：3a40254d1f

來源：CoinDesk

發佈：2026-04-22 15:01:30

分類：一般 · 導出分類 neutral

標的：未指定

社群投票：+0 / −0 · ⭐ 0 重要 · 💬 0 留言