How Polygon Agglayer Held Through Defi’s Worst Week Since Ftx

What Happened

Polygon escaped the contagion. Agglayer’s unified ZK bridge operated without incident. No Polygon-connected chain had to freeze contracts. Polygon PoS & Agglayer bridges processed approximately $200M in volume post hack, while much of DeFi and bridging paused.

Three exploits in three weeks, all traced to the same broken assumption: that a handful of signers can be trusted with a hundred-billion-dollar industry.

The core technology is a zero-knowledge proof, which is best understood as a tiny cryptographic receipt. The receipt proves that a complex computation was performed correctly, and any machine can verify it in milliseconds without redoing the work. Either the math holds and the withdrawal clears, or it doesn’t.Other designs – like LayerZero, Wormhole or Chainlink – have been described as essentially a multisig of validators who attest to the state of chains. Each of these validators in turn rely on a quorum of RPCs and other offchain infra. In the case of the KelpDAO hack – it appears the validator’s underlying RPCs were compromised, causing it to sign the malicious transaction.

With Agglayer, there’s no validator judgment to manipulate, no RPC feed to poison. The signers that get compromised in every other bridge hack don’t exist in this architecture, because the architecture doesn’t need them.

Market Context

An attacker drained $292 million of rsETH from KelpDAO’s LayerZero bridge, used it as collateral to borrow real ether on Aave, and stuck the protocol with $123 million to $230 million in potential bad debt before markets could freeze.

Within 24 hours, users pulled $6.6 billion out of Aave. Lido, SparkLend, Fluid, Upshift, and Ethena all paused the relevant markets or bridges. rsETH on more than twenty chains became collateral of uncertain backing overnight.

Drift drained $285 million on April 1, attributed to Lazarus. Polkadot’s Hyperbridge minted a billion wrapped DOT on Ethereum on April 13 through a Merkle proof replay, though thin destination liquidity capped realized losses around $2.5 million per the postmortem. KelpDAO on Saturday made it three strikes.

Why It Matters

Most cross-chain infrastructure in crypto works like a notary desk. A small committee watches activity on one chain and attests to it on another. The committee might be a five-key multisig, a decentralized verifier network, a relayer set, or an oracle committee.Compromise the committee or the data feeds underneath it, and the bridge will happily notarize a lie.

This high risk pattern isn’t new. Lazarus has been draining cross-chain bridges since 2022, taking $620M from Ronin and $100M from Harmony before moving on to Drift and, in all likelihood, Kelp. What’s changed is the cadence. AI-assisted audits let small teams probe operational infrastructure at a rate that used to require years by hand. Misconfigurations that once stayed hidden beneath layers of obfuscation now get found by relentless AI-driven automation.

Details

A single forged signature drained $292M from KelpDAO on Saturday and triggered a $6.6 billion run on Aave. The bridges that kept running all had one thing in common.

By John Egan, Head of Product, Polygon Labs

Between Saturday evening and Sunday morning, a single forged message on a single cross-chain bridge turned into DeFi’s worst week since FTX.

That Agglayer held up under that kind of stress reflects a design choice we made early: math proof-based ZK verification and accounting live on-chain, so the system doesn’t depend on a small set of operators getting it right under pressure. Polygon pioneered ZK proving for Agglayer bridging back in July 2024.

One forensic detail is worth holding onto. The root cause was a single verifier. One signature, on the LayerZero V2 route between Unichain and Ethereum, waved through a message corresponding to no real deposit. The bridge released 116,500 rsETH to the attacker’s wallet, roughly one in six rsETH tokens ever issued.

This is unfortunately the predictable outcome of an industry that secures tens of billions of dollars with trust assumptions that held up when bridges moved a few million dollars and nobody sophisticated was watching.

Nine out of ten cross-chain apps trust one or two signers with everything

The shorthand making the rounds for this is MultisigFi. The technically precise name is trusted off-chain attestation. Either label points at the same category of design.

A sweep of active LayerZero applications on Dune found 47% running a 1-of-1 verifier configuration. Another 45% run 2-of-2. Fewer than 5% run 3-of-3 or anything stronger. For nine out of ten cross-chain apps, one or two compromised signers is the entire security model between user funds and an attacker.

Agglayer replaces signers with ZK proofs and enforces accounting at the protocol level

Agglayer validates cross-chain activity with mathematical proofs rather than a committee of attestors.

Layered on top of that, Agglayer enforces what we call pessimistic proofs. Think of it as the bridge’s accountant who trusts nobody and verifies everything.

Every chain connected to Agglayer has a running balance of what it has received and what it has sent. Before any withdrawal finalizes, the math has to add up. Any other outcome, including if a chain tries to withdraw more of an asset than it actually has, the proof defaults to failure and nothing moves. Strict firewalls between chains.

This is the design choice that blocks the entire infinite-mint category of attack. The historical record is instructive. Wormhole, February 2022: $325 million, a skipped signature check on the guardian committee. BNB Chain Bridge, October 2022: $570 million, a proof verifier bug. Polkadot’s Hyperbridge last week: a billion unbacked tokens through a proof replay. KelpDAO on Saturday: one DVN approving a forged message for $292 million.

Different bugs, identical outcome. A bridge releasing assets that were never backed on the other side.