Pluto warns of restaking, bridge spoofing and AI risks

Pluto, a DeFi developer building Harbor and formerly involved with Thorchain and Airswap, warned about financial risks from restaking, outlined a cross-chain bridge spoofing exploit that affected Aave, and discussed the dual role of artificial intelligence in crypto security.

Pluto described restaking as the practice of reusing the same underlying stake to create multiple claims or derivatives. He said those layered claims make it hard to track exposure and can magnify losses when markets move, increasing the chance of cascading failures across linked positions.

On the bridge exploit, Pluto explained that attackers manipulated the reported value of assets on Arbitrum and used that false valuation to mint rETH-like tokens. Those tokens were moved to Ethereum and accepted as collateral in Aave markets. Using roughly 116,000 rseth on Ethereum, the attackers opened large loans and withdrew other assets from Aave, he said, noting the operation relied on bridging synthetic value across chains.

Pluto outlined how bridges function in simple terms: a bridge creates a representation of assets on another chain, and protocols treat those representations as collateral if they appear backed. If validation of that backing fails or is spoofed, an attacker can create or unlock value on the destination chain and then use it to extract funds.

He pointed out that cross-chain bridges are frequent targets because they let attackers move perceived value between networks. Validation methods that assume on-chain reports reflect real backing can be exploited when those reports are spoofed or when off-chain or cross-chain checks are weak.

Addressing the broader security picture, Pluto said attacks will become more sophisticated as skilled attackers improve techniques. He argued the industry should prioritize hardening core infrastructure rather than assigning blame to individual platforms after breaches. He also noted that many live smart contracts securing significant TVL have resisted contract-level exploits and that system-level integrations and cross-chain designs often introduce larger risks.

On artificial intelligence, Pluto said AI can be used by attackers to automate and scale exploits but can also be applied to defense. “AI can potentially be both a threat and a protector,” he said, adding that cryptography and other defensive technologies can favor defenders while some tools make adversarial activity easier.

Pluto referenced practices from traditional finance being adapted for crypto, including circuit breakers and deferred settlement mechanisms. He observed that deferred settlement in traditional markets exists to limit the speed and scale of losses and suggested similar measures can slow rapid, irreversible drains when cross-chain inconsistencies are exploited.

In his remarks, Pluto listed areas for attention: improving how bridges validate value across chains, strengthening infrastructure that underlies composable DeFi systems, and adopting both defensive technologies and design patterns such as temporary settlement delays and circuit breakers to limit large, rapid losses.