In April 2026, a sophisticated attack on KelpDAO and LayerZero led to the exploitation of approximately $292 million in assets. The core issue was not a flaw in the smart contract code itself, but rather that the Decentralized Verifier Network (DVN), which verifies off-chain data, approved a manipulated "burn" message as valid. This fabricated message passed validation immediately, leading to the draining of 116,500 rsETH from the bridge vault.
The root cause of this incident lies in the "shared vault" architecture of traditional bridges, where assets are concentrated into a single pool. It exposed a structural vulnerability where the compromise of a single verification message can put the entire vault at risk. More concerning was the contagion of risk. The attacker deposited the stolen rsETH as collateral in lending protocols such as Aave, borrowing against it to extract additional liquidity. As a result, the bridge risk propagated into bad debt risk across lending markets.
The conversation that followed reached beyond this single incident into deeper architectural territory. Sergej Kunz, founder of 1inch, flagged the systemic risk inherent to pooled-asset designs across DeFi. In the context of a separate exploit, Zaki Manian, Cosmos architect and Sommelier co-founder, argued that intent-based architectures structurally limit exposure to this class of attack.
What exactly is an intent-based architecture?
An intent can be defined in one sentence as a way of specifying the desired outcome rather than the process.
While this concept may seem unfamiliar, we already use this pattern intuitively in our daily lives. For example, consider purchasing a $30 item from an overseas seller online. You select the product, enter your shipping and payment details, and place the order. A few days later, the item arrives at your doorstep. At no point do you manually choose the payment network (e.g., Visa or Mastercard), interbank settlement processes, or logistics routes. You simply specify the desired outcome, and the system handles the rest.
Now imagine having to make every decision yourself. If you had to compare payment security standards, choose payment networks, evaluate interbank settlement routes, and even select shipping providers, the user experience would be significantly degraded. Worse, a poor choice could lead to higher-than-expected costs.
Today, on-chain financial activity still operates under a similar structure. Users must explicitly define execution paths within a transaction-centric model, which requires a significant level of prior technical knowledge. This not only introduces inefficiencies but also exposes users to security risks. As a result, despite substantial capital inflows into crypto over time, retail users continue to favor centralized exchanges such as Coinbase, Binance, and Upbit over on-chain alternatives.
Let’s take a closer look at how intent-based architectures differ from the traditional transaction-centric model that underpins on-chain financial activity
▎ "Swap 1 ETH on Uniswap V3's ETH/USDC 0.05% pool, with 0.5% slippage, at 25 gwei."
In the traditional transaction-centric model, users must explicitly define every element of the execution path. From chain selection to DEX, liquidity pools, slippage tolerance, and gas fees, every decision is the user’s responsibility. This requires prior knowledge of which DEXs exist, whether sufficient liquidity is available, and whether the trade will incur price impact due to slippage. In addition, users must account for potential losses from MEV (Maximum Extractable Value) and set an appropriate gas fee to ensure inclusion. The key issue is that all risks arising from this process are borne entirely by the user. This includes losses from price volatility, gas fee spikes, and failed execution.
▎ "Convert my 1 ETH into at least 3,500 USDC."
In an intent-based architecture, users no longer need to manage complex execution parameters directly. Instead, they simply specify the desired outcome. Rather than submitting an on-chain transaction, the user signs an off-chain message—a commitment to settle if certain conditions are met.
The entity responsible for executing this commitment is the solver. Solvers design and execute one or more transactions to achieve the intended outcome. In doing so, they may employ multi-step, strategy-driven execution rather than a single transaction.
As discussed earlier, the key actors responsible for executing user intents are solvers. They take over the complex execution processes previously handled by users, assuming the associated risks in exchange for potential profit.
The system operates through the following steps:
Intent Propagation: The user’s signed intent (specified conditions) is broadcast to the solver network.
Competition and Bidding: Multiple solvers compete to fulfill the intent, submitting bids to offer the best execution terms.
Execution and Settlement: The winning solver executes the transaction and settles the outcome.
The mechanism for guaranteeing outcomes to users and settling with solvers typically falls into two categories, depending on the network environment.
Single-Chain Environments (Atomic Settlement): In networks such as UniswapX or CoW Swap, all actions are executed atomically within a single transaction. The settlement contract verifies whether the required condition (e.g., 3,500 USDC received) is satisfied at execution time. The user’s assets are transferred to the solver only if the condition is fully met, at which point the solver’s profit is locked in.
Cross-Chain Environments (Optimistic Settlement): In systems such as Across Protocol, atomic execution is not possible due to cross-chain constraints. Instead, solvers use their own capital to execute a “fill,” fronting funds to the user on the destination chain. Settlement and reimbursement occur later on the source chain once fulfillment is verified by the settlement contract.
The core principle remains the same: the signed target outcome becomes the binding constraint of the transaction. If the condition is not satisfied, settlement is not executed. As a result, execution risks such as price volatility or gas fee spikes are shifted entirely to the solver.
This dynamic transforms execution quality itself into a competitive moat. Solvers are incentivized to discover the most capital-efficient, lowest-latency, and most reliable execution paths. Users receive better pricing and faster execution by default, while solvers capture the resulting efficiency gains as surplus value.
Because users do not specify how execution should be performed, solvers go far beyond simply routing through on-chain liquidity pools:
Private Inventory: Solvers leverage pre-positioned capital to execute trades instantly without relying on external liquidity sources or incurring additional fees.
Ring Trades: Solvers match opposing user intents in a peer-to-peer manner, leveraging Coincidence of Wants (CoW) to minimize or eliminate AMM and liquidity provider fees.
Multi-Source On-Chain Routing: When necessary, solvers aggregate liquidity across multiple on-chain venues to achieve optimal execution, generating price improvement beyond the user’s specified limit.
The scale of the shift intents and solvers create is obvious even within a single chain — comparing a basic on-chain swap is enough. AMMs and aggregators automated parts of execution, but the core risks — gas costs, failed fills, MEV exposure — stayed squarely on the user. Intents restructure that. Every burden the user used to carry, the solver now carries.
The moment a user clicks "trade" in the legacy stack, two layers of uncertainty land on them: the gas they'll pay no matter what, and the slippage that turns the displayed quote into a smaller actual amount.
Gas as Sunk Cost: To trade at all, you need a native token (ETH, SOL, etc.) sitting in the wallet. The catch: even if the trade reverts mid-execution, the gas you've already burned doesn't come back. The cost lands regardless of outcome.
Slippage and an Unguaranteed Fill Price: What a DEX aggregator displays is the best quote right now — not a guaranteed fill price. While your transaction sits in the queue, the market can move or MEV bots can intervene, and you receive less than promised (slippage occurs). Tighten the slippage limit to defend against this and the trade reverts more often — and the gas you spent on the failed attempt still doesn't come back. Either way, the cost and the risk stay on the user's side.
Intents hand both risks (gas and slippage) to the solver. Instead of paying gas to fire an on-chain transaction, the user just leaves a single gasless off-chain signature (EIP-712) and walks. The on-chain settlement gas is borne entirely by the solver.
The desired outcome ("at least 3,500 USDC") is also nailed into the signature itself. If that floor isn't hit, the trade can't settle. So when the market moves or networks congest, only the solver's margin shrinks — the user's payout doesn't lose a cent.
CoW Swap, UniswapX, 1inch Fusion — every major intent-based protocol works this way. The user no longer needs to hold a gas token, and they receive the exact outcome they pre-agreed to.
In the legacy model, structural differences between chains quietly leak value out of the user's pocket.
Ethereum (L1) Public Mempool and MEV: Ethereum transactions go through a public mempool by default — anyone can see them. MEV bots see your trade in advance, raise their gas fee to overtake your slot in front-running, or sandwich your trade by inserting their own orders before and after. You can route around this by picking a wallet or dApp with MEV-protect built in, or by using a private RPC (Flashbots, Flashblocks). But the burden of actively defending your own assets still sits with the user — and that's not going away.
L2 Sequencer Authority and the Execution Race: L2s without a public mempool (Arbitrum, Base, etc.) are relatively safe from outside bots. But the single sequencer (Solo Sequencer) holds a monopoly on transaction ordering — so in principle, it can reorder user trades or extract value if it wants to. Users still have to enter the priority-fee auction for a guaranteed fill, and they still absorb the price-movement risk in the gap between submission and execution.
AMM Pool Limits: Common across all chains. AMMs settle prices based on a formula running over a shared liquidity pool. They earned their place by providing liquidity even when buy and sell orders didn't immediately match — that's the contribution that made DeFi possible. But forcing every trade through a pool is structurally inefficient. Even when opposite-direction trades (Coincidence of Wants, CoW) exist at the same moment, AMMs can't match them directly — both sides trade against the pool, paying fees twice and eating slippage twice. Capital efficiency takes the hit.
Intents kill that user-side cost burden by running off-chain auctions and solver matching tuned to each chain's environment.
Off-Chain Auction and Solver Matching: The user submits an order with a gasless signature. Solvers worldwide compete in an off-chain auction (Solver Auction) over a single question: who can return the most price surplus to the user?
Ring Trades: Solvers don't stop at 1:1 matching. They identify ring trades that thread token flow through multiple users at once. Because tokens never go through a liquidity pool — value moves directly between users — there's no LP fee paid to AMMs, and price-impact slippage disappears.
Uniform Clearing Price (UCP): All identical trades inside a single batch settle at one price. Because there's no ordering between trades, sandwich attacks that depend on jumping in front of a specific trade become structurally impossible.
Chain-Tuned Auction Models: On gas-heavy Ethereum mainnet (L1), orders are signed off-chain to remove the cost burden. On gas-light L2s, on-chain Dutch orders start at a price favorable to the user and decay until a solver fills — auction mechanisms tuned to each chain's economics.
The mechanism varies, but the core is the same: multiple solvers (Fillers) shave their margin to fill the order at a price as close to mid-market as possible. The user no longer plays a chain-by-chain MEV-avoidance game or fights a gas-fee bidding war — they receive a better-than-market price competitively quoted by professional solvers and market makers (MMs). The "route discovery" and "defense" homework users used to carry — solvers do it now and return the savings to the user.
Intents pay off across many areas, but the gap opens up the widest in cross-chain. Two chains can't share state directly, so moving an asset across and then swapping it on the destination has always been clumsy and inefficient under the legacy model. That's also where the worst UX problems and the worst security blow-ups have lived simultaneously.
The root cause is transaction atomicity. Within a single chain, every operation in a bundle either all succeeds or any failure reverts the whole thing into a no-op — that safety net is automatic. The moment two chains are involved, the guarantee evaporates. The two chains can't verify each other's state directly, so something on one side has to hold the asset and back the claim, and something on the other side has to verify what actually happened — through a separate trust mechanism.
Legacy bridges fill those two empty seats with massive shared vaults (custody) and external verifier networks (verification). Intents fill the same two seats with solver-owned capital (in place of custody) and post-execution result verification (verification, simplified). The structural divergence shows up in three places at once: security, speed, and price.
This isn't just a difference in implementation. It's a difference in where the risk lives.
The KelpDAO incident is exactly what happens when the second and third rows of this table break simultaneously. The fat lockup pool was the single target. The verification network entrusted to vet messages let a forged one through — and the entire pool shook.
In the intent architecture, neither of those structures exists. There’s no pool to lock down, so no single attack target. There’s no upstream message-trust step either — settlement only fires after the asset has been demonstrably delivered on the target chain (Proof of Fill). So even if a specific node in off-chain infrastructure gets compromised, settlement can’t proceed without confirmed delivery — and the risk doesn’t migrate onto user assets.
Legacy bridges stack the following steps in series:
Source-chain finality → external-verifier message relay → target-chain mint
Depending on the environment, this runs anywhere from a few minutes to tens of minutes — sometimes hours. On Ethereum mainnet, you wait for finality (2 epochs, roughly 12–15 minutes) to rule out reorg-driven invalidation. L2 <> L1 movements can stretch into hours or days because of the challenge window. Verifier-node message relay and cross-checks tack on additional infrastructure delay on top.
The lag isn’t a performance bug. It’s the structural waiting time required to trust state across chains.
Solver settles to user (sub-second to a few seconds)
→ Post-processing [Source-chain finality → external-verifier message relay → target-chain mint]
Intents flip the flow on its head. The solver settles on the destination chain from its own capital first, so the user receives assets in under a second to a few seconds depending on network conditions. The chain-by-chain finality wait and verification-infrastructure delay that legacy bridges shoved onto users are now absorbed by the solver — backed by its own capital and tech stack as the bond.
In the legacy cross-chain stack, moving assets and swapping them are handled in separate steps. Sometimes you swap on the source chain first and then bridge. Sometimes you bridge first and swap on the target. Sometimes the loop runs more than once. The point is — these aren’t bundled into one trade. They run as discrete steps, each priced separately.
Because each step prices independently, the user doesn’t get the best price for the trade as a whole — they get a chain of fragmented prices stitched together in sequence. And once execution and pricing are split this way, cost stacks up the same way. Bridge fees on one side, DEX slippage on the destination chain on the other, both paid in full.
Intents collapse all of that into a single unified flow. Instead of relying solely on on-chain liquidity pools, solvers compete using their own private inventory, submitting bids in a competitive auction. This includes not only specialized solver teams but also major market makers such as Wintermute, B2C2, and Cumberland, all directly contributing liquidity to produce the best possible quote. Because execution no longer depends on the depth of on-chain AMM pools, slippage remains minimal even for large trades. In addition, a single solver handles settlement across both chains, eliminating the need for a separate bridging step and its associated fees. Instead, all costs are bundled into a single optimized exchange rate—an all-in quote.
As a result, users no longer go through multiple steps while paying fragmented fees. They simply receive the final outcome of a transaction executed under the most favorable terms available.
A sharp question shows up here.
“Solvers still need to rebalance their own capital, and they still need to prove on the source chain that they paid the user on the target chain. Don’t they have to use cross-chain messaging infrastructure for that?”
Correct. Intents don’t displace messaging networks — they’re not a replacement technology. If anything, the architecture finally lets general-purpose Arbitrary Message Passing protocols do what they’re best at. In messaging-based models, users themselves had to navigate the messaging infrastructure, threading the needle between two competing goals: fast transfer and safe verification. Intents decouple those two goals and route each to the actor best suited to handle it.
Execution Layer (Solver): The solver carries the part the user actually feels — immediate settlement and risk absorption. No long verification wait; the user receives the asset and is done.
Settlement & Verification Layer (Messaging Infrastructure): Afterward, the settlement contract on the target chain produces a Proof of Fill — evidence that the solver delivered the assets correctly. Cross-chain messaging now does what it does best: securely relaying that proof back to the source chain. When solvers rebalance large amounts of capital to refill drained inventory, they lean on the same robust infrastructure.
The result: the intent paradigm reorganizes cross-chain traffic efficiently. Most ordinary users — those who simply want to move assets — no longer need to walk through the time-consuming and costly existing infrastructure (the retail rail); they get the smooth UX intents deliver. At the same time, that messaging infrastructure can finally focus on its core job: a robust wholesale data backbone where solvers and protocols clear trust and capital at scale. Solver execution and messaging-layer verification don’t compete. They form a symbiotic system that, taken together, finally addresses Web3 fragmentation end-to-end.
In June 2023, Paradigm’s Quintus Kilbourn and Georgios Konstantopoulos co-authored “Intent-Based Architectures and Their Risks.” They welcomed the paradigm but called out structural risks across three dimensions: Trust, Order Flow, and Opacity. Here we look at the two most frequently raised in the intent debate.
Trust Becoming the Barrier (Trust)
DeFi was born under the banner of Trustless. The ideal: users interact directly with smart contracts, and no one slips in between. But intents explicitly require a middle actor — the solver. What Paradigm worried about is the scenario where this delegation of trust calcifies into a barrier. Order flow concentrates among a handful of large solvers who’ve earned the trust of users and protocols, and new entrants can’t compete until they’ve built that trust themselves. In the worst case, a small group of solvers takes a monopolist position and strips users of their bargaining power — the right to a better price.
Concentration Among Few Solvers (Order Flow)
The efficiency curve in solver competition is steeper than it looks. More capital, faster infrastructure, sharper algorithms — whoever has these has an overwhelming edge, and that edge widens with time. The data backs it up. On UniswapX, two solvers — SCP and Wintermute — capture more than 70% of volume. CoW Swap likewise sees its top 5 solvers handle most of the flow. If the intent stream calcifies into Exclusive Order Flow, Paradigm warns, “permissionless competition” can converge into an effective oligopoly held by a small cartel.
“If permissionless competition converges into an effective oligopoly, what makes this any different from the big banks of Wall Street?” The honest question stays. The answer isn’t simple, but the difference is real.
Conditions for Winning: Where the oligopoly in traditional finance is concentration manufactured by locking the door — through licensing and regulation — solver-market concentration is the result of scale competition inside a door left open.
The Data Flywheel: Whether the environment is permissionless like UniswapX or vetted by tests and DAO checks like CoW Swap, the barrier to entry in this market is not power but economies of scale. A solver that sees more flow finds better routes (the data flywheel), wins more auctions, and reinvests the resulting capital efficiency — a Winner-take-most structure.
The current solver ecosystem is, undeniably, concentrated in a small number of capital-rich players. But the structure isn’t locked in by entrenched interests. It remains open to anyone who can show up with overwhelming technology or new efficiency and shake the board. The market is going through the bone-deep process of finding optimal efficiency on its own. That is the decisive difference from the old oligopolistic regime.
So where does the intent market actually stand today? In data. Intent-based architecture is no longer an early-stage experiment. Three signals point in the same direction: explosive volume growth, the formation of an ecosystem standard, and expansion across new domains.
The data shows intent mode has already crossed into mainstream.
1inch Fusion: Roughly $214B processed across 2025. In Q4, 19% of 1inch’s internal routing volume ran through intent mode (Fusion). Over the same period, 1inch held a 25.2% share of the DEX aggregator market.
CoW Swap: Averaged about $6B in monthly volume in 2025 — 200% growth year-over-year. Crossed $9B in monthly volume in July 2025, cementing its lead in the intent category.
The fragmented intent ecosystem is converging through major consensus-driven proposals.
ERC-7683 (Standardizing the Language): Proposed jointly by Uniswap Labs and Across in May 2024. The standard unifies the previously protocol-specific intent (order) format into a single schema, letting an order created on Protocol A get filled by a solver on Protocol B. The standard isn’t a proposal anymore — it’s being adopted across the market. Across reports 88% of orders running through ERC-7683 (cumulative $35B), and the v2 standard is being co-authored with UniswapX. Even CoW Protocol — holding 34% of the DEX aggregator market — adopted the standard in February 2026. With more than 50 teams signed on, scattered solver networks are merging into a single competitive pool.
OIF (Opening the Infrastructure): And in February 2025, the Ethereum Foundation (EF), Hyperlane, and Bootnode launched the Open Intents Framework (OIF). OIF, in plain terms, is the project to build a public shared order board (Mempool) that anyone can access. Even with ERC-7683 unifying the order format, if the orders themselves stay locked inside a specific protocol’s private servers, order flow ends up monopolized regardless. OIF’s mission: prevent any single company from locking up orders (Lock-in), and build a fully open-source routing infrastructure where anyone can post orders and anyone can step in as a solver to take on the work. More than 30 major teams have rallied around it to prevent cartel formation and reach genuine decentralization.
The result: intents are being promoted from the clever design of individual protocols to a core infrastructure layer shared across the entire ecosystem.
Intent–solver models no longer sit only in the layer that optimizes DEX swaps. The architecture is steadily expanding into a general-purpose backend that abstracts on-chain execution. Two axes show this most clearly.
Stablecoin Payment Backend Expansion: Stablecoin markets have always struggled with one big problem — liquidity fragmented across chains and assets. Intent–solver structures are absorbing that fragmentation directly into the backend. At the deepest liquidity layer (the Clearing Layer), Aori × M0 stands out. Custom stablecoins issued on top of M0 settle 1:1 against USDT and USDC across chains via Aori’s solver network — fragmented stablecoins consolidated into a single wholesale clearing rail.
At the payment-routing layer that connects users to merchants, players like Eco Protocol are stepping in. Whichever chain or stablecoin a user pays in, solvers convert it on the backend and front-pay the merchant immediately. Users and merchants stop worrying about the fragmented blockchain stack altogether and just experience smooth, consistent payment.AI Agent Channels: 1inch shipped Fusion intents and cross-chain swaps via MCP. deBridge MCP demonstrated an architecture that converts natural-language intents into cross-chain execution. Squid MCP, Uniswap MCP, Safe × CoW Agent Actions, NEAR AI Agent Market follow. AI agents are rapidly emerging as a new layer that calls intents directly and executes them.
The eyes naturally turn to the next question. In the middle of this paradigm shift, what is Radius preparing as its next step?
Earlier this year, Radius began running solvers in earnest. We took the executor’s seat — the position that turns user intent directly into outcome.
The essence of intent architecture is making sure the user no longer has to think about liquidity pools, gas limits, or bridge routes. Radius, as a solver, takes on every layer of complexity the user has stripped away and digests it on the backend. The user signs, and turning that signature into the most efficient and secure on-chain execution becomes Radius’s responsibility.
Our destination is simple. To deliver an environment so smooth that users never need to be aware of the word solver — they simply receive the result they wanted. To prove our value through results alone. That is how Radius contributes to the decentralized ecosystem as a solver.