Crypto
3 min read

Bridge

A protocol that lets assets or messages move between separate blockchains. Most bridges lock tokens on one chain and mint a wrapped representation on another. Bridges have historically been a major source of crypto exploits.

How most bridges work

The basic pattern: lock the asset on Chain A, mint a representation on Chain B. To return, burn the representation on Chain B, unlock the original on Chain A. The bridge contract on Chain A holds the deposited assets as backing; the wrapped token on Chain B is redeemable 1:1 for the original.

For example, to move ETH from Ethereum to Arbitrum, a user sends ETH to the Arbitrum bridge contract on Ethereum, which credits the user with the equivalent amount on Arbitrum. The bridge holds the deposited ETH as collateral. Withdrawing reverses the process.

Trust models

Bridges differ enormously in their security assumptions:

  • Native rollup bridges (Arbitrum, Optimism, Base) — secured by Ethereum itself via the rollup's fraud or validity proofs. Strong security guarantees; slower withdrawals (7-day challenge window for optimistic rollups).
  • Validator-set bridges (most cross-chain bridges) — a multisig of validators co-signs withdrawals. Security depends on the validator set being honest. The largest historical bridge hacks (Ronin, Wormhole, Nomad) all targeted these designs.
  • Liquidity-network bridges (Across, Hop, Stargate) — fast bridges that don't actually move the original asset; instead, liquidity providers on the destination chain front the funds, and the bridge later reimburses them via a slower trust-minimized path.
  • Optimistic bridges — analogous to optimistic rollups; assume validity, allow challenges within a window.
  • Zero-knowledge bridges — use ZK proofs to validate state across chains. Promising but still maturing; few in production at scale.

Why bridges matter

Cross-chain movement is fundamental to a multi-chain world. As the ecosystem fragments across Layer 2s, alternate L1s (Solana, Sui, Aptos), and app-specific chains, bridges are the connective tissue that lets a user hold assets and apps across them. Without bridges, every chain would be an island.

Security record

Bridges have been the most exploited category in crypto. The four largest single hacks in DeFi history were bridge exploits:

  • Ronin Bridge (March 2022) — $625M stolen from Axie Infinity's bridge after attackers compromised five of the nine validator keys.
  • Wormhole (February 2022) — $325M stolen via a signature verification bug.
  • Poly Network (August 2021) — $611M taken (most was returned).
  • Nomad (August 2022) — $190M drained when a configuration change made any message replayable.

Combined, bridge hacks have accounted for over $2.5B in losses across the industry. The structural reason: bridges hold pooled assets across many users, making them concentrated targets, and their security model usually depends on a small set of validators or a single contract — neither approach has been bulletproof.

How to think about bridge risk

A few practical heuristics for users:

  • Native rollup bridges are meaningfully safer than third-party multi-chain bridges because they inherit base-chain security.
  • Avoid leaving large amounts in bridge contracts longer than necessary.
  • Newer or unaudited bridges are higher risk; protocols with longer track records and larger validator sets generally fare better.
  • The "fast" version of a withdrawal (using a liquidity provider) is fine for small amounts; the "slow" canonical path is safer for large amounts.

Where the design is heading

Several efforts to reduce bridge risk are gaining traction:

  • Native cross-chain messaging at the protocol level. Cosmos IBC is the canonical example — bridges are part of the protocol, not third-party bolt-ons.
  • Shared sequencers and atomic composability across rollups — research direction that would let a single transaction execute across multiple L2s atomically.
  • Intent-based bridges — users sign a desired outcome, solvers compete to fill it across whatever chains they need to. Reduces explicit user interaction with bridge contracts.

The current state is workable but messy. Bridges are getting safer through trial and error, but cross-chain risk remains one of the largest unresolved security challenges in the ecosystem.