Cross-Chain Bridges

Bridges move assets between blockchains. The problem: blockchains can't natively read each other's state. Every bridge is a creative hack around this fundamental limitation — and each approach makes different security tradeoffs. Bridges hold billions in TVL and have been the #1 target for exploits in DeFi history.

Bridge Architecture Types

Click each type to see an animated flow diagram of how it works.

Lock & Mint: Lock native tokens on Chain A, mint wrapped tokens on Chain B. To go back, burn wrapped tokens and unlock originals. Used by: WBTC, Multichain (RIP), Portal.

Bridge Risk Spectrum

More trust assumptions = more attack surface. Adjust the sliders to see how different bridge designs score on the trust spectrum.

Validator Set Size 5 Multisig Threshold 3/5 Challenge Period (hours) 0 TVL at Risk ($M) 500

Trust Score

Low

Attack Cost (est.)

$15M

Risk Rating

🔴 High

Similar to

Ronin (pre-hack)

Bridge Hacks Timeline

Over $2.5 billion has been stolen from bridge exploits. These are the biggest ones.

Feb 2022

Wormhole — $320M

Attacker bypassed signature verification, minting 120k wETH on Solana without locking ETH. Jump Crypto backstopped the losses.

Signature bypass

Mar 2022

Ronin Bridge — $625M

Lazarus Group compromised 5 of 9 validators (including 4 run by Sky Mavis). Drained 173,600 ETH + 25.5M USDC over 6 days before anyone noticed.

Validator compromise

Jun 2022

Harmony Horizon — $100M

2-of-5 multisig. Attacker compromised 2 keys, drained the bridge. Absurdly low security for $100M+ TVL.

Multisig (2/5)

Aug 2022

Nomad — $190M

A bug in the Replica contract let anyone prove arbitrary messages. Once one person found it, hundreds copied the tx. "The first decentralized robbery."

Smart contract bug

Jul 2023

Multichain — $126M

CEO arrested in China; private keys to MPC nodes were controlled by a single person. Funds drained from bridge contracts with no exploit needed.

Centralization