Author: David Park | Security Researcher | Lead Auditor at ChainSecurity

Bridges have lost over $2.5 billion to hacks since 2021. Ronin: $625 million. Wormhole: $320 million. Nomad: $190 million. These aren't edge cases — they're the norm. Bridges are the most dangerous infrastructure in crypto.

I've audited dozens of bridges. I've found critical vulnerabilities in protocols holding billions. Here's what I've learned about why this keeps happening.

Why bridges exist

Blockchains don't talk to each other. Ethereum doesn't know what's happening on Solana. Arbitrum can't verify Bitcoin transactions. Each chain is a sovereign island of consensus.

But users want assets everywhere. You hold ETH on mainnet, want to use it on Arbitrum for lower fees, then move to Solana for a specific dApp. This requires bridges — infrastructure that locks assets on one chain and mints representations on another.

The market demanded it. Over $50 billion has moved through bridges. Cross-chain DeFi, NFT transfers, gaming assets — all depend on this infrastructure. It's essential and fundamentally broken.

The security trilemma

Every bridge faces impossible tradeoffs.

Trustlessness means no central party can steal or censor. You want bridge security to derive from the underlying chains, not from trusting operators. But truly trustless bridges require each chain to verify the other's consensus — technically brutal and often impossible.

Generalizability means working across any chains, any assets, any message types. Users want one bridge for everything. But generalization increases attack surface. Every new chain integration is new code, new assumptions, new vulnerabilities.

Speed matters for user experience. People don't want to wait hours for cross-chain transfers. But fast finality requires weaker security assumptions. The safest bridges are the slowest.

Pick two. You can't have all three. Most bridges sacrifice trustlessness for speed and generalization — which is why they keep getting hacked.

How bridges actually break

Let me categorize the failure modes I see repeatedly.

Validator compromise is most common. Many bridges use multisig or threshold signatures — a set of validators must agree to release funds. Ronin had 9 validators; attackers compromised 5. Game over. The security reduces to "how hard is it to hack N validators?"

Smart contract bugs remain prevalent. Wormhole's vulnerability was a signature verification flaw — attackers could mint wrapped assets without actual deposits. Nomad had an initialization bug that let anyone drain the bridge. These are code errors, found after audits, exploited within hours of discovery.

Oracle manipulation attacks exploit price feeds or message verification. If a bridge trusts an oracle to report what happened on another chain, compromising that oracle compromises the bridge. The trust has to go somewhere.

Economic attacks target the incentive structure. If the cost to attack a bridge is less than the potential profit, rational attackers will attack. Many bridges have TVL far exceeding the economic security backing them.

The approaches being tried

The industry hasn't given up. Several architectural approaches show promise.

Light client verification is the gold standard. Run a light client of Chain A on Chain B, verify actual consensus proofs. No trusted intermediaries. IBC protocol does this for Cosmos chains. It works — but requires chains to be architecturally compatible, which limits generalization.

Optimistic bridges assume messages are valid unless challenged. Validators post bonds. If anyone proves fraud, the validator loses their stake. Across Protocol uses this model. Security depends on at least one honest watcher — better assumptions than multisig, but still requires trust.

Zero-knowledge proofs could theoretically solve everything. Prove Chain A state on Chain B without trusting anyone. Succinct, zkBridge, and others are building this. The math works. The engineering is years from production-ready for arbitrary chains.

Intent-based systems like UniswapX avoid bridges entirely for some use cases. Instead of moving assets, solvers fill your order on the destination chain, settling later. You get speed; they take bridge risk. It works for swaps but doesn't generalize to arbitrary cross-chain messages.

What users should actually do

Given the risk landscape, here's practical advice.

Minimize bridge exposure. Don't leave assets in bridge contracts longer than necessary. Transfer, use, transfer back. The less time in bridges, the less exposure to exploits.

Prefer native bridges when available. Arbitrum's official bridge is safer than third-party alternatives because it inherits Ethereum's security. Longer wait times are worth the security.

Check bridge security models. Does it use multisig? How many validators, who are they? Is there economic security? Has it been audited, by whom? This information should be public. If it isn't, that's a red flag.

Diversify bridge usage. Don't move everything through one bridge. If you must bridge significant assets, split across multiple providers. Reduces single-point-of-failure risk.

Consider the asset itself. Canonical bridges that mint "official" wrapped assets are safer than third-party wrappers. USDC bridged through Circle's CCTP is safer than USDC wrapped through a random bridge.

The uncomfortable truth

Here's what I tell protocol teams but they don't want to hear.

Multi-chain strategies have hidden costs. Every chain you deploy on multiplies attack surface. Every bridge integration adds risk. The gas savings on L2s might not exceed the expected value of bridge exploits.

We don't have secure general-purpose bridges yet. Everything deployed today involves trust assumptions that can be violated. The technology is improving, but we're not there. Anyone claiming otherwise is selling something.

The market will keep using bridges anyway. Convenience beats security for most users. They'll move assets through risky infrastructure because it's easy. The losses will continue until the technology actually matures.

What 2025 looks like

More exploits. Probably $500 million+ in bridge losses this year alone. The attack surface keeps growing. The attackers keep learning. The defenses aren't improving fast enough.

ZK bridges approach production. Not fully general, but for specific high-value routes — Ethereum to major L2s — zero-knowledge verification becomes practical. This is the path to real security.

Consolidation around safer designs. Bridges using deprecated security models will lose market share. The remaining players will be those with serious security architectures, serious audits, serious incident response.

Regulatory attention increases. Bridges moving billions without accountability will attract enforcement. KYC requirements for large transfers, licensing for operators — it's coming. Whether this improves security or just adds compliance theater remains to be seen.

My advice: treat bridges like the dangerous infrastructure they are. Use them when necessary. Don't trust them more than you have to. And keep most of your assets on chains where they don't need to cross that bridge.

David Park leads bridge and cross-chain security audits at ChainSecurity. He has identified critical vulnerabilities in protocols holding over $5 billion in combined TVL.