On this page
Cross-Chain Bridges: Moving Assets Between Chains
A cross-chain bridge moves value from one blockchain to another, since chains cannot natively read each other's state. It usually locks an asset on the source chain and issues a matching representation on the destination chain.
Key Takeaways
- A cross-chain bridge lets assets move between separate blockchains that cannot directly talk to each other.
- Most bridges lock tokens on one chain and mint a wrapped version on the other, then reverse on the way back.
- Bridges are the most exploited part of crypto: the Ronin hack lost about 540M USD and Wormhole about 320M.
- The core trade-off is trust; the validators or multisig that secure a bridge are also its single point of failure.
Key Takeaways
- A cross-chain bridge lets assets move between separate blockchains that cannot directly talk to each other.
- Most bridges lock tokens on one chain and mint a wrapped version on the other, then reverse on the way back.
- Bridges are the most exploited part of crypto: the Ronin hack lost about 540M USD and Wormhole about 320M.
- The core trade-off is trust; the validators or multisig that secure a bridge are also its single point of failure.
What It Is
Blockchains are isolated by design. Ethereum cannot see what happens on another chain, and vice versa. A cross-chain bridge is the infrastructure that connects them so a user can move an asset from chain A to chain B.
The most common model is lock-and-mint. The bridge locks your tokens in a contract on the source chain and mints an equal amount of a wrapped representation on the destination chain. To return, you burn the wrapped tokens and the originals are released. The bridge does not teleport coins; it freezes them on one side and issues a claim on the other.
The Intuition
Picture two countries with different currencies and no shared bank. To spend abroad, you deposit cash at home and receive a voucher redeemable in the other country. The voucher is only as good as the institution holding your deposit.
That is the heart of bridge risk. The wrapped token on the destination chain is a promise that real assets sit locked on the source chain. Whoever controls the lock controls the money. If that controller is compromised, the promise breaks and the wrapped tokens can become worthless even though they still exist on chain.
How It Works
A bridge needs a way to confirm that the lock on chain A really happened before minting on chain B. Different designs trust different parties to make that attestation:
Lock on chain A -> attestation by bridge validators -> Mint on chain B
Burn on chain B -> attestation by bridge validators -> Release on chain A
Who provides the attestation defines the bridge's security model:
- Multisig or validator set. A fixed group signs off on transfers. Fast and simple, but if enough of those keys are stolen, the attacker can mint freely.
- External oracles or relayers. Off-chain services watch one chain and report to the other. The bridge trusts those reporters to be honest and available.
- Light-client or proof-based. The destination chain verifies a cryptographic proof of the source chain's state. More trust-minimized, but harder to build and more expensive to run.
The trade-off runs along a single axis. Designs that trust a small group are cheap and quick but concentrate risk. Designs that verify proofs reduce trust but cost more in complexity and gas. There is no free version; every bridge picks a point on this spectrum.
Worked Example
The 2022 Ronin bridge hack shows the multisig model failing. Ronin used 9 validator nodes, and any transfer needed 5 signatures to approve. An attacker, later attributed to the Lazarus Group, used social engineering to gain control of 5 of the 9 keys, 4 run by the bridge operator and 1 from a partner organization.
With 5 of 9 keys, the attacker could authorize whatever they wanted. They forged withdrawals and drained 173,600 ETH and 25.5 million USDC, worth roughly 540 million USD at the time. No code bug was even required; the threshold itself was the single point of failure.
The Wormhole hack the same year took a different route. There the bridge failed to properly verify a message, letting the attacker mint wrapped tokens on one chain without actually depositing collateral on the other, draining around 320 million USD. One case was stolen keys, the other was flawed validation, but both prove the same lesson: the attestation layer is where bridges break.
Common Mistakes
-
Treating wrapped tokens as risk-free copies. A bridged token is a claim on locked collateral, not the original asset. If the bridge is drained, your wrapped token can lose its backing while still appearing in your wallet.
-
Ignoring the trust model. "Bridge" describes a function, not a security level. A multisig bridge and a proof-based bridge carry very different risks. Always ask who attests to transfers and what it takes to compromise them.
-
Assuming bigger means safer. Some of the largest bridges suffered the largest hacks. High total value locked makes a bridge a bigger target, not a safer one.
-
Underestimating key-management risk. Many bridge failures came from stolen keys obtained through phishing, not clever code exploits. The human and operational side is often the weakest link.
-
Bridging more than necessary. Every bridged position adds exposure to that bridge's failure. Moving only what you need, and unwinding when done, limits how much is at risk if the bridge is attacked.
Frequently Asked Questions
What is a cross-chain bridge in simple terms? A cross-chain bridge moves assets between two separate blockchains by locking your tokens on one chain and issuing a matching version on the other. The new tokens are a claim on the originals held in the bridge.
How does a cross-chain bridge affect investment decisions? Bridging concentrates risk in the bridge itself, which has been the most exploited part of crypto. Before moving funds, weigh the bridge's security model against the reason you need the assets on the other chain.
What is a real-world example of cross-chain bridge risk? In 2022 the Ronin bridge lost about 540 million USD after attackers compromised 5 of its 9 validator keys, and the Wormhole bridge lost about 320 million USD due to a message-validation flaw.
How can investors reduce cross-chain bridge risk? Understand the trust model before bridging, prefer designs that verify proofs over those relying on a small multisig, move only what you need, and unwind bridged positions once the task is done.
How is a cross-chain bridge different from a DEX aggregator? A bridge moves assets between different chains, while a DEX aggregator finds the best swap price within a chain. Bridges cross trust boundaries between networks; aggregators route trades inside one.
Sources
- Elliptic. "$540 million stolen from the Ronin DeFi bridge." https://www.elliptic.co/blog/540-million-stolen-from-the-ronin-defi-bridge
- Ronin. "Back to Building: Ronin Security Breach Postmortem." https://roninchain.com/blog/posts/back-to-building-ronin-security-breach-6513cc78a5edc1001b03c364
- TechCrunch. "Wormhole digs out of its hole with new security measures to move on from $320M hack." https://techcrunch.com/2023/07/27/wormhole-new-security-320m-hack/
- Investopedia. "Blockchain Bridge." https://www.investopedia.com/what-is-a-blockchain-bridge-7480286
Disclaimer
This article is educational content only and is not financial advice. Nothing here is a recommendation to buy, sell, or hold any security. Consult a licensed advisor before making investment decisions.