How Cross-Chain Bridges Work
Blockchains are isolated systems—Ethereum can't natively verify what happens on Solana. Bridges solve this by creating mechanisms to verify and relay information between chains, enabling asset transfers and cross-chain messaging.
The core challenge: how do you prove to Chain B that something happened on Chain A, without Chain B trusting a centralized party? Different bridges answer this differently, each with security/speed/cost tradeoffs.
User deposits assets into bridge contract on source chain
Validators/oracles confirm the transaction happened
User receives equivalent assets on destination chain
Types of Bridge Architecture
Native/Canonical Bridges
Official bridges built into the protocol. Example: Arbitrum's native bridge, Optimism's gateway. Highest security because they inherit L1 security, but slowest (7-day withdrawals on optimistic rollups).
Externally Verified (Multisig/Oracle)
External validators confirm transactions. Example: Wormhole uses 19 Guardians, Multichain used validators. Fast but requires trusting the validator set not to collude.
Optimistic Bridges
Assume transactions are valid unless challenged within a window. Example: Across uses UMA's optimistic oracle. Trust-minimized but requires economic security and challenge period.
Intent-Based / Liquidity Networks
Users express intent, relayers/solvers compete to fill. Example: Across, Connext, Squid. Fastest UX as relayers front liquidity, settlement happens asynchronously.
Bridge Protocol Comparison
LayerZero
Security Model: Decentralized Verifier Networks (DVNs). Applications choose their own security—Google Cloud, Polyhedra, Animoca run DVNs. OFT standard for fungible token bridging.
Wormhole
Security Model: 19 Guardian nodes (needs 13/19 to verify). Major validators include Jump, Everstake, Staked. Recovered from $320M hack. Portal bridge for token transfers.
Across Protocol
Security Model: Intent-based with UMA optimistic oracle for settlement. Relayers front liquidity for instant fills. Most trust-minimized third-party bridge. Lowest fees for ETH L2s.
Stargate (LayerZero)
Security Model: Built on LayerZero messaging. Unified liquidity across chains with Delta algorithm. Instant guaranteed finality. STG token for governance and LP rewards.
Security Risks & Historical Hacks
Major Bridge Exploits
Ronin Bridge (March 2022)
$625MNorth Korean hackers compromised 5/9 validator keys. Social engineering attack on Sky Mavis employees.
Wormhole (Feb 2022)
$320MSmart contract bug allowed minting unbacked wETH on Solana. Jump Crypto backstopped losses.
Nomad (Aug 2022)
$190MInitialization bug let anyone replay transactions. Chaotic hack by hundreds of copycats.
Multichain (July 2023)
$126MCEO arrested in China, MPC keys compromised. Centralized key management failure.
Common Attack Vectors
Validator/Key Compromise
If attackers gain control of enough validators or keys, they can approve fraudulent transactions. Mitigate: decentralized validator sets, hardware security.
Smart Contract Bugs
Logic errors in bridge contracts enable unauthorized minting or withdrawals. Mitigate: multiple audits, formal verification, bug bounties.
Oracle Manipulation
If bridges rely on price oracles, manipulation can enable arbitrage exploits. Mitigate: TWAP oracles, multiple sources, circuit breakers.
Safe Bridging Best Practices
Before You Bridge
- Verify contract addresses: Only use official links. Bookmark legitimate bridge URLs. Check addresses on block explorers.
- Start with test transactions: Bridge a small amount first. Verify receipt before sending more.
- Check bridge status: Look for announcements about maintenance, congestion, or security issues.
- Research security model: Understand who can approve your transaction. More decentralized = more secure.
During & After Bridging
- Monitor transaction: Don't leave the page until confirmed. Save transaction hash for support.
- Split large amounts: Never bridge your entire portfolio at once. Use multiple bridges and transactions.
- Verify received assets: Check you received the correct token, not a fake/scam token.
- Revoke approvals: After bridging, revoke unnecessary token approvals to limit exposure.
Advanced Bridging Strategies
Bridge Aggregators
Use aggregators like Li.Fi, Socket, or Bungee to compare routes across multiple bridges. They find optimal paths for cost, speed, and security. Always verify the underlying bridge being used.
CEX as a Bridge
For large amounts, centralized exchanges can be safer than bridges. Deposit on source chain, withdraw on destination. Adds KYC but removes smart contract risk for that transaction.
Native Bridge for Security
For maximum security on rollups, use the canonical bridge despite the wait. Bridge assets you don't need immediately via the 7-day path while using fast bridges for active trading capital.
Interactive Bridge Comparison
Use this tool to compare bridge protocols, understand their security models, and estimate bridging costs across different routes.
Security Model
Oracle + Relayer
Bridge Cost Estimator
Bridge Safety Checklist
- • Always verify contract addresses before approving
- • Start with small test transactions
- • Check bridge status on official channels during congestion
- • Understand the trust assumptions of your chosen bridge
Related Articles
Layer 2 Ecosystem Trading
Trade across L2s with understanding of bridge dynamics.
Solana DeFi Ecosystem
Bridge to Solana and explore its DeFi opportunities.
DeFi Composability Strategies
Stack protocols across chains for maximum yield.
Crypto Risk Management
Protect your portfolio from bridge and protocol risks.
Frequently Asked Questions
A cross-chain bridge is a protocol that lets you move crypto assets between different blockchains. Since blockchains can't natively communicate, bridges use various mechanisms (lock-and-mint, liquidity pools, messaging) to transfer value across chains while maintaining security.
No bridge is 100% safe—all involve tradeoffs. Native bridges (like Arbitrum's official bridge) are most secure but slow. For third-party bridges, Across uses optimistic verification with UMA for trust-minimized security. LayerZero's DVN network and Wormhole's Guardian set provide different security models. Always verify the bridge is audited and has a track record.
Bridges hold large amounts of locked assets, making them attractive targets. They're complex systems connecting different security models. Common attack vectors include: validator key compromise (Ronin $600M), smart contract bugs (Wormhole $320M), and signature verification issues (Nomad $190M). Always check a bridge's security history before using.
Lock-and-mint bridges lock your original asset on the source chain and mint a wrapped version on the destination. Liquidity bridges use pre-existing pools on each chain for instant swaps. Liquidity bridges are faster but require pools; lock-and-mint can bridge any amount but relies on wrapped asset security.
Timing varies by bridge and route. Native bridges: 7 days (optimistic rollups). LayerZero/Wormhole: 2-15 minutes. Across/Connext: 30 seconds to 2 minutes. Intent-based bridges fill instantly with relayers, then settle later. Faster bridges often charge higher fees.