Cross-chain bridges enable the transfer of assets and messages between independent blockchains. They are critical infrastructure in a multi-chain world, but they are also the most attacked components in the blockchain ecosystem. Billions of dollars have been lost to bridge exploits. Understanding bridge architecture and its security implications is essential for any project operating across multiple chains.
Bridge Architecture Patterns
Cross-chain bridges use several fundamental approaches to transfer value between chains:
- Lock-and-mint: Assets are locked in a smart contract on the source chain, and equivalent wrapped tokens are minted on the destination chain. When bridging back, wrapped tokens are burned and originals are unlocked. This is the most common pattern, used by Wrapped Bitcoin (WBTC) and many L2 bridges.
- Liquidity networks: Instead of minting wrapped tokens, bridges maintain native asset liquidity pools on each chain. Transfers are facilitated by liquidity providers who hold assets on both sides. Connext and Hop Protocol use this approach, offering faster settlement without wrapped token risk.
- Message passing: General-purpose bridges like LayerZero, Axelar, and Wormhole relay arbitrary messages between chains, enabling not just token transfers but cross-chain contract calls and data synchronisation.
Validator and Verification Models
The security of a bridge depends on how cross-chain messages are verified. External validator sets — a group of independent nodes that attest to events on the source chain — are the most common model but introduce trust assumptions. If a majority of validators are compromised, the bridge can be drained. Optimistic verification, used by bridges like Nomad, assumes messages are valid unless challenged within a dispute period, similar to optimistic rollups. Light client verification embeds a light client of the source chain on the destination chain to cryptographically verify state proofs without trusting external parties. This is the most trustless approach but is technically complex and gas-intensive.
Security Lessons from Bridge Exploits
Bridge exploits have caused some of the largest losses in DeFi history. The Ronin bridge hack ($625M) exploited compromised validator keys, with an attacker gaining control of 5 out of 9 validators. The Wormhole exploit ($320M) stemmed from a signature verification bug that allowed forged messages. The Nomad bridge hack ($190M) resulted from an initialisation error that allowed any message to be treated as valid. These incidents highlight recurring themes: validator key management is critical, smart contract bugs in verification logic are catastrophic, and bridge contracts holding large amounts of locked assets are high-value targets that attract sophisticated attackers.
Building Secure Bridges
If your project requires cross-chain functionality, prefer using established bridge protocols over building custom infrastructure. If building a bridge is necessary, implement defence in depth: use multiple independent verification methods, enforce rate limits and maximum transfer amounts, implement monitoring and alerting for anomalous activity, and conduct extensive audits from multiple firms. Consider protocol-level insurance or reserves to cover potential losses. At Born Digital, we advise blockchain projects on cross-chain strategy, helping them select appropriate bridge solutions and implement the security measures necessary to protect users and assets.