Bridges and cross-chain infrastructure

The multi-chain problem

In 2018, almost everything in crypto happened on Ethereum. There was Bitcoin and there was Ethereum, and the two did not really talk to each other. The few alternatives (Litecoin, ZCash, Monero) were variations on Bitcoin. The ecosystem was simple.

In 2026, the situation is different. Most blockchain activity is spread across a dozen major chains and dozens of layer 2 networks. Solana has billions in stablecoin volume. Arbitrum and Base have most of the DeFi activity that used to happen on Ethereum mainnet. Tron settles the majority of Tether volume globally. Each chain has its own users, applications, and assets.

This creates a problem. The chains cannot natively communicate with each other. The Bitcoin blockchain does not know what is happening on Ethereum. The Ethereum blockchain has no way to see Solana balances. Each chain is its own sealed system.

Bridges are the infrastructure that solves this. They are the smart contracts (or pairs of contracts) that let assets and messages move between chains. They are essential to the multi-chain world. They are also the most exploited piece of infrastructure in crypto history.

How a basic bridge works

The simplest bridge architecture is lock-and-mint. It has been used by most third-party bridges and powers many of the wrapped-token versions you see (WBTC, wstETH, etc.).

The mechanism: when you want to bridge an asset from chain A to chain B, you send the original asset to a smart contract on chain A. The contract locks it (holds it). A corresponding amount of a wrapped version of that asset is minted on chain B. The wrapped version represents your locked original.

When you want to bridge back, you send the wrapped version to a contract on chain B. The wrapped version is burned (destroyed). The original asset is unlocked and sent back to you on chain A.

This works in principle. The complication is verifying the cross-chain messages — chain A needs to know that the corresponding burn happened on chain B before unlocking your funds, and vice versa. Different bridges use different mechanisms for this verification, and the mechanism is exactly where most bridges have failed.

Why bridges keep getting hacked

The largest crypto hacks in history have almost all been bridge hacks. The list is striking:

• Ronin Bridge: $625M (March 2022). The bridge used a 5-of-9 validator scheme. Attackers compromised 5 of the 9 validators and forged a withdrawal.
• Poly Network: $611M (August 2021). Smart contract bug let the attacker bypass the validation checks. Most funds were eventually returned.
• Wormhole: $325M (February 2022). Smart contract vulnerability let the attacker mint wrapped tokens on Solana without locking the originals on Ethereum.
• Nomad: $190M (August 2022). A buggy upgrade let anyone effectively forge withdrawals — multiple unrelated attackers piled in to drain it.
• Harmony Horizon: $100M (June 2022). Compromised multisig keys.

The pattern is consistent. Bridges hold large pools of locked assets — the source-chain side of every wrapped position. They use multi-party validation schemes that can be compromised through key theft or social engineering. They use complex smart contract logic that has bugs that attackers exploit. They sit between chains in ways that create unique attack surface.

By total dollars stolen, bridges are the single largest source of crypto theft. The total across major bridge hacks alone exceeds $2.5 billion.

The three architectures

Bridges fall into roughly three categories with different security tradeoffs.

Lock-and-mint bridges. The classic architecture, described above. Most third-party bridges (Wormhole, the now-defunct Ronin, the original Nomad design) used this model. The security depends on the validator set or the smart contract that controls minting. Both have been repeatedly compromised.

Liquidity-network bridges. Newer designs (Hop, Across, Stargate) use a different approach. They maintain liquidity pools on multiple chains. When you bridge, you send tokens to the pool on chain A and receive tokens from the pool on chain B. There is no minting of wrapped tokens — you are essentially swapping at the bridge protocol level. This eliminates some attack vectors but introduces others (slippage, pool imbalance).

Native rollup bridges. When you bridge between Ethereum mainnet and an L2 like Arbitrum, Optimism, or Base, the bridge is part of the rollup's own architecture. The security comes from the same mechanism that secures the rollup itself — fraud proofs (for optimistic rollups) or validity proofs (for zk-rollups). These bridges are structurally safer than third-party bridges because they inherit the underlying L1's security.

The tradeoff for native rollup bridges is the withdrawal delay. Optimistic rollup native bridges have a 7-day window for withdrawals back to mainnet. This is the security feature, not a bug.

The newer generation

Chainlink CCIP, launched in 2023, represents a more security-focused generation of cross-chain infrastructure. It uses Chainlink's existing decentralized oracle network as the messaging layer, with multiple independent risk-management networks layered on top. Major institutional players including SWIFT have tested it.

The bet on CCIP and similar newer bridges (LayerZero, Axelar) is that the lessons from the 2021-2022 bridge hacks have been learned, and the new architectures are substantially more secure. The track record is still being built, but the early indicators are positive.

Practical safety framework

When you need to bridge assets, the practical hierarchy of safety:

1. Native rollup bridges first. For moving between Ethereum mainnet and any L2 (Arbitrum, Optimism, Base, etc.), use the official bridge for that L2. Accept the 7-day withdrawal window for security.

2. Established liquidity networks for L2-to-L2. Hop, Across, and similar protocols have multi-year operational track records moving assets between L2s. The amounts and pools are smaller than the older bridges that got hacked, but reasonable for transactions in the four-figure to low-six-figure range.

3. Be cautious with cross-ecosystem bridges. Moving between Ethereum and Solana, or Ethereum and Cosmos, etc., requires bridges that are intrinsically harder to secure. Use only for amounts you can afford to lose, and prefer the newer CCIP-based bridges over the older Wormhole-style ones.

4. Avoid newer or unaudited bridges for meaningful balances. New chains often have new bridges with limited operational history. The yields and incentives can be attractive, but the security risk is higher than you can easily assess.

5. For institutional-scale amounts, use OTC desks or specialized providers. Bridging $10M of stablecoins is not the same problem as bridging $1,000. Specialized providers exist for institutional cross-chain moves and provide better security and execution than self-service bridges.

What bridge hacks teach us

The cumulative bridge hack history is the clearest argument for being cautious about which infrastructure you trust with meaningful balances. It is not that crypto is insecure. The base blockchains (Bitcoin, Ethereum, etc.) have operated without breach for over a decade. The protocols built on top (Uniswap, Aave, Compound) have similarly clean records.

It is the inter-chain layer — the infrastructure that connects chains — that has been the hardest to secure and the most often exploited. Bridges sit at the intersection of multiple chains, with no single chain providing complete security guarantees. The complexity and the value held create unique attack incentives.

The protocols that have learned this lesson — including the major L2 native bridges and the newer CCIP-style designs — are markedly more secure than the older bridge generation. The protocols that have not learned it tend to repeat the same kinds of failures.

The practical takeaway

Bridges are essential infrastructure for the multi-chain world. Use them. But use them with respect for the operational risk they carry.

For everyday users: stick with native L2 bridges and major liquidity networks. Treat smaller third-party bridges as higher-risk infrastructure.

For institutional or large-balance use: prefer the newer security-focused bridges (CCIP, LayerZero) or specialized OTC providers. The convenience of self-service bridging is not worth the operational risk at scale.

The next module covers oracles — the infrastructure that brings real-world data on chain. Like bridges, oracles are essential infrastructure that lives between systems. Unlike bridges, oracles have had cleaner operational history because the dominant player (Chainlink) got the architecture right early.