Cross-chain bridges have hemorrhaged more money than any other category in DeFi. The Ronin Bridge (Axie Infinity): $625 million. Wormhole: $320 million. Nomad: $190 million. Multichain: $126 million. Harmony Horizon: $100 million. The total losses from bridge exploits since 2020 are estimated north of $2.5 billion — more than all other DeFi hacks combined in the same period according to Chainalysis data.
The community has broadly accepted this as a “known difficult problem.” But what specifically makes bridges so hard? And why do the solutions proposed so far — more audits, multisig delays, canonical bridges — only partially address the underlying vulnerability model?
What Is a Cross-Chain Bridge?
A bridge lets users move assets from one blockchain to another. In theory, this seems straightforward. In practice, it runs directly into one of the fundamental constraints of blockchains: each chain is its own closed world.
Bitcoin doesn’t natively know anything about Ethereum. Ethereum doesn’t natively know about Solana. Each chain maintains its own ledger and executes its own rules, with no direct communication channel to other chains.
To move, say, ETH from Ethereum mainnet to Arbitrum, you can’t actually “move” the ETH — you lock it on Ethereum and issue a synthetic representative on Arbitrum. The two are linked by trust in the bridge’s claim that the lockup happened. When you exit, the synthetic is burned and the locked ETH is released.
This trust dependency is the root of every bridge hack.
How Bridge Designs Work (and Fail)
External validator bridges:
The original approach. A set of validators watches events on the source chain (e.g., Ethereum deposits) and signs messages authorizing the corresponding mint on the destination chain (e.g., Solana). If a majority of validators sign a fraudulent message — because they were compromised, bribed, or the signing keys were stolen — the bridge mints arbitrary amounts of the synthetic asset without any real backing.
This is what happened to the Ronin Bridge. Ronin used 9 validators and required 5 signatures. Lazarus Group (North Korea’s state hacking unit) compromised 5 validator keys over several months. With those keys, they simply signed fraudulent withdrawal messages for $625M in ETH and USDC. There was no on-chain detection; the fraud only became apparent when a user tried to withdraw 5,000 ETH and found the bridge drained.
The vulnerability: external validator security reduces to the security of the validator keys. If those keys are on hot servers with insufficient security practices, they’re a target.
Optimistic bridges (fraud proof model):
Rather than requiring immediate consensus, optimistic bridges assume transactions are valid unless someone submits a fraud proof within a challenge window (typically 7 days). Think Ethereum’s optimistic rollup design generalized to cross-chain.
Advantages: eliminates the need for constant validator consensus. Security degrades gracefully — you only need one honest watcher to submit a fraud proof.
Disadvantages: 7-day withdrawal delays are bad UX. And if no one is actively watching for fraud proofs (because it’s unprofitable or the bridge is low enough value), the fraud proof mechanism fails in practice.
ZK bridges (validity proof model):
Instead of assuming validity or requiring manual fraud proofs, ZK bridges generate a cryptographic proof that a state transition on the source chain actually occurred. This proof can be verified by a smart contract on the destination chain — no trusted validators needed.
This is the current frontier. Projects like Succinct’s SP1, Polyhedra, zkBridge, and others are building ZK-verified cross-chain messaging. The challenge: ZK proof generation is computationally expensive and currently slow. Practical ZK bridges remain limited to high-value, high-throughput routes.
Canonical bridges:
Every major L2 (Optimism, Arbitrum, Base, zkSync, etc.) ships a “canonical bridge” — the first-party, officially supported bridge between the L2 and Ethereum mainnet. Canonical bridges don’t require custom validators or third-party trust; they use the L2’s own fraud proof or validity proof mechanism to verify withdrawals on Ethereum.
Canonical bridges are generally the most secure option. But they have the same UX problems as optimistic rollups: 7-day withdrawals on optimistic L2s. Fast withdrawals require liquidity providers who take on the bridge risk themselves and charge fees.
Why Audits Don’t Fully Solve It
The Nomad bridge was audited. The Wormhole bridge was audited. Post-mortem analyses in both cases revealed that the audits missed the specific vulnerability that was exploited.
This is not because auditors are incompetent. Bridge code is extraordinarily complex — it interacts with multiple chains, multiple virtual machines, and must handle an enormous variety of edge cases in state transitions across systems that weren’t designed to talk to each other. The attack surface is large and much of it is operationally emergent — it appears in how the deployed system behaves under adversarial conditions, not in how the code reads in isolation.
The Nomad hack had a specific character worth understanding: it was exploitable without any special knowledge of the contract. Once the initial exploit was discovered (by the attacker), it became publicly replayable — anyone who understood what was happening could copy-paste the transaction to drain their own portion. The result was a chaotic free-for-all where hundreds of wallets drained Nomad simultaneously in less than an hour. The root cause was a routine upgrade that accidentally initialized a “trusted root” value to zero, making any message appear valid.
No audit will catch the interaction between a legitimate upgrade procedure and a subtle initialization order dependency that only becomes dangerous after deploying to production.
The North Korea Factor
A significant fraction of bridge hacks — including Ronin, Harmony Horizon, and portions of others — have been attributed to DPRK-linked hacking groups, primarily Lazarus and its sub-groups. The FBI, Chainalysis, and the UN Panel of Experts on North Korea have all published evidence of ongoing campaigns.
The attack methodology is usually not a pure code exploit. It begins with social engineering: spear-phishing developers and security teams, creating fake job offers on LinkedIn, and gradually building access to internal systems and key material over weeks or months before executing the actual fund drain. The $625M Ronin hack was reportedly enabled by a PDF sent to an Axie Infinity developer that contained malicious code.
This reframes the bridge security problem partially as an operational/OPSEC problem, not purely a smart contract security problem. Code can be perfect; if validator private keys live on internet-connected machines operated by developers who click phishing PDFs, they will be compromised.
Where This Leaves Things
The brutally honest picture: bridges are necessary infrastructure — DeFi can’t function as a multi-chain ecosystem without them — but they represent a persistent and substantial risk category.
What reduces risk today:
- Canonical L2 bridges for moves between Ethereum and its own rollups (Arbitrum, Optimism, Base)
- Third-party bridges with strong security practices: time locks, multisig with hardware keys, bug bounties, delayed withdrawals
- Avoiding bridges for large values when alternatives exist (accepting the UX cost of canonical bridges)
What may help longer-term:
- ZK-verified bridges reducing trust to cryptographic proofs rather than key security
- Better key management standards and operational security across bridge teams
- Insurance protocols and coverage for bridge users
What won’t fully solve it:
- Audits alone
- More validators (compromising 5 of 9 vs. 8 of 15 is a marginal security improvement against state-sponsored attackers)
- Faster bridges (generally trade security for speed)
The pattern across bridge hacks is consistent: complex trust assumptions, underfunded security practices, and adversaries who operate with nation-state resources and patience. Until ZK proofs are cheap enough to deploy broadly and operational security practices improve dramatically, bridge hacks will continue to be a cost of cross-chain interaction.
Sources
- Chainalysis (2022). Crypto Crime Report — Bridge Hacks — data on magnitude of bridge hack losses versus other DeFi categories.
- FBI (2022). North Korea Lazarus Group Responsible for Ronin Bridge Hack — attribution of the $625M Ronin hack.
- Nomad Bridge exploit post-mortem (2022) — technical analysis of the replayable exploit.
- Wormhole post-mortem analysis — analysis of the $320M Wormhole exploit.
- Vitalik Buterin on cross-chain bridges (2022) — early articulation of why cross-chain bridges have fundamental security limitations beyond what code audits can fix.
- Succinct SP1 ZK bridge documentation — example of ZK-verified bridge infrastructure documentation.