A blockchain bridge is a protocol that connects two or more separate blockchains, allowing users to transfer tokens, NFTs, and data between networks that otherwise cannot communicate with each other. Bridges are critical infrastructure for the multi-chain ecosystem, enabling assets minted on Ethereum to be used in DeFi on Polygon, Avalanche, Solana, or any other supported chain.
How It Works
Most bridges follow one of two core mechanisms:
Lock-and-Mint: A user deposits (locks) assets into a smart contract on the source chain. The bridge protocol then mints equivalent “wrapped” tokens on the destination chain. When the user wants to return, the wrapped tokens are burned and the originals are unlocked. Example: Wrapped Bitcoin (WBTC) on Ethereum.
Burn-and-Mint: Assets are burned (destroyed) on the source chain, and the bridge mints native tokens on the destination chain. This is used when the token has native deployments on multiple chains. Example: Circle’s Cross-Chain Transfer Protocol (CCTP) for USDC.
Security Models
| Model | How It Works | Trust Assumption | Examples |
|---|---|---|---|
| Trusted (Multisig) | A committee of validators signs off on cross-chain messages | Trust the validator set (often 3-of-5 or 5-of-8) | Multichain (defunct), Ronin Bridge |
| Optimistic | Messages are assumed valid; watchers can submit fraud proofs during a challenge window | At least one honest watcher | Across, Nomad (exploited) |
| ZK / Validity | Cryptographic proofs verify cross-chain state without trust assumptions | Math (proof verification on-chain) | zkBridge, Succinct |
| Natively Verified | The destination chain runs a light client of the source chain | Source chain consensus | IBC (Cosmos), Polkadot XCMP |
Trusted vs. Trustless
Trusted bridges rely on an external validator set—if those validators are compromised, funds are at risk. Trustless bridges use cryptographic proofs or on-chain light clients, removing human trust but adding complexity and cost. The industry is moving toward trustless designs after a wave of devastating exploits on trusted bridges.
History
- 2020 — Wrapped Bitcoin (WBTC) became the dominant bridge for bringing Bitcoin liquidity to Ethereum DeFi.
- 2021 — Polygon Bridge, Avalanche Bridge, and Arbitrum Bridge launched as Layer 2 and sidechain adoption surged.
- 2022 — Wormhole bridge exploited for $320 million due to a signature verification bug on Solana.
- 2022 — Ronin Bridge (Axie Infinity) hacked for $625 million by North Korea’s Lazarus Group, the largest bridge exploit in history.
- 2022 — Nomad Bridge drained of $190 million in a chaotic “crowd-looting” exploit after a misconfigured upgrade.
- 2023 — Circle launched CCTP for native USDC transfers, avoiding wrapped-token risk.
- 2023 — LayerZero and Chainlink CCIP launched as generalized cross-chain messaging protocols.
- 2024 — Chainlink CCIP gained adoption among institutions for secure cross-chain token transfers.
Common Misconceptions
“Bridged tokens are the same as native tokens.”
Wrapped or bridged tokens are IOUs backed by locked assets on the source chain. If the bridge is exploited, bridged tokens can become worthless even though the “real” token is fine. Always check whether you hold native or bridged assets.
“All bridges are equally risky.”
Security varies enormously. A multisig bridge with 3 signers is fundamentally different from a ZK-verified bridge. Users should evaluate the trust model before bridging significant value.
“Bridges are only for moving tokens.”
Modern bridges like LayerZero, Wormhole, and Chainlink CCIP support arbitrary cross-chain messaging, enabling multi-chain governance, cross-chain lending, and synchronized state across networks.
Criticisms
- Bridges have been responsible for over $2 billion in losses from exploits between 2021 and 2024, making them the single largest attack vector in crypto.
- Many bridges rely on small multisig committees that represent single points of failure, undermining the decentralization of the chains they connect.
- Wrapped assets fragment liquidity—multiple incompatible versions of the same token exist across chains, confusing users and splitting markets.
- Bridge UX remains complex for average users, requiring chain switching, gas on multiple networks, and understanding of wrapped vs. native assets.
- Vitalik Buterin has argued that the multi-chain future faces “fundamental limits of bridge security,” suggesting that cross-chain activity carries irreducible risk.
Social Media Sentiment
Bridge security is a perennial hot topic on r/CryptoCurrency and r/ethereum, especially after major exploits. r/defi discussions frequently warn about wrapped-token risk and recommend native transfers via CCTP where possible. On X (Twitter), bridge exploit post-mortems generate massive engagement, and “bridges are the weakest link” has become a common refrain. Sentiment is cautious—users generally prefer L2 bridges with L1 security inheritance over independent cross-chain bridges.
Related Terms
See Also
- Oracle — Off-chain data feeds, related to cross-chain messaging infrastructure
- DEX — Decentralized exchanges that increasingly offer cross-chain swaps
- Wallet — Where bridged assets are stored and managed
Research
- Zamyatin, A., Harz, D., Lind, J., Panayiotou, P., Gervais, A., & Knottenbelt, W. (2019). XCLAIM: Trustless, Interoperable, Cryptocurrency-Backed Assets. IEEE Symposium on Security and Privacy. IEEE.
- Wormhole Foundation. (2022). Wormhole Exploit Post-Mortem: $320M Vulnerability Report. Wormhole Foundation.
- Sky Mavis. (2022). Ronin Network Compromise Post-Mortem. Sky Mavis.
- Buterin, V. (2022). Why the Future Will Be Multi-Chain, But It Will Not Be Cross-Chain. EthResear.ch.
- Robinson, D., & Konstantopoulos, G. (2020). Ethereum Is a Dark Forest. Medium.
- Rug Pull — A risk vector when using unaudited bridges