Bridges and Cross-Chain Transfers
The Problem: Isolated Blockchains
Ethereum, Solana, Avalanche, and Arbitrum each maintain their own independent ledger. There is no built-in mechanism for one chain to verify what happened on another. If you hold ETH on Ethereum but want to use a DEX on Arbitrum, you need a way to move that value across chains.
This is what bridges do.
How Lock-and-Mint Bridges Work
The most common bridge design:
- Lock: You send 1 ETH to a bridge smart contract on Ethereum. The contract locks your ETH.
- Verify: The bridge's off-chain validators (or relayers) observe the deposit and confirm it happened.
- Mint: The bridge's contract on the destination chain (e.g., Arbitrum) mints 1 "Wrapped ETH" — a synthetic token that represents a claim on the locked ETH.
- Redeem: When you want to return, you burn the wrapped token on Arbitrum. The bridge unlocks your original ETH on Ethereum.
The critical assumption: the wrapped token is only valuable if the locked ETH on Ethereum actually exists and the bridge contract is secure.
Why Bridges Are the Biggest Hack Targets
Bridge contracts are honeypots. They custody enormous amounts of locked tokens in a single contract. If an attacker finds one vulnerability, they drain the entire pool.
| Bridge Hack | Date | Amount Stolen | Attack Vector |
|---|---|---|---|
| Ronin (Axie Infinity) | Mar 2022 | $625M | Compromised 5 of 9 validator keys |
| Wormhole | Feb 2022 | $320M | Forged a validation signature on Solana |
| Nomad | Aug 2022 | $190M | Faulty Merkle root allowed anyone to drain funds |
| Harmony Horizon | Jun 2022 | $100M | Compromised 2 of 5 multisig signers |
The pattern: most bridge hacks target the validation layer — the mechanism that decides whether a deposit on Chain A actually happened before releasing funds on Chain B.
Bridge Architectures Compared
Validator/Multisig Bridges (e.g., Wormhole, Multichain): A committee of validators watches both chains. Security depends on how many validators an attacker must compromise. If only 2-of-5 signatures are needed (like Harmony), a single compromised team is enough.
Optimistic Bridges (e.g., Across, native L2 bridges): Assume transactions are valid unless challenged. A single honest watcher can flag fraud within a challenge window (typically 7 days). More secure but slower.
ZK Bridges (emerging): Use zero-knowledge proofs to mathematically verify a transaction occurred on Chain A without trusting any validators. This is the most trust-minimized approach but is still early-stage.
Practical Advice
- Use native L2 bridges when possible. The Arbitrum, Optimism, and Base native bridges inherit Ethereum's security. The trade-off is speed — optimistic rollup withdrawals take 7 days.
- For speed, use audited third-party bridges. Across and Stargate have strong security track records. Always check their audit history.
- Never bridge more than you need. Bridges are inherently riskier than staying on a single chain. Minimize exposure.
- Check wrapped token liquidity. If a bridge is compromised, wrapped tokens become worthless instantly. Wrapped tokens with deep DEX liquidity are safer because you can exit faster.
Key takeaways
- Bridges enable cross-chain transfers by locking tokens on one chain and minting representations on another.
- Bridge contracts hold massive pools of locked assets, making them the highest-value targets in crypto.
- Bridge security depends on the validation mechanism: multisig (weakest), optimistic (medium), ZK proofs (strongest).
- Native L2 bridges are the safest option for Ethereum-to-L2 transfers, at the cost of speed.
Quiz: Bridges and Cross-Chain Transfers
1 / 5Why can't you simply send ETH from Ethereum to Solana?