Blockchain Bridge Explained: How Cross-Chain Transfers Work

A blockchain bridge is a protocol that moves assets or data between two separate blockchains. Because blockchains do not communicate natively with each other, bridges are the infrastructure connecting ecosystems like Ethereum, Polygon, Solana, and Bitcoin. They are also the single largest attack surface in crypto: in 2022 alone, bridge exploits accounted for over $2 billion in losses.

Why bridges exist

Every blockchain is an isolated environment. ETH exists on the Ethereum network. SOL exists on the Solana network. There is no native mechanism for these chains to exchange assets or share state — they run on completely separate node sets with different consensus rules and different state machines.

This isolation creates friction for users and limits the composability of DeFi. A user holding ETH who wants to use a Solana DeFi protocol cannot do so directly. A Layer 2 network like Polygon or Arbitrum needs a bridge to move assets from Ethereum's mainnet onto the L2 and back. Bridges solve the cross-chain coordination problem — but they introduce new trust assumptions and security risks in doing so.

How bridges work

Lock-and-mint

The most common bridge design. When you bridge ETH from Ethereum to another chain:

1. You send your ETH to a bridge smart contract on Ethereum, where it is locked (held as collateral).
2. The bridge's validator network (or relay) detects the deposit event and reaches consensus that the lock occurred.
3. An equivalent amount of wrapped ETH (e.g., wETH) is minted on the destination chain and sent to your address there.

The wrapped token represents a claim on the locked original. To bridge back, you burn the wrapped token on the destination chain, which signals the bridge to unlock the original ETH on Ethereum.

The security of lock-and-mint bridges depends entirely on the bridge contract holding the locked assets — making it an extremely high-value target. The locked ETH in the Wormhole bridge contract was worth $320M at the time of its 2022 exploit.

Burn-and-mint

In a burn-and-mint design, the bridged token is the native representation on both chains — not a wrapped version. When you send a token from Chain A to Chain B:

1. The token is burned (destroyed) on Chain A.
2. The bridge mints an equivalent amount natively on Chain B.

This is more capital-efficient than lock-and-mint because there is no large locked collateral pool to attack. The risk instead lies in the bridge's ability to verify burn events on the source chain before minting on the destination — if that verification can be spoofed, an attacker can mint tokens without burning any.

Native cross-chain designs

Some newer projects are designed natively for cross-chain operation, using messaging protocols like LayerZero, Wormhole (post-exploit), or Axelar to pass verified messages between chains. These are not strictly bridges in the lock-and-mint sense — they are cross-chain communication layers that can trigger actions on multiple chains from a single transaction.

Trust assumptions

Every bridge sits on a spectrum of trustlessness — the degree to which you must trust a third party to behave honestly and securely.

Multi-signature bridges (trusted)

The simplest bridge design uses a multi-signature wallet controlled by a small set of known validators. For example, a 5-of-9 multi-sig means any 5 of 9 validators must sign to release locked funds. This is easy to build but creates clear attack vectors: compromise the private keys of 5 validators, and you can drain the bridge.

The Ronin bridge — used by the Axie Infinity game — operated as a 5-of-9 multi-sig. In March 2022, attackers compromised 5 validator keys (including one held by Axie developer Sky Mavis and one held by a third-party DAO that had forgotten to revoke a temporary signing permission) and drained 173,600 ETH and 25.5M USDC — worth approximately $625M at the time. It is the largest bridge exploit in history and remained undetected for six days.

Optimistic bridges

Optimistic bridges assume messages are valid by default and allow a dispute window during which fraud proofs can be submitted. If no valid fraud proof is submitted within the window, the message executes. This is similar in design to optimistic rollups. The tradeoff is latency: withdrawals from L2 to Ethereum using the native optimistic bridge typically take 7 days for the challenge period to close. Liquidity providers can offer faster exits for a fee.

ZK-proof bridges (trustless)

ZK-proof bridges use zero-knowledge cryptography to generate a mathematical proof that a specific event occurred on the source chain — without requiring trusted validators. Ethereum can verify the proof directly. This is the highest security model: no multi-sig to compromise, no majority validator set to corrupt. ZK bridges are computationally intensive and historically slower to prove, but ZK proof generation is becoming faster as the ecosystem matures.

Major bridge exploits

Bridge exploits represent the largest single category of crypto losses by value. The three largest in 2022:

Ronin Bridge — $625M (March 2022)

The Ronin bridge (supporting the Axie Infinity game on the Ronin sidechain) was secured by a 5-of-9 validator multi-sig. Attackers — later attributed by the US Treasury to the North Korean Lazarus Group — compromised five validator private keys, forged withdrawal signatures, and drained 173,600 ETH and 25.5M USDC over two transactions. The hack was not discovered until six days later when a user reported an inability to withdraw funds. Sky Mavis raised $150M to reimburse users.

Wormhole — $320M (February 2022)

Wormhole is a cross-chain messaging protocol connecting Ethereum, Solana, and other chains. An attacker exploited a signature verification bug in the Solana-side smart contract that allowed them to spoof guardian signatures — effectively forging proof that 120,000 wETH had been deposited on Ethereum, then minting 120,000 wETH on Solana without any actual collateral. Jump Trading (a Wormhole backer) covered the loss to maintain solvency. The bug was a failure to validate a deprecated system call that was still present in the deployed code.

Nomad — $190M (August 2022)

The Nomad bridge suffered a chaotic exploit following a routine contract upgrade that accidentally set a zero hash as a trusted root — meaning any message claiming to be valid was accepted as valid. Once one attacker discovered the bug, hundreds of copycats followed, submitting arbitrary withdrawal transactions that drained the bridge in a decentralized free-for-all. The exploit required no special technical skill after the initial discovery — just copying and modifying the original attacker's transaction.

How to evaluate bridge security

When a whitepaper or protocol documentation describes a cross-chain bridge, the key security questions are:

• Validator set — how many validators must be compromised to steal funds? A 5-of-9 multi-sig is much weaker than a 100-validator proof-of-stake system. Are the validators publicly known, or anonymous?
• Verification mechanism — is cross-chain state verified by trusted parties, optimistic fraud proofs, or ZK proofs? ZK proofs offer the strongest security guarantees.
• Audit history — has the bridge been audited? Are reports public? Wormhole and Nomad were both audited and still exploited — audits are necessary but not sufficient.
• TVL and target size — a bridge holding $2 billion in locked assets is a more attractive target than one holding $10 million. Higher TVL without commensurate security investment increases risk.
• Emergency pause capability — can the bridge be paused quickly if an exploit begins? The Ronin hack went six days undetected partly because there was no automated anomaly detection or circuit breaker.

Bridges in the DeFi ecosystem

Bridges are a necessary part of a multi-chain DeFi ecosystem, but they represent structural risk that users often underestimate. When you hold wrapped ETH on an L2 or sidechain, you are not holding ETH — you are holding a claim on ETH secured by the bridge contract's security model. If that bridge is exploited, your wrapped tokens can become worthless even if your wallet is never touched.

The safest approach for individual users: use native bridge infrastructure operated by the chain itself (e.g., Polygon's official Ethereum bridge, Arbitrum's canonical bridge) rather than third-party bridges chasing higher yields or faster withdrawals. Native bridges are typically more conservatively designed and have the team's full security focus.

Related projects on ChainClarity

• Ethereum — the settlement layer that most major bridges anchor to for security
• Polygon — runs a canonical bridge to Ethereum and a ZK-based bridge as part of its zkEVM stack
• Chainlink — CCIP (Cross-Chain Interoperability Protocol) is Chainlink's bridge and cross-chain messaging standard
• Layer 2 — L2s use bridge contracts to settle proofs and enable asset movement between the L2 and Ethereum mainnet
• Smart contracts — all bridge logic is implemented in smart contracts; bridge security is a subset of smart contract security