Bridges: The Weakest Link in DeFi

1. The scale of the problem: bridges vs. the rest of DeFi

As of early 2026, the total value locked (TVL) across all DeFi protocols stands at approximately $123.6 billion. Cross-chain bridges account for a relatively modest share of this figure — typically under 10% at any given time. Yet when we look at the distribution of stolen funds across DeFi categories since 2021, bridges dominate with over 50% of all losses.

This disproportionate vulnerability is not a coincidence. It stems from the fundamental architecture of bridges. Unlike a lending protocol or a DEX, which manages risk through overcollateralization or liquidity pool mechanics, a bridge must serve as a custodian of assets on the source chain while simultaneously minting or releasing assets on the destination chain. This dual-chain responsibility creates multiple attack surfaces: the locking contract on chain A, the minting contract on chain B, the validator or relayer set that communicates between them, and the governance mechanism that controls upgrades.

Every one of these surfaces has been exploited at least once in the past five years. The result is a category of infrastructure where a single vulnerability can — and repeatedly has — resulted in losses exceeding half a billion dollars in a single incident. For a comprehensive view of all major losses, see our guide to the biggest crypto hacks in history.

2. A history of bridge hacks: 2021–2025

Understanding the present requires examining how we got here. The history of bridge exploits reads like a catalogue of escalating sophistication, from early smart contract logic errors to state-sponsored key compromise operations.

2021: Poly Network — $610 million

The first mega-exploit in bridge history occurred in August 2021 when an attacker exploited a vulnerability in Poly Network's cross-chain message verification. The attacker was able to craft a malicious cross-chain message that tricked the bridge's contracts on Ethereum, BSC, and Polygon into releasing $610 million in locked assets. The vulnerability lay in the bridge's access control logic: the attacker found a way to replace the designated keeper of the contract with their own address, effectively giving themselves administrative control over the bridge's funds.

In an unusual twist, the attacker — who called themselves "Mr. White Hat" — returned nearly all of the stolen funds over the following days, claiming the hack was conducted to highlight the security flaw. Poly Network even offered them a role as a security advisor. While the funds were returned, the incident served as a wake-up call for the entire industry: bridge contracts holding hundreds of millions of dollars were vulnerable to logic errors that had gone undetected through audits.

2022: Ronin ($625M) and BNB Bridge ($570M)

The year 2022 marked the peak of bridge exploitation, with two incidents that together accounted for nearly $1.2 billion in losses.

Ronin Bridge — $625 million (March 2022). The Ronin sidechain, built for the play-to-earn game Axie Infinity by Sky Mavis, used a validator set of 9 nodes to authorize cross-chain withdrawals. The bridge required 5-of-9 signatures to process transactions. North Korea's Lazarus Group, operating through sophisticated social engineering, compromised 5 of the 9 validator private keys. Four keys were obtained through a targeted phishing campaign against Sky Mavis employees, and a fifth was available through a legacy governance arrangement with the Axie DAO that had not been revoked after it was no longer needed.

The attackers used the compromised keys to authorize two massive withdrawals: 173,600 ETH and 25.5 million USDC. The breach went undetected for six days — it was only discovered when a user attempted a large withdrawal and found the bridge lacked sufficient funds. The Ronin hack remains the largest bridge exploit in history and demonstrated that multisig security is only as strong as the operational security of its key holders.

BNB Bridge — $570 million (October 2022). An attacker exploited a vulnerability in the BSC Token Hub, the bridge connecting BNB Beacon Chain and BNB Smart Chain. The attacker forged proof messages to trick the bridge into minting 2 million BNB tokens (worth approximately $570 million) that were not backed by any corresponding deposit. While the attacker initially obtained the full amount, the BNB Chain team coordinated with validators to temporarily halt the chain and limit the damage. The attacker managed to bridge approximately $127 million to other chains before the halt.

2023: Multichain — $125 million and the centralization failure

The Multichain incident of July 2023 exposed a different category of bridge risk: centralization and key-person dependency. Multichain (formerly AnySwap) was one of the most widely used cross-chain bridges, processing billions in transfers across dozens of chains. On July 6, 2023, approximately $125 million was drained from Multichain's bridge contracts on Fantom, Moonriver, and Dogechain.

The root cause was not a smart contract exploit but a governance and custody failure. It emerged that Multichain's CEO, Zhaojun He, had personal custody of the critical server infrastructure and multiparty computation (MPC) keys. When Chinese authorities detained Zhaojun in May 2023, the team lost access to the operational infrastructure needed to maintain the bridge. The $125 million drain appeared to be related to the compromise of these centralized keys, though the exact chain of events remains disputed.

Multichain's collapse was a watershed moment for bridge design philosophy. It demonstrated that even a protocol processing billions in volume could have a single point of failure hidden behind the appearance of decentralization. The MPC key setup, which was supposed to distribute trust, was in practice controlled by one person.

2024–2025: Orbit Chain — $81 million

On New Year's Eve 2023 (December 31), Orbit Chain suffered an exploit resulting in the loss of approximately $81 million. The attack targeted the bridge's multisig authorization system, which required 7 of 10 signers to approve transactions. The attacker compromised enough keys to meet this threshold and drained the bridge of ETH, DAI, USDT, and USDC.

The Orbit Chain hack reinforced the lesson of Ronin: multisig bridges are fundamentally limited by the security of their key holders. Whether the threshold is 5-of-9 or 7-of-10, if an attacker can compromise enough signers through social engineering, phishing, or operational security failures, the mathematical guarantees of the multisig scheme become irrelevant. This realization has driven the industry toward trustless and zero-knowledge proof-based verification models.

3. Q1 2026: the bleeding continues

The first quarter of 2026 has already produced significant bridge-related losses, demonstrating that the problem is far from solved. According to data tracked by CleanSky from on-chain security monitors and incident reports, the following bridge and cross-chain exploits occurred in Q1 2026. For broader context on recent losses, see our Crypto Security Report 2025–2026.

The combined Q1 2026 losses exceed $371 million, putting the year on pace to rival 2022 as the worst year for bridge security. The Trezor incident, while technically a social engineering attack rather than a bridge exploit, involved cross-chain laundering through THORChain — illustrating how bridge infrastructure is used on both sides of the exploit equation: as the target of attacks and as the laundering tool afterward.

CrossCurve: anatomy of the expressExecute vulnerability

The CrossCurve exploit of Q1 2026 is worth examining in detail because it illustrates a class of vulnerability that remains common across bridge architectures: insufficient validation of external calls in fast execution paths.

CrossCurve implemented an expressExecute function designed to provide near-instant bridging by allowing approved relayers to front liquidity while the canonical cross-chain message was still in transit. The function accepted a payload containing the target contract address and calldata, which it would execute on behalf of the user. The vulnerability was that the function did not adequately validate the target contract or the calldata, allowing an attacker to craft a payload that redirected the liquidity pool's funds to their own address.

The attacker deployed a malicious contract that, when called by CrossCurve's expressExecute, invoked the bridge's own liquidity pool contracts to transfer funds. Because the call originated from CrossCurve's trusted relayer address, the liquidity pool contracts treated it as an authorized operation. The $3 million was drained in a single transaction and immediately dispersed across multiple chains.

This pattern — where a bridge's "express" or "fast" execution path bypasses the security checks of the canonical path — has appeared in multiple bridge exploits. The lesson is clear: every execution path must enforce the same level of validation, regardless of the trust assumptions about the caller. For guidance on evaluating contract security yourself, see How to verify smart contracts.

4. Three security models: trusted, trustless, and intent-based

Not all bridges are created equal. The industry has evolved through three distinct security models, each representing a different set of trade-offs between trust, speed, cost, and security. Understanding these models is essential for choosing the right bridge for your use case.

Model 1: Trusted (custodial) bridges

Trusted bridges rely on a centralized or semi-centralized set of validators to attest that a deposit was made on the source chain before releasing funds on the destination chain. The security of the system depends entirely on the honesty and operational security of these validators. The Ronin Bridge (5-of-9 multisig), Orbit Chain (7-of-10 multisig), and the original Multichain (MPC with centralized key custody) all fall into this category.

Advantages: Fast finality (typically minutes), low cost, simple implementation. Disadvantages: Single point of failure if enough validators are compromised. The history of bridge exploits shows that this model has been responsible for the majority of losses. If the validator set is small or the operators are not sufficiently diverse and geographically distributed, the bridge inherits the security properties of its weakest validator — not its strongest.

Model 2: Trustless bridges (DVN and ZK-bridges)

Trustless bridges aim to minimize or eliminate the need to trust any external party by using cryptographic verification to prove the validity of cross-chain messages. This category includes two major approaches:

Decentralized Verifier Networks (DVNs). Used by protocols like LayerZero V2, DVNs replace small multisig committees with larger, economically incentivized networks of verifiers. Messages are verified by multiple independent DVNs, and the application developer can configure which DVNs are required and what threshold is needed. This creates a more flexible and potentially more secure trust model, though it still depends on the economic incentives being sufficient to prevent collusion.

Zero-Knowledge bridges (ZK-bridges). ZK-bridges represent the strongest security guarantee currently available. Instead of relying on any set of validators, they use cryptographic proofs to mathematically verify that a transaction occurred on the source chain. The destination chain verifies this proof on-chain, meaning the security guarantee is equivalent to the security of the underlying cryptography — not the honesty of any human operator.

Model 3: Intent-based bridges

Intent-based bridges represent a fundamentally different approach. Instead of locking assets on chain A and minting on chain B, the user expresses an intent ("I want 1 ETH on Arbitrum") and a network of professional solvers competes to fulfill that intent. The solver who offers the best price and speed wins the order, fronts the liquidity on the destination chain from their own inventory, and is reimbursed from the user's deposit on the source chain after the cross-chain message is verified.

This model reduces the attack surface dramatically because there is no large pool of locked assets acting as a honeypot. The solver bears the risk during the brief settlement period, and the amount at risk at any given moment is limited to the solver's working capital on active orders rather than the bridge's total TVL. Across Protocol and deBridge are leading implementations of this model.

5. ZK-bridge technology: the future of cross-chain security

Zero-knowledge proofs are widely regarded as the endgame for bridge security. The core idea is elegant: instead of asking "do we trust the validators?", a ZK-bridge asks "can we mathematically verify the transaction?" If the proof is valid, the transaction is valid — regardless of who generated the proof.

Polyhedra Network and deVirgo

Polyhedra Network has emerged as a leading ZK-bridge infrastructure provider, building on several key technological innovations:

deVirgo (distributed prover). Generating ZK-proofs is computationally intensive. deVirgo distributes the proof generation workload across multiple machines, dramatically reducing the time and cost required to produce a proof. This makes ZK-bridges practical for production use, where users expect near-instant confirmations.

Recursive proofs. Rather than verifying every individual transaction, recursive proofs allow multiple transactions to be batched into a single proof, which itself can be verified by a single on-chain operation. This amortizes the gas cost of verification across many transactions, making the per-transaction cost comparable to — or even lower than — trusted bridge models.

Integration with restaking. Projects like EigenLayer and Lagrange are building ZK-coprocessor infrastructure that leverages Ethereum's validator set as an economic security layer. By requiring ZK-bridge operators to stake ETH (or restaked ETH) as collateral, these systems add an economic penalty for incorrect proofs on top of the cryptographic guarantee. Even if a mathematical breakthrough somehow compromised the ZK-proof system (an extremely unlikely scenario), the staked collateral would provide a backstop.

The combination of distributed proving, recursive proofs, and restaking-based economic security represents the most robust bridge security architecture available today. The main limitation is latency: generating ZK-proofs still takes longer than a simple multisig attestation, typically adding 10–30 minutes to the bridging process. For users who need instant finality, intent-based bridges with ZK-verified settlement offer a compelling hybrid.

6. Protocol comparison: leading cross-chain solutions in 2026

The following table compares the four most widely used cross-chain messaging and bridging protocols as of March 2026, evaluated across security model, verification mechanism, chain support, and notable security features.

No single protocol is universally "best." The right choice depends on the specific use case:

• LayerZero V2 excels in flexibility, allowing application developers to configure their own security parameters and choose from a marketplace of DVNs.
• Wormhole is well-suited for high-value institutional transfers where the Guardian network's established track record provides confidence.
• Axelar offers the deepest integration with the Cosmos ecosystem and general-purpose cross-chain computation capabilities.
• Hyperlane provides the most modular and permissionless approach, ideal for new chains or experimental deployments.

7. Where the money flows: bridged value by chain

Understanding the distribution of bridged value helps contextualize both the opportunity and the risk. The following data reflects cumulative bridged value as tracked by major analytics platforms through Q1 2026.

Ethereum dominates with $392 billion in cumulative bridged value, reflecting its role as the primary settlement layer and the chain from which most cross-chain transfers originate. Tron's $91 billion is driven almost entirely by USDT stablecoin transfers, particularly in developing markets where Tron's low fees make it the preferred rail for remittances and commerce.

The growth of Base to $12.5 billion and Arbitrum to $11.3 billion reflects the ongoing migration of DeFi activity from Ethereum mainnet to Layer 2 networks. Solana's $32 billion demonstrates significant cross-chain demand driven by its high-speed trading ecosystem and the memecoin phenomenon. Every dollar bridged represents a moment of vulnerability where funds are in transit between security domains — making bridge security proportionally more critical as these volumes grow.

8. Choosing the right bridge: recommendations by user profile

Given the complexity of the cross-chain landscape, here are specific recommendations based on user profile and use case:

For institutional users and high-value transfers

Recommended: deBridge, Stargate (LayerZero). Institutional users should prioritize bridges with intent-based architectures (deBridge) or established DVN-based verification (Stargate/LayerZero). These protocols offer the strongest combination of security and liquidity for large transfers. Key considerations include:

• Split large transfers across multiple bridges and multiple transactions to limit single-point-of-failure exposure
• Verify the bridge's insurance coverage — some protocols offer built-in coverage for verified exploits
• Use dedicated bridge monitoring tools that alert on unusual TVL changes or validator behavior
• For transfers exceeding $1 million, consider OTC (over-the-counter) services that bypass public bridge infrastructure entirely

For retail users

Recommended: Across Protocol, Eco Portal. Retail users benefit most from intent-based bridges that provide a simple user experience with strong security guarantees. Across Protocol's solver network typically offers competitive pricing with fast finality, and its intent-based architecture means there is no large pool of locked funds that could be exploited.

• Always verify you are on the official bridge URL — bookmark it and never use links from social media or search ads
• For amounts under $10,000, the speed and simplicity of intent-based bridges outweigh the marginal cost difference
• Check the bridge's status page and social media before initiating a large transfer — if there are reports of issues, wait

For multi-ecosystem users

Recommended: Symbiosis, Rango, Jumper. Users who regularly move assets across many different chains benefit from bridge aggregators that compare routes across multiple underlying protocols. Rango and Jumper (by LI.FI) query multiple bridges simultaneously and present the optimal route based on speed, cost, and security parameters.

• Aggregators add a layer of abstraction that can obscure the underlying bridge — always check which bridge is being used for each route
• Symbiosis offers native cross-chain swaps that combine bridging and DEX functionality, reducing the number of transactions needed
• For exotic routes (e.g., Solana to Cosmos chains), aggregators may be the only option — but verify the bridge's track record before proceeding

9. The bridge security checklist

Before using any bridge, evaluate it against the following criteria. A bridge that fails on more than one of these points should be used with extreme caution — or avoided entirely. For a broader guide to staying safe in crypto, see our dedicated Learn article.

1. Audits. Has the bridge been audited by at least two independent, reputable security firms? Look for audits by firms like Trail of Bits, OpenZeppelin, ChainSecurity, or Halborn. A single audit is not sufficient for a bridge handling significant value. Check when the most recent audit was conducted — audits older than 12 months may not cover recent code changes.

2. Bug bounty program. Does the bridge maintain an active bug bounty program with a minimum reward of $500,000 for critical vulnerabilities? A generous bug bounty creates an economic incentive for white-hat researchers to report vulnerabilities rather than exploit them. Bridges without bug bounties are relying entirely on their audit history and internal security reviews.

3. Emergency pause functionality. Can the bridge be paused within minutes if an exploit is detected? The difference between a $3 million loss and a $600 million loss often comes down to whether the bridge team can halt operations before the attacker drains the full TVL. Check whether the pause mechanism is controlled by a multisig with geographically distributed signers who are available 24/7.

4. TVL history. Does the bridge show a stable TVL history without unexplained sharp drops? An unexplained 30% TVL decline in a single day could indicate a quiet exploit, a loss of confidence, or an operational issue. Use analytics platforms like DefiLlama to review the bridge's TVL over the past 12 months.

5. Validator/verifier decentralization. How many independent entities participate in the bridge's verification process, and how are they selected? A bridge with 4 validators controlled by the same company is not meaningfully decentralized, regardless of the multisig threshold. Look for bridges where validators are economically independent, geographically distributed, and selected through a permissionless or governance-approved process.

6. Open-source code. Is the bridge's smart contract code publicly available and verified on block explorers? Closed-source bridges require users to trust the development team completely, with no ability to independently verify the security of the code. Open-source bridges benefit from community review and faster vulnerability discovery.

10. DeFi insurance: mitigating bridge risk

Even with the best security practices, the history of bridge exploits makes clear that residual risk cannot be eliminated entirely. DeFi insurance has emerged as a critical risk management tool, particularly for users with significant cross-chain exposure.

Nexus Mutual v3 remains the leading DeFi insurance provider, offering up to $6 billion in total coverage capacity as of Q1 2026. Their product suite includes:

• Protocol Cover: Pays out if a covered protocol (including specific bridges) suffers a smart contract exploit resulting in user losses
• Bug Bounty Cover: A newer product that specifically covers losses resulting from smart contract bugs that were not caught by audits or bug bounty programs
• Custody Cover: Covers losses from custodial failures, relevant for trusted bridge models

The cost of DeFi insurance varies based on the perceived risk of the covered protocol, but typically ranges from 2% to 5% annually for well-established bridges and higher for newer or less-audited protocols. For institutional users moving significant value cross-chain, the cost of insurance is a small price compared to the potential for total loss.

It is worth noting that insurance payouts are not automatic. Claims must be submitted and approved by Nexus Mutual's governance process, which evaluates whether the loss falls within the policy's coverage terms. Users should carefully review the policy wording, particularly the exclusions, before purchasing coverage.

11. The broader cybersecurity context

Bridge vulnerabilities do not exist in isolation. They are part of a broader cybersecurity landscape where the infrastructure underlying DeFi — operating systems, cloud providers, developer toolchains — is itself under constant attack.

In Q1 2026, critical operating system vulnerabilities including CVE-2026-21510 and CVE-2026-21514 highlighted the risks that extend below the application layer. These vulnerabilities, affecting widely deployed systems, could potentially be used to compromise the machines running bridge validator nodes, oracle relayers, or developer workstations. A bridge may have perfectly secure smart contracts, but if the validator's server operating system has an unpatched privilege escalation vulnerability, the bridge's security is only as strong as the sysadmin's patch management.

This underscores the importance of defense in depth: bridge security cannot rely solely on smart contract audits. It must encompass the entire stack, from the cryptographic proof layer down to the operating system patches on validator hardware. Teams operating bridge infrastructure should maintain aggressive patch schedules, use hardware security modules (HSMs) for key storage, and implement network segmentation to limit the blast radius of any single compromise.

12. The evolution of bridge design: from lock-and-mint to ZK and intent

The history of bridge exploits has driven a clear evolutionary trajectory in bridge design philosophy:

Generation 1: Lock-and-mint with trusted validators (2020–2022). The earliest bridges used a simple model: lock assets on chain A, have a small group of validators attest to the deposit, and mint wrapped tokens on chain B. This model was cheap and fast but created massive honeypots and concentrated trust in small validator sets. Ronin, BNB Bridge, and Multichain all represent this generation.

Generation 2: Decentralized verification networks (2023–2024). The second generation replaced small multisig committees with larger, economically incentivized networks of verifiers. LayerZero's DVN model, Wormhole's Guardian network expansion, and Axelar's PoS validator set represent this approach. Security improved through diversification, but the fundamental model still relies on the honesty and operational security of human operators.

Generation 3: ZK-proof and intent-based models (2025–present). The current generation eliminates trust in human operators wherever possible. ZK-bridges verify transactions mathematically, and intent-based bridges eliminate large liquidity pools by using professional solvers who manage their own risk. This generation represents a paradigm shift: instead of asking "can we trust the validators?", the question becomes "can we verify the mathematics?" or "is the solver economically rational?"

The transition is not yet complete. Many of the most widely used bridges still operate on Generation 1 or Generation 2 architectures. But the direction of travel is clear: the future of cross-chain security is trustless, cryptographically verified, and mathematically guaranteed.