What is a Bridge?
How it works
Most bridges follow a lock-and-mint pattern: you deposit an asset into a smart contract on the source chain, the bridge observes the deposit, and it mints a "wrapped" representation on the destination chain. Returning works in reverse — the wrapped token is burned and the original collateral is released. Alternatives include burn-and-mint, where the token's issuer destroys supply on one chain and mints it natively on the other (as Circle's CCTP does for USDC), and liquidity networks, where relayers front you the asset on the destination chain from a local pool and settle with the source chain later.
The critical design question is who verifies the transfer. Externally verified bridges trust a committee — a multisig or validator set that signs off on withdrawals. Natively verified bridges run a light client of the source chain inside a contract on the destination chain, so it checks consensus proofs itself; canonical rollup bridges go further, with the L1 verifying fraud or validity proofs directly. Optimistic bridges treat messages as valid unless a watcher disputes them within a challenge window.
Because a wrapped token is only an IOU against locked collateral, the bridge vault becomes a honeypot: anyone who can forge a withdrawal message can mint unbacked tokens or drain it entirely.
Why it matters
DeFi liquidity is fragmented across dozens of L1s and rollups, and bridges are the plumbing that connects them — without bridges, capital on one chain cannot reach the apps, yields, or users on another. They are also DeFi's single largest loss category: Ronin (~$625M), Wormhole (~$325M), and Nomad (~$190M) were all bridge exploits, together over $1B in 2022 alone. Judging a bridge's verification model — a five-of-nine multisig versus an L1-verified canonical rollup bridge — is one of the highest-leverage risk decisions a DeFi user makes, because a drained bridge leaves wrapped tokens unbacked even in wallets that never touched the exploit.
Real-world examples
In March 2022, attackers later attributed to North Korea's Lazarus Group compromised five of the nine validator keys securing the Ronin bridge, which connected Ethereum to Axie Infinity's Ronin sidechain. Holding a signing majority, they forged withdrawals for 173,600 ETH and 25.5 million USDC — roughly $625 million — without exploiting any smart-contract bug. The theft went unnoticed for six days, a reminder that an externally verified bridge is exactly as secure as its smallest key quorum.
FAQ
Is a wrapped token the same as the original asset?
No. A wrapped token is a claim on collateral locked in a bridge contract. If that bridge is hacked or its vault drained, the wrapped version can trade far below the original — holders of wrapped assets carry the bridge's solvency risk, not just the asset's market risk.
What is the safest kind of bridge?
Bridges verified by the chains themselves minimize trust: canonical rollup bridges, whose withdrawals the L1 verifies with fraud or validity proofs, and light-client designs like Cosmos IBC. Externally verified bridges (multisigs, validator committees) are usually faster and cheaper but add a trusted party whose key security you must evaluate.
Why do bridges get hacked so often?
They concentrate enormous collateral behind a single message-verification mechanism. Historic failures span compromised validator keys (Ronin), a signature-verification bug that let an attacker mint 120,000 unbacked wETH (Wormhole), and an initialization error that let anyone copy-paste withdrawal transactions (Nomad). One flaw in verification exposes the entire vault.
Related terms
Go deeper
Browse the complete crypto glossary to explore related terms and concepts.
Browse Glossary