Day 19 — Bridges and the multi-chain world
If you stay in crypto for any length of time, you will move an asset from one chain to another. Move USDC from Ethereum to Arbitrum to save on gas. Bridge ETH from mainnet to Base to use a specific product. Move SOL to Ethereum to access a particular DeFi protocol. The technology that enables this is called a bridge, and it is consistently the most dangerous part of crypto infrastructure.
Roughly $2.5 billion has been lost to bridge hacks over the history of the space. That number is bigger than any other single category of crypto loss. The Wormhole bridge was hacked for $325M in 2022. The Ronin bridge (the bridge for the Axie Infinity game) was hacked for $625M, also in 2022. The Nomad bridge was drained for $190M in a frontend exploit that was so obvious users were able to copy-paste the exploit transaction and steal small amounts before the protocol could even react.
Understanding why bridges fail is the single most useful security lesson in DeFi. Once you have the mental model, you can evaluate any bridge you're considering using.
Why bridges exist
Each blockchain is its own universe. Bitcoin doesn't know what's happening on Ethereum. Ethereum doesn't know what's happening on Solana. Solana doesn't know what's happening on Arbitrum. There is no native way for an asset on one chain to be used on another chain.
If you want to use your ETH on Solana, you need a way to "send" the ETH from Ethereum to Solana. But you can't literally send ETH to Solana — Solana's blockchain doesn't have a concept of ETH. So bridges work around this with a workaround called the lock-and-mint model.
The bridge protocol locks your real ETH in a smart contract on Ethereum. Then it mints a "wrapped" version of ETH (called wETH on Solana, or similar names on other chains) on the destination chain. The wrapped token represents a claim on the locked ETH back on Ethereum. When you want to bridge back, you burn the wrapped token, and the bridge releases your real ETH from the lock contract.
This is the design pattern most bridges use. The problem is that the entire system depends on the lock contract staying locked. Whoever controls the lock contract controls the funds. And bridge lock contracts have historically been some of the most concentrated honey pots in all of crypto, often holding hundreds of millions or billions of dollars in single addresses.
The three categories of bridge security
Multi-sig bridges are secured by a small number of signers (often a 5-of-9 or similar threshold) who have to approve withdrawals. The Ronin bridge was a 5-of-9 multi-sig. North Korean state-sponsored attackers compromised 5 of the 9 keys and drained $625M. This is the weakest security model. If a bridge is secured by "a multi-sig of the team," treat it as essentially custodial.
Light client bridges verify the source chain's state on the destination chain using cryptographic proofs. These are technically more secure but expensive and complex to build. zkBridge designs are an emerging variant that uses zero-knowledge proofs to verify state transitions. The security inherits more from the underlying chains and less from the bridge operator. This is the direction the industry is moving.
Optimistic bridges assume the bridge messages are correct unless someone challenges them within a dispute window (similar to optimistic rollups). The security depends on the dispute window being long enough for honest watchers to catch attacks. Nomad's hack happened because a configuration error made every message pass without proper verification.
Liquidity-network bridges (sometimes called "intent-based bridges" in their newer forms) don't actually move assets across chains. They use liquidity pools on each chain to swap assets through a relayer network. You deposit ETH on Ethereum and receive ETH from a different pool on Arbitrum, atomically. The relayers handle the rebalancing offline. This is structurally safer in that there's no concentrated bridge honey pot, but you're still trusting the relayer network.
The newer pattern: Layer 2 rollup bridges
If you're bridging between Ethereum and an Ethereum Layer 2 like Arbitrum, Optimism, or Base, you're using a different category of bridge that inherits Ethereum's security. The L2's smart contracts on Ethereum mainnet handle the locking and unlocking. Because the L2 itself derives its security from Ethereum, the bridge inherits that security.
These bridges are structurally safer than cross-chain bridges between independent L1s. They have a settlement delay (usually 7 days for optimistic rollups) when withdrawing back to mainnet, but no significant track record of losses.
This is why the L2 ecosystem is growing fast: you get cheap, fast transactions on the L2 while inheriting Ethereum-grade security for your bridged assets. The tradeoff is worth it for most use cases.
Practical guidance
If you're going to bridge, here are the rules.
Bridge to/from L2s inherits L1 security. Bridging USDC from Ethereum to Base (a Base-secured L2) is safer than bridging USDC from Ethereum to Solana (an entirely separate L1). Use this hierarchy when you have a choice.
Native USDC and native USDT are safer than wrapped. Circle (USDC's issuer) operates a system called CCTP (Cross-Chain Transfer Protocol) that burns USDC on the source chain and mints fresh USDC on the destination chain, eliminating the wrapped-asset middleman. When available, use this. Same with Tether's native bridging.
Use the official bridge, not a copycat. Every major L2 has an "official" bridge maintained by the same team that maintains the L2. Use that. Random third-party bridges offering better rates have been the source of multiple frontend phishing attacks.
Don't keep wrapped assets in bridges longer than necessary. If you bridged wBTC to do one specific thing on Ethereum, do the thing and bridge back (or trade into native USDC). The longer your assets sit in a wrapper, the longer the bridge's failure becomes your problem.
Treat the dollar value at risk during a bridge transaction as size-appropriately. Sending $50 across chains is a different decision than sending $50,000. Use the bigger number to calibrate your due diligence.
A practical heuristic: the safest bridge is the one you don't use. If you can do what you want to do on one chain, do it on one chain. Multi-chain participation is sometimes necessary but usually optional, and every cross-chain transaction is an opportunity for something to go wrong.
Tomorrow we look at the technology that bridges, lending markets, and DEXs all depend on for their inputs. Oracles. The pipes that connect off-chain reality to on-chain smart contracts, and the structural reason oracle failures cascade through DeFi when they happen.
Glossary
| Term | Definition |
|---|---|
| Bridge | Infrastructure that allows assets to move between blockchains. |
| Wrapped asset | A token on one chain representing a claim on an asset locked on another chain. (wETH on Solana, wBTC on Ethereum.) |
| Lock-and-mint | The most common bridge design: lock the asset on the source chain, mint a wrapped version on the destination chain. |
| Multi-sig bridge | A bridge secured by a small number of signers, where withdrawals require a threshold of signatures. The weakest security model. |
| Light client bridge | A bridge that verifies the source chain's state using cryptographic proofs on the destination chain. |
| Optimistic bridge | A bridge that assumes messages are valid unless challenged within a dispute window. |
| Liquidity-network bridge | A bridge that uses liquidity pools on each chain instead of locking and minting, executing as a coordinated swap via relayers. |
| CCTP (Cross-Chain Transfer Protocol) | Circle's native USDC bridging system. Burns on source, mints on destination, eliminating the wrapped-asset middleman. |
| Frontend exploit | An attack on the user-facing website of a bridge or DEX, often replacing legitimate transactions with malicious ones. |
| Cross-chain transaction | Any transaction that involves moving value or messages between two blockchains. |
Reality check
You need to move $50K worth of USDC from Ethereum to Arbitrum. Walk through what you would do, in what order.
The strongest sequence: (1) confirm you actually need to bridge (could you just use the protocol on Ethereum?), (2) use the official Arbitrum bridge or Circle's CCTP rather than a third-party aggregator, (3) verify you're on the actual bridge URL (no typos, no copycats), (4) test with a small amount first ($100 maybe), (5) once confirmed working, send the larger amount, (6) confirm receipt on Arbitrum before assuming the transaction is done. The whole sequence takes 15 minutes and avoids almost every category of bridge failure.
Read deeper
1. How to bridge from Layer 1 blockchains to Layer 2 blockchains by The Block
The practical primer.
Read on IMPCT (curated commentary) | Read original (theblock.co)
Deven's take. Read this for the user-facing mechanics. The Block does a good job of walking through what a typical bridging interaction looks like in practice. Useful even if you've bridged before, because the patterns repeat and they're worth internalizing as muscle memory.
2. What is blockchain abstraction? by The Block (revisited from Day 11)
The future of bridging is to make bridging invisible.
Read on IMPCT (curated commentary) | Read original (theblock.co)
Deven's take. Chain abstraction is the bet that most users will eventually not know which chain they're transacting on. The wallet and the application handle the routing. The user just sees "send 100 USDC to this address" and the underlying complexity is hidden. We're not there yet, but the technology is maturing. Worth understanding because it's the long-term answer to "why is bridging so risky and confusing." The answer: bridging shouldn't be a user-facing operation at all. It should be infrastructure.
3. rekt.news bridge hack roundup (rekt.news)
The cautionary tale archive.
Deven's take. Spend an hour reading bridge hack post-mortems. Wormhole. Ronin. Nomad. Multichain. Harmony. Poly Network. The patterns repeat: multi-sig compromise, signature replay, frontend exploit, smart contract bug in critical code. Each one is a lesson in what to verify before trusting infrastructure. The fact that the industry keeps getting hit with the same categories of attack should tell you that bridge security is harder than it looks.
4. Across, Stargate, and the modern bridge landscape
Where the category is heading.
Read on IMPCT (curated commentary)
Deven's take. Across (built by UMA) and Stargate (built by LayerZero) represent the newer generation of bridge designs. Both use liquidity-network approaches that avoid the worst of the lock-and-mint model. Neither is perfect, but both are structurally safer than the bridges that produced 2022's biggest losses. If you bridge frequently, learn both interfaces.
5. Circle's CCTP (developers.circle.com)
Native USDC across chains.
Deven's take. This is the single highest-leverage thing in the bridging category. If you only ever bridge stablecoins (USDC specifically), CCTP is the only mechanism you need. It's the bridge built by Circle itself, burns and mints native USDC on each end, and eliminates the wrapped-asset risk entirely. Use it whenever the chain you're going to/from supports it. The list keeps growing.
Tomorrow
Oracles. The infrastructure that brings off-chain data on-chain. Why oracles are necessary, why they're hard to build well, and why oracle failures have caused some of the most spectacular DeFi losses in history. By the end of tomorrow you'll have the missing piece of the DeFi stack.
See you in the morning.
Preview reader
You are reading a private preview of IMPCT Institute. If something landed, didn't land, or felt confusing on this lesson, tell us. Short notes are useful. Long notes are useful. No notes are also fine.