Crypto bridging is the process of moving a digital asset or message from one blockchain to another by locking, burning, or attesting to its existence on the source chain and then issuing a corresponding asset or message on the destination chain.
​

The mechanism varies. Wrapped-token bridges lock the original asset in a custody contract and mint an IOU on the destination. Native-mint bridges burn supply on one side and mint canonical supply on the other. Intent-based systems hand the problem to a third-party solver that fronts the destination asset and reclaims the source funds afterward. Each design trades off speed, cost, finality, and trust. Bridges have also been the single largest source of losses in crypto: Chainalysis attributed roughly $2 billion in stolen funds to bridge exploits across 13 separate hacks in 2022 alone, and Rekt News still ranks Ronin ($624M, March 2022), Poly Network ($611M, August 2021), and Wormhole ($326M, February 2022) among the top exploits in the industry. This article explains the three architectures in production today, the recurring failure modes, and where orchestration layers like Eco Routes sit relative to the bridges they call.
​

A blockchain is a closed ledger. State on Ethereum cannot be read by Solana, and a token recorded in an Ethereum smart contract has no representation on Solana unless something external creates one. Bridging is the general term for any protocol that creates that representation. The asset can be a token (USDC, ETH, WBTC), an arbitrary message (a governance vote, an oracle update), or a richer payload (a contract call with attached value).
​

The category exists because Layer-1 and Layer-2 networks have proliferated. DefiLlama tracks active TVL across more than 250 chains as of April 2026, and the top 15 chains by stablecoin supply each carry over $100 million in USDC or USDT. Users who hold assets on Ethereum but want to use a Solana DEX, or treasuries that hold reserves on Arbitrum but need to pay a counterparty on Base, must move value across that gap. Bridges are the mechanism. The Block's bridge dashboard shows aggregate cross-chain volume regularly clearing $5 billion per week.
​

A useful distinction up front: bridging is not the same as swapping. A swap converts one asset to another at a market-determined price (USDC to ETH, for example). A bridge moves the same asset across networks at a fixed 1:1 ratio. Many production systems combine the two. A user wants to convert USDC on Ethereum to USDT on Solana, which is a swap plus a bridge. The composition is what intent-based systems automate.
​

Bridge protocols also fall into two trust categories. Trust-minimized bridges derive their security from the underlying chains they connect, typically through light clients, zero-knowledge proofs, or cryptoeconomic staking. Trusted bridges rely on a fixed validator set or multi-signature committee that attests to source-chain events. The Ronin bridge, which used a 5-of-9 multisig, is the canonical example of how a trusted set fails when keys are compromised. Trust-minimized designs are slower and more expensive to build, which is why most production bridges still sit somewhere on a spectrum.
​

Three architectures account for almost all production bridge volume. Each has a different failure mode and a different cost profile, and most user-facing routers compose more than one under the hood.
​

The lock-and-mint pattern was the first bridge design to reach production. The user deposits an asset into a custody contract on the source chain. A validator set or relayer observes the deposit and instructs a contract on the destination chain to mint a wrapped representation. To return, the user burns the wrapped token on the destination chain, which releases the original from custody on the source.
​

Wrapped Bitcoin (WBTC) was the early canonical example: BitGo holds custody of native BTC, a merchant network mints WBTC on Ethereum, and the wrapped supply tracks the locked balance. Multichain (formerly Anyswap) ran a similar model across roughly 50 chains before its 2023 collapse following the arrest of its CEO, after which roughly $1.5 billion in user funds became inaccessible. Portal Bridge, the Wormhole-operated lock-and-mint flow, is one of the largest still in production.
​

The structural risk is that the wrapped token is only as safe as the bridge. If the custody contract is drained, the wrapped supply on every connected chain becomes worthless. The Wormhole exploit on February 2, 2022 demonstrated this directly: an attacker forged a message that minted 120,000 wETH on Solana without locking any ETH on Ethereum. The protocol was rescued by a $326 million injection from Jump Crypto. The CertiK incident analysis walks through the signature-verification bypass that made the attack possible.
​

Burn-and-mint avoids the wrapped-token problem by destroying source-chain supply when an asset is bridged and minting an equivalent amount of canonical supply on the destination. There is no custody contract holding a growing pool of locked assets, which collapses the attractive surface for an attacker.
​

Circle's Cross-Chain Transfer Protocol is the production reference for native USDC. The user calls depositForBurn on the source chain, which burns the USDC and emits a message. Circle's attestation service signs the burn event, the user submits the signed attestation to the destination chain, and Circle's contract mints fresh canonical USDC against the burn. CCTP V2, which shipped in March 2025, added a Fast Transfer mode that drops the wait from roughly 15 minutes to under 60 seconds by introducing a 24-hour clawback window backstopped by Circle's allowlist. The CCTP documentation lists 12 chains supported as of April 2026, including Ethereum, Arbitrum, Base, Avalanche, Solana, and Polygon PoS.
​

LayerZero's Omnichain Fungible Token standard generalizes the same idea. Issuers like Tether (USDT0), Ondo (USDY), and PayPal (PYUSD0) deploy a single OFT contract that mints and burns supply on each chain it supports, with LayerZero's Decentralized Verifier Network attesting to each cross-chain message. LayerZero reports that more than 700 OFTs have moved over $160 billion in cumulative volume.
​

The trade-off is issuer dependence. CCTP only works for assets where the issuer agrees to operate the protocol: Circle for USDC, no one for arbitrary ERC-20s. OFT works for any token whose issuer is willing to deploy the contracts on each chain. Neither helps a user who holds an asset whose issuer never integrated.
​

Intent-based bridges flip the model. Instead of asking the user to lock an asset and wait for a relay, the protocol asks the user to sign a statement of desired outcome ("I want X amount of USDC on Solana, sourced from my USDC on Ethereum, within 30 seconds"). A network of solvers competes to fulfill that intent. The winning solver fronts the destination-chain asset to the user immediately, then reclaims the source-chain funds through a settlement layer once the destination action is verified.
​

From the user's perspective, the asset arrives in the time it takes the destination chain to confirm a transaction, regardless of how slow the underlying message-passing layer is. The solver absorbs the latency. ERC-7683, drafted by Across and Uniswap and currently progressing through the Ethereum standards process per the EIP-7683 specification, formalizes the cross-chain intent format so solvers can compete across protocols.
​

Across, LI.FI, Squid, and Eco Routes all run intent-based execution. Across reported that more than 90% of its volume settles in under 30 seconds. The solver absorbs the bridge latency by taking on the inventory risk: a solver fills a $1M intent on Solana from its own balance and waits for the slower CCTP or canonical-bridge settlement to repay it on Ethereum. That risk is priced into the solver fee, which is why intent-based execution is typically faster than direct bridging but not always cheaper for very small transfers.
​

Bridges have been the single largest source of stolen value in crypto. Chainalysis tracked roughly $2 billion stolen from bridges in 2022 alone, accounting for 69% of total crypto theft that year per the Chainalysis 2022 cross-chain bridge report. The Rekt News public leaderboard at rekt.news/leaderboard still places three bridge incidents in the top ten of all-time exploits.
​

The failure modes cluster into four categories.
​

Validator-set compromise. Ronin Network, the bridge for Axie Infinity, lost $624 million on March 23, 2022 when an attacker gained control of 5 of 9 validator keys. Sky Mavis disclosed that four were compromised through a spear-phishing campaign and one was held by Axie DAO under an inactive allowlist. The Ronin community alert documents the timeline. Harmony's Horizon bridge fell to a similar 2-of-5 multisig compromise in June 2022, losing $100 million.
​

Smart contract bugs. Wormhole lost $326 million on February 2, 2022 to a signature-verification bypass that let an attacker mint 120,000 wETH on Solana without locking ETH on Ethereum. Nomad lost $190 million on August 1, 2022 to a faulty initialization that flagged any message as already-validated, allowing dozens of opportunistic copy-paste exploiters to drain the bridge over a few hours. The Nomad post-mortem describes the root cause as a single line of incorrectly initialized state.
​

Operator key compromise. The Multichain failure in mid-2023 was not a smart-contract exploit. The CEO held the only set of keys controlling roughly $1.5 billion in user assets. After his arrest by Chinese authorities in May 2023, those keys could not be recovered, and the assets remain frozen. Lock-and-mint bridges are particularly exposed to this failure mode because their security depends on operator action, not on any onchain mechanism.
​

Message-replay or double-spend. Poly Network lost $611 million in August 2021 when an attacker exploited a flaw in the cross-chain message verification that let them call privileged functions on the destination chain. The funds were eventually returned in that case, but the attack pattern repeats: any bridge that treats source-chain messages as authoritative without independent verification is exposed.
​

Burn-and-mint and intent-based designs reduce some of these surfaces. CCTP holds no growing TVL pool. Intent-based solvers expose only their own working capital, not user deposits. But neither eliminates risk: solvers still rely on a settlement layer (often a canonical bridge), and CCTP itself has been audited multiple times but still inherits dependencies on Circle's attestation service.
​

By 2024 most users stopped picking a specific bridge and started using a router or orchestrator that picks one for them. The distinction matters because routers and bridges sit at different layers.
​

A bridge is a single rail: CCTP, Wormhole's Portal, Hyperlane's Warp Routes, or Across's canonical bridge each move assets in one specific way. A router is a meta-layer that compares quotes from many bridges and routes the user to the best one for a given trade. Jumper, LI.FI's consumer surface, integrates more than 25 bridges and chooses among them per route. Squid, the Axelar-aligned router, does the same on a smaller bridge set.
​

Orchestration goes a step further. An orchestration layer treats the cross-chain problem as a workflow: it accepts an intent that may involve multiple legs, multiple chains, and conditional logic, and routes execution across whatever combination of bridges, DEXs, and solvers fulfills it. Stablecoin orchestration is the version of this aimed specifically at stablecoin treasuries that need to move USDC, USDT, and PYUSD across 15-plus chains continuously.
​

Eco Routes is one such orchestration layer. The protocol calls bridges and CCTP under the hood as needed; bridges are the rail, the orchestrator is the layer above. The same pattern applies to LI.FI Composer, Biconomy MEE, and Across+ . The orchestration layer is not a competitor to the bridges it uses. It is a consumer of them. The intent-based DEX guide covers the broader category.
​

Most user flows in 2026 do not call a single bridge directly. The router or orchestrator picks one. There are still cases where calling a specific bridge by hand is the right move.
​

The first is when the issuer's canonical bridge is the only path that preserves a 1:1 redemption guarantee. Moving native USDC from Ethereum to Solana through CCTP yields native, fully redeemable USDC on Solana. Moving the same USDC through a wrapped-token bridge yields a wrapped representation that may or may not redeem to native USDC depending on the bridge operator. For treasury accounting, regulatory reporting, or any flow where the asset must be the issuer-recognized canonical version, the burn-and-mint canonical bridge is non-substitutable.
​

The second is large-size transfers where the price impact of router-level slippage exceeds the fee savings. A $50,000 transfer through a competitive intent-based router typically settles within a few basis points of the canonical price. A $5 million transfer may move the price meaningfully on the venues the router uses. Calling CCTP directly avoids that price impact at the cost of waiting for canonical-bridge finality (around 13 minutes for the Fast Transfer path, 15-20 minutes for the standard path).
​

The third is integration-level use. A protocol that needs cross-chain message passing to coordinate state, such as a multi-chain governance vote, a yield aggregator pulling rates from multiple chains, or an oracle network distributing data, typically integrates a specific message-passing rail (LayerZero, Hyperlane, CCIP, Wormhole) directly. Routers and orchestrators are designed for value-transfer intents, not for arbitrary cross-chain message logic. The two solve different problems.
​

Outside those three cases, the router or orchestrator is the better default. The reason is operational: a single integration with one orchestrator gives access to whatever set of underlying bridges the orchestrator currently routes to, including new ones added later, without integration code on the consumer side. That is the entire point of the abstraction.
​

Most production bridge volume in 2026 is stablecoins. Visa's onchain dashboard at visaonchainanalytics.com reports adjusted stablecoin transaction volume above $750 billion in March 2026. The cross-chain portion of that flow runs through a mix of CCTP, OFT, and intent-based execution depending on the asset and the route.
​

For payments-grade workflows the latency profile matters more than the per-trade fee. A merchant accepting USDC who needs to settle into a working-capital wallet on Arbitrum cannot ask the customer to wait 15 minutes for canonical CCTP finality. The intent-based approach (solver fronts the destination asset, settles asynchronously) is what makes a checkout-style cross-chain payment commercially viable. The 30-second median that Across reports, and the comparable numbers Eco Routes posts, are what brings cross-chain payments into the same latency band as a card authorization.
​

For treasury-grade workflows the priority is auditability and the canonical version of the asset. A finance team reconciling a multi-chain stablecoin balance does not want a wrapped representation showing up in its books. CCTP and OFT preserve canonical issuance; routers built on top of them inherit that property when configured to use only canonical paths. The cross-chain stablecoin rebalancing guide walks through how the two profiles compose in practice.
​

Eco Routes is built specifically for these payment and treasury flows. It accepts an intent ("deliver USDC to a destination address on chain Y, source from any chain I hold") and routes execution through CCTP, OFT, or solver inventory depending on cost and finality requirements. The bridge is a rail. The orchestration layer is what turns the rail into a usable payment surface.
​

Bridging carries real risk. Bridges have been the largest single source of stolen funds in crypto, with roughly $2 billion lost in 2022 alone per Chainalysis. Burn-and-mint protocols like CCTP and intent-based execution reduce the surface area, but no design eliminates risk. Use canonical issuer bridges for size, audited routers for retail flows.
​

A bridge moves the same asset across chains at a fixed 1:1 ratio. A swap converts one asset to another at a market price. Many user flows combine both: converting USDC on Ethereum to USDT on Solana is a swap plus a bridge. 1:1 stablecoin swap mechanics covers the composed case.
​

Times vary by architecture. Lock-and-mint bridges typically take 5 to 30 minutes, depending on the source chain's finality. CCTP V2 Fast Transfer settles in under 60 seconds; CCTP standard takes around 13 minutes. Intent-based bridges deliver the destination asset in seconds, with settlement to the solver completing asynchronously.
​

There is no single best bridge; the right one depends on the asset, the chains, and the size. For native USDC, CCTP is the canonical path. For non-USDC ERC-20s with OFT support, LayerZero is canonical. For arbitrary asset-and-chain combinations, an intent-based router or orchestration layer picks the right rail per route.
​

Bridges are the underlying rail that moves canonical supply across chains. Orchestrators accept user intents and route them across whatever combination of bridges, DEXs, and solvers fulfills the intent best. The orchestrator is a consumer of bridge capacity, not a competitor to it. Eco Routes calls CCTP, OFT, and solver inventory as needed.
​