Cross-chain bridges move tokens between blockchains that cannot natively talk to each other. They are also the single biggest source of stolen funds in crypto history. Chainalysis pegs bridge losses at more than $2.5 billion across 2021 to 2023, and the largest individual heists in the industry's history are bridge exploits. That does not mean every bridge is unsafe. It means the safety gap between the best and worst bridges is enormous, and the wrong choice can cost everything.
​

This guide walks through the five hacks that defined the category, the four risk tiers bridges fall into today, and the checklist you can use to assess any bridge before sending funds.
​

Bridges hold pooled liquidity on one chain while minting or releasing equivalent value on another. That makes the locked side a honeypot: a single contract or multi-signature wallet often guards hundreds of millions of dollars. Compromise the signer set, the verification logic, or the custodian, and the attacker walks away with everything. Smart contract bugs, leaked validator keys, and social engineering have all been used successfully.
​

Most bridge losses concentrate in a handful of catastrophic incidents. Each one exposed a different failure mode, and each is worth understanding because the same patterns keep recurring.
​

Axie Infinity's Ronin sidechain used a nine-of-nine validator set, with five signatures required to approve withdrawals. Sky Mavis controlled four validators directly and held a delegated signing key for a fifth via the Axie DAO. Attackers, later attributed by the US Treasury to North Korea's Lazarus Group, compromised the four Sky Mavis nodes through a spear-phishing job offer and used the leftover DAO delegation to clear the threshold. They drained 173,600 ETH and 25.5M USDC in two transactions. Coverage: Rekt News (Ronin), Chainalysis 2024 Crypto Crime Report.
​

Wormhole's Solana to Ethereum bridge accepted a forged "guardian" signature set because of a signature verification bug in the Solana contract. The attacker minted 120,000 wETH on Solana without locking any ETH on Ethereum, then redeemed it. Jump Crypto, Wormhole's backer, replaced the stolen funds out of its own treasury within 24 hours, which is why Wormhole still exists. The root cause was a deprecated Solana function that did not properly verify the signature account. Source: Rekt News (Wormhole), wormhole.com post-mortem.
​

A routine contract upgrade left the trusted root set to a zero value, meaning every message looked pre-verified. Once one user figured out how to spoof a withdrawal, the transaction became copy-pasteable. Hundreds of wallets piled in within hours in what became known as the first crowdsourced bridge hack. About $36M was eventually returned by white-hat redeemers. Source: Rekt News (Nomad).
​

Horizon used a two-of-five multi-signature wallet to authorize withdrawals. Attackers compromised two signer keys, almost certainly through endpoint malware, and drained ETH, USDC, WBTC, and other assets. Like Ronin, the takeaway was that any multi-sig with a threshold below the realistic compromise budget of a state-level attacker is not a security model. Source: Rekt News (Harmony).
​

Multichain (formerly Anyswap) was not hacked in the traditional sense. The project's CEO was reportedly detained by Chinese authorities, and because he personally held the keys to the bridge's MPC custody wallets, no one else could move or refund the locked assets. Funds were eventually swept under unclear circumstances. The lesson was that "decentralized" bridges with a single human point of failure are custodial bridges. Source: Rekt News (Multichain), Chainalysis 2024 report.
​

Not all bridges are equally exposed. The clearest way to compare them is by trust model, which determines what has to break for funds to be lost.
​

These are first-party bridges run by the asset issuer, where the bridge never holds wrapped IOUs. The canonical example is Circle's Cross-Chain Transfer Protocol (CCTP), which burns USDC on the source chain and mints native USDC on the destination chain. There is no pooled liquidity to drain, and no third-party validator set to compromise; the only attestation comes from Circle, the same entity that issues USDC in the first place. Source: developers.circle.com (CCTP docs). Native rollup bridges from Ethereum to L2s like Arbitrum, Optimism, and Base sit in roughly the same tier because their security inherits from Ethereum consensus and the canonical bridge contract.
​

Protocols like Across and Stargate use a relayer or solver to front liquidity on the destination chain, then settle on the source chain through a canonical messaging layer or fraud-proof window. Security is bounded by the underlying chain plus a challenge period, and the relayer's at-risk capital is the bridge's at-risk capital. Intent-based designs like Eco's solver network sit here too: solvers pre-fund the user, then claim repayment, so users are exposed only to the duration of the intent, not to a multi-chain validator set. Source: docs.across.to, stargate.finance docs.
​

This is where the historical hacks cluster. A fixed validator or guardian set, usually 13 to 21 nodes, attests to cross-chain messages. Wormhole, the original Ronin, and Multichain all sat here. Modern federated designs have improved (slashing, larger sets, hardware security modules), but the trust assumption remains: enough validators must stay honest and operationally secure. For high-value transfers, this is the tier that requires the most diligence.
​

These bridges, including the Multichain model and older centralized wrapped assets, rely on a single entity or small custodian to hold the underlying asset and issue an IOU on another chain. If the custodian disappears, gets sanctioned, or is hacked, the wrapped asset becomes worthless. Use only for short-duration transfers, never as a long-term store of value.
​

Five questions tell you most of what you need to know, and they apply to any bridge regardless of marketing claims.
​

1. What is the trust model? If the answer is "trust this 13-of-19 multi-sig," you are in Tier 3 at best. If the answer is "burn and mint on canonical contracts" or "settle on Ethereum within 7 days," you are in Tier 1 or 2.
​

2. How many independent audits, and when was the last one? Look for at least two firms (Trail of Bits, OpenZeppelin, Spearbit, Zellic) within the last 12 months. Audit reports should be public.
​

3. Is there a bug bounty, and how big? A live bounty of $1M+ on Immunefi signals that the team is paying market rate for white-hat disclosure. Wormhole runs a $10M bounty; that is the high end.
​

4. What is the operational history? A bridge with three years of incident-free operation across multiple market cycles is materially different from a six-month-old protocol with the same TVL. Check the team's response to past incidents, not just the absence of them.
​

5. Is there insurance or a recovery fund? Jump Crypto backstopping Wormhole is why depositors got made whole. Nexus Mutual and Sherlock offer cover on some bridges. Recovery is never guaranteed, but a publicly-funded backstop materially changes expected loss.
​

The right bridge depends on what you are moving and why. A few defaults that hold up under scrutiny:
​

Sending USDC across chains: Use CCTP wherever both chains are supported. It is native, audited, and avoids wrapped-IOU risk entirely. See the CCTP guide and our list of best USDC bridges.
​

Moving ETH or assets to an L2: Use the canonical bridge for that L2 (bridge.arbitrum.io, app.optimism.io/bridge, bridge.base.org). Slower than third-party bridges by design, but security inherits from Ethereum.
​

Time-sensitive routing across many chains: Intent-based bridges (Across, Eco) and aggregator routers price the tradeoff between speed and cost. Stick to protocols with public solver economics and recent audits. See our roundup of the best crypto bridges.
​

Large transfers (more than $100K): Split across two bridges, prefer Tier 1 routes, and consider holding the destination asset in a separate wallet from where you bridge to. Never bridge an entire treasury in a single transaction.
​

Yes, with discipline. The $2.5B+ in losses Chainalysis tracked from 2021 to 2023 came almost entirely from Tier 3 and Tier 4 bridges, and most of those projects either no longer exist or have rebuilt with stronger trust models. Tier 1 burn-and-mint bridges like CCTP have no known successful exploits to date. Tier 2 intent and optimistic designs have a clean track record over the last 24 months. The bridges that are unsafe are still unsafe, but the safe options have gotten genuinely safe. The decision is no longer "bridge or do not bridge"; it is "which tier."
​

Hack figures cross-referenced between Rekt News incident pages and the Chainalysis 2024 Crypto Crime Report. Bridge trust models verified against each protocol's public documentation: Circle CCTP docs, Across docs, Stargate docs, Wormhole docs. Attribution of the Ronin attack to Lazarus Group via the US Treasury OFAC designation, April 2022. Published May 19, 2026.
​