DECLASSIFIED // INTELLIGENCE BRIEFING // FOR EDUCATIONAL PURPOSES ONLY
This content is informational only and does not constitute financial, legal, or investment advice. Always do your own research before making any trading decisions.
Crypto Bridges: Moving Assets Between Chains, and the Risks That Come With It
Crypto bridges explained. How lock-and-mint, burn-and-mint, and liquidity network bridges work, why bridge hacks are the largest category of crypto theft, and how to bridge safely.
Updated May 15, 2026· CRYPTINT.IO Intelligence
Key Takeaways
- +A bridge moves assets between blockchains that don't natively talk to each other. Moving USDC from Ethereum to Solana, for example, requires a bridge to lock or burn on one chain and mint or unlock on the other.
- +Bridge hacks are the largest single category of crypto theft. Ronin ($625M), Poly Network ($610M), Wormhole ($320M), Nomad ($190M), and others total several billion dollars in cumulative losses.
- +Bridges come in three architectures. Lock-and-mint locks assets on the source chain and mints a representation on the destination. Burn-and-mint destroys on source and creates on destination. Liquidity network bridges use pre-funded pools on each chain.
- +Native issuer bridges (Circle's CCTP for USDC, Tether's native bridges for USDT) avoid wrapped-token bridge risk by minting natively on each chain. They've become the safer default for stablecoin bridging.
- +Modern messaging protocols (LayerZero, Wormhole, Chainlink CCIP, Axelar) provide infrastructure that bridges and applications build on top of. Each has different security assumptions worth understanding before bridging significant value.
What a Bridge Does
Blockchains are isolated by design. A Bitcoin transaction cannot reference Ethereum state. An Ethereum smart contract cannot read Solana balances. Each chain is its own sealed universe. A bridge is infrastructure that connects two chains, letting assets effectively move between them even though no blockchain can directly transfer data to another.
The problem matters because liquidity and applications fragment across chains. If you want to use a protocol on Arbitrum but your USDC is on Ethereum, you need a bridge. If a DeFi position on Solana is best hedged through an Ethereum-based derivative, you need a bridge. Bridges are the plumbing of multi-chain crypto.
Bridge Architectures
Lock-and-Mint
The user sends assets to a bridge contract on the source chain. The bridge locks those assets in custody. On the destination chain, the bridge mints a wrapped representation of the asset. When the user wants to go back, they burn the wrapped asset on the destination and unlock the original on the source.
This is how Wrapped BTC (WBTC) on Ethereum works. The underlying BTC sits in BitGo custody. Each WBTC on Ethereum represents 1 BTC held in that custody.
Tradeoffs:
- Simple to understand
- Requires trust that the custody holds the locked assets
- Wrapped tokens are not fungible with natively-issued ones
Burn-and-Mint
The user burns tokens on the source chain (destroys them). The bridge verifies the burn and mints new tokens on the destination chain. No locked custody is required because the asset genuinely moves; burning on one chain is equivalent to creating on the other.
Circle's CCTP (Cross-Chain Transfer Protocol) works this way for USDC. USDC on Ethereum is burned; new USDC is minted natively on the destination chain. The result is natively-issued USDC on both sides rather than wrapped representations.
Liquidity Network Bridges
Instead of locking assets, liquidity networks maintain pools on each supported chain. The user swaps asset A on chain 1 for asset A on chain 2 by trading against the bridge's liquidity pool on each side. Arbitrageurs and market makers keep the two pools balanced.
Examples: Across, Stargate, Synapse, Hop Protocol.
Tradeoffs:
- Fast (no cross-chain verification delay)
- Liquidity-dependent (large transfers can slip)
- Economic incentives for pool operators must keep flow balanced
The Messaging Layer
Modern bridges increasingly separate the asset-transfer logic from the cross-chain messaging infrastructure. A messaging protocol can pass arbitrary data (including asset-transfer instructions) between chains. Bridges, cross-chain DeFi protocols, and general interoperability tools build on top of these messaging layers.
Major Cross-Chain Messaging Protocols
| Protocol | Security Model |
|---|---|
| LayerZero | Configurable Oracle + Relayer per application |
| Wormhole | Guardian network (19 validators) |
| Axelar | Proof of Stake validator set with cross-chain consensus |
| Chainlink CCIP | Oracle-based risk management network |
| Hyperlane | Modular, permissionless; each app chooses security |
| IBC (Cosmos) | Light-client-based; strongest cryptographic model among IBC-supported chains |
Each model has different trust assumptions. Guardian networks trust a fixed validator set. Oracle-based models trust specific oracles. Light-client-based models (IBC) require running verification code on each connected chain but provide the strongest guarantees.
Why Bridges Are the Largest Hack Category
Notable Bridge Hacks
| Bridge | Year | Amount Lost | Cause |
|---|---|---|---|
| Ronin Bridge | 2022 | $625M | Compromised validator keys (Axie Infinity) |
| Poly Network | 2021 | $610M | Smart contract bug (mostly recovered) |
| BNB Bridge | 2022 | $570M | Proof forgery exploit |
| Wormhole | 2022 | $320M | Signature verification bug |
| Nomad | 2022 | $190M | Proof validation flaw; opportunistic follow-on theft |
| Harmony Horizon | 2022 | $100M | Compromised multisig keys |
| Multichain | 2023 | $126M+ | Team-controlled keys misused |
Bridges are attractive targets because they concentrate value. A single bridge holds millions to billions of dollars of locked assets. A single exploit drains the entire contract. Compared to individual wallets or smaller DeFi positions, bridges offer the highest return per compromise.
Bridge architecture tends to create complex trust assumptions: validator sets, multisigs, oracle dependencies, cross-chain proof verification. Any link in the chain can be exploited. Simpler designs (native issuer bridges, light-client bridges) have smaller attack surfaces but are harder to build across arbitrary chains.
Native Issuer Bridges
For stablecoins, the safest bridge is often the native issuer's own cross-chain protocol:
- USDC: Circle's CCTP burns USDC on source, mints on destination. No wrapped tokens.
- USDT: Tether mints natively on most chains. Cross-chain transfers use Tether's own infrastructure.
Using these removes the wrapped-token depeg risk and the bridge-exploit risk that affects third-party bridges. For large stablecoin transfers, they're usually the recommended path.
Bridging Safely
Questions to ask before bridging:
- Is the asset available natively on both chains? USDC is natively issued on many chains via CCTP. Using CCTP avoids wrapped-token risk.
- How large is the bridge's total value locked? Larger bridges have more scrutiny but also hold more at risk. Smaller bridges can be safer for small amounts but may concentrate risk for large ones.
- What's the security model? Validator sets, multisigs, light clients, and oracles all have different tradeoffs. Light-client bridges (IBC) are the strongest; multisig-based bridges are the weakest.
- Has the bridge been audited and battle-tested? New bridges are higher risk. Established bridges with years of operation have more catches and fewer unknown bugs.
- How fast is the bridge? Some bridges settle in minutes; others take hours. For volatile assets or time-sensitive trades, latency matters.
For small amounts, convenience often wins. For large amounts, use native issuer bridges where available and limit third-party bridge exposure to what you can afford to lose.
Related Intelligence
- Layer 1 vs Layer 2: How L2 canonical bridges work and why they're different from generic bridges.
- Smart Contracts: The code bridges run on, and the main attack surface for exploits.
- Stablecoins: Native stablecoin bridges (like Circle CCTP) are often the safest path.
Frequently Asked Questions
Related Intelligence
Fundamentals
Layer 1 vs Layer 2
L2 canonical bridges and their different security models.
Fundamentals
Smart Contracts
The code bridges run on, and the main attack surface.
Fundamentals
Stablecoins
Native issuer bridges for stablecoins avoid most bridge risk.
News
Hack News Impact
How bridge hacks propagate through crypto prices and sentiment.
Not financial advice. Educational purposes only. Do your own research.
Cryptint provides data and analysis for educational purposes only. Nothing on this site is financial advice. Past signals do not guarantee future results. Do your own research. Consult a licensed financial advisor before acting on any information presented here.