Blockchain Bridges Explained: Why They're Risky
How bridges move value between chains, why the token you receive isn't quite the same as the one you sent, and what to check before you trust one with real money.
Why moving value between chains is hard in the first place
Every blockchain is its own independent, self-contained system with its own ledger, its own validators, and its own rules for what counts as a valid transaction. Ethereum doesn't know anything about Solana's state, and Solana doesn't know anything about Ethereum's. They don't share a database, and they don't automatically talk to each other. If you're unclear on how these base networks differ from the faster layers built on top of them, our Layer 1 vs Layer 2 guide covers that split in more depth.
That isolation creates a practical problem. An asset like ETH is native to Ethereum: it's tracked and secured entirely by Ethereum's own ledger. It doesn't natively exist on Solana, on an Ethereum layer 2, or on any other chain, because those chains have no concept of an Ethereum balance. If you want to use ETH's value somewhere else, whether that's another major chain like Solana or Bitcoin or a rollup, you need some tool that can move that value across the gap. That tool is a bridge.
How the most common bridge design actually works
There are a few different ways to build a bridge, but the most widely used pattern is called lock-and-mint, and it's worth understanding step by step because almost everything else about bridge risk follows from it.
You deposit your asset into a smart contract on the origin chain (say, ETH into a bridge contract on Ethereum). The contract locks it there, meaning it just sits untouched, not sent anywhere. The bridge then mints a new token on the destination chain, a "wrapped" version of your asset, usually labeled something like wETH, that represents a claim on the real ETH sitting locked back on Ethereum. You can now use that wrapped token on the destination chain like any other token there: trade it, use it in an app, hold it.
To go back, you reverse the process. You burn (permanently destroy) the wrapped token on the destination chain, and the bridge releases your original, locked ETH back to you on Ethereum. The wrapped supply and the locked reserve are supposed to move in lockstep: for every wrapped token in circulation, there should be one real, locked unit backing it somewhere.
A wrapped token is a claim, not the original asset
This is the part that's easy to gloss over. When you hold wETH on some other chain, you don't actually hold ETH. You hold a token that's only worth anything because you trust the bridge is honestly holding the real ETH it claims to be holding, and will honor your request to redeem it when you burn the wrapped version.
That's a real trust dependency, and it's different from holding the native asset. If you hold ETH directly on Ethereum, its validity depends only on Ethereum's own consensus rules. If you hold wrapped ETH on another chain, its value depends on Ethereum's rules and on the bridge behaving correctly and staying solvent. Add a dependency, add a way for things to go wrong. That doesn't mean wrapped assets are bad to use, it means they carry a layer of risk that the native asset simply doesn't have.
Why bridges have been such a common hacking target
It's worth being straightforward about this rather than glossing over it: bridges have been one of the most exploited categories in crypto, and there are structural reasons why, not just bad luck.
First, a bridge concentrates a large amount of value in one place. All the locked originals backing every wrapped token in circulation typically sit in a single smart contract or a small set of them. That makes the contract an extremely attractive target: a successful exploit against it can expose everything it's holding, not just one user's funds.
Second, bridges have to coordinate trust or verification across two entirely different blockchain systems, often with different security assumptions, different validator sets, and different software. Getting that coordination right is genuinely harder to design and harder to audit than a typical smart contract that only has to reason about a single chain's rules. That extra complexity has historically translated into more places for mistakes to hide. This is a well-documented, industry-wide pattern rather than a problem specific to any one project.
The different trust models bridges use
Not all bridges are built the same way, and the differences matter for how much you're actually trusting when you use one.
- Custodial or centralized bridges. A single company or entity directly controls the locked funds and decides when to mint or release them. These tend to be the fastest and simplest to use, but you're trusting that one entity to behave honestly, stay solvent, and not get compromised.
- Federated or multisig bridges. A group of validators collectively controls the locked funds, typically requiring some threshold of them (say, a majority) to sign off on releasing assets. This spreads trust across multiple parties instead of one, but it still depends on that group not colluding and not being compromised together.
- Trust-minimized bridges. A newer, still-maturing category that tries to rely on cryptographic proofs or the destination chain's own ability to verify the origin chain's state, rather than leaning on a separate trusted party at all. These aim to reduce how much you have to trust any single group of people, though the underlying techniques are still an active area of research and vary a lot in how mature and battle-tested they are.
What to check before you bridge anything meaningful
Before moving real value across a bridge, it's worth spending a few minutes understanding what you're actually relying on. A few practical checks:
- Know the trust model. Is this bridge custodial, federated, or trust-minimized? That tells you who or what you're actually trusting if something goes wrong.
- Check how long it's been running. A bridge that's operated without incident for a long stretch, through real market stress, has demonstrated something a brand-new one hasn't had the chance to yet.
- Don't treat wrapped assets as interchangeable with the native asset. A wrapped token and its native counterpart usually trade close to the same price, but they aren't identical in risk. Price a wrapped asset with its bridge dependency in mind, not just its ticker.
- Only bridge what you need. Moving exactly what you need for the task at hand, rather than parking large amounts of value across a bridge indefinitely, limits how much is exposed to any single point of failure.
None of this means bridges should be avoided. Moving value between chains is a normal, necessary part of using crypto beyond a single network. It just means treating a bridge as a piece of infrastructure with its own risk profile, worth understanding before you rely on it, rather than an invisible pipe that always just works. If a term here didn't quite land, our Crypto & Trading Glossary has plain-English definitions for the rest of the vocabulary around chains and bridges.
Keep learning the fundamentals
Free · No sign-up · Part of the LabelYX Learn series