security bridges infrastructure hacks cross-chain

Why cross-chain bridges keep failing in exactly the same ways

bitcoinindex.net · · 6 min read
Why cross-chain bridges keep failing in exactly the same ways

Cross-chain bridges have lost $2.16 billion since 2021. Ronin: $615 million. Wormhole: $320 million. Nomad: $190 million. 2025’s first half added $3 billion more across 119 attacks.

Sherlock’s February 2026 security breakdown makes the depressing pattern clear: we’re still making the same mistakes. Trust assumptions coded as guarantees. Authentication failures at message boundaries. Systems that grant full authority through a single execution path.

The technology to build secure bridges exists. IBC works. LayerZero V2 learned the lessons. Yet teams keep cutting corners, and billions keep disappearing.

Bridges don’t move tokens, they move claims

Here’s the insight most teams miss. A cross-chain bridge doesn’t “move tokens”. It moves a claim that something happened on another chain, and asks the destination to treat that claim as real.

When you bridge 100 USDC from Ethereum to Arbitrum, Ethereum locks your tokens. A message claiming “User X locked 100 USDC” crosses to Arbitrum. Arbitrum mints bridged USDC if it believes the claim.

The security question isn’t “did the user lock USDC?” It’s “how does Arbitrum verify that claim?”

This is why bridges are security adapters between consensus domains. They translate finality, membership, and authorization from one chain into another’s execution environment. When that translation breaks, losses aren’t incremental. They’re total.

Four ways to trust, four ways to fail

Sherlock categorizes bridge verification into four families, each with distinct failure modes.

Light-client verification runs a verifier on the destination that checks source chain consensus proofs. The promise is “verify, don’t trust.” The failures: finality mismatches where “final” on chain A is weaker than chain B assumes, verifier bugs that let attackers forge proofs, and liveness failures when the source chain halts. IBC uses this model and mostly gets it right.

Committee verification uses a threshold of signers (multisig, oracle set, guardian committee) to attest that an event happened. Fast and simple. The failures are equally simple: key compromise, signer collusion, operational breakdown. Ronin lost $615 million in March 2022 when attackers compromised 5 of 9 validator keys. Game over.

Optimistic verification accepts messages by default and allows disputes within a time window. The promise is fast UX with fraud proofs. The failures: no honest watcher is online to dispute, griefing attacks spam false disputes and lock the bridge, or liveness collapses into “safe but unusable” states that force admin takeover. You’ve traded one trust assumption for a worse one.

ZK validity bridges generate zero-knowledge proofs that a source event occurred. Cryptographic security without intermediaries. The failures are subtle: circuit bugs where the proof system proves the wrong statement, specification mismatches where the circuit is correct but doesn’t match what the system needs, and upgrade governance problems. This is the future, but it’s not battle-tested at scale yet.

The hacks that keep happening

Three failure patterns account for most losses.

Destination accepts a message it shouldn’t. Wormhole’s February 2022 exploit cost $320 million because an attacker crafted a message that passed verification checks without valid signatures. They minted 120,000 wrapped ETH on Solana. Jump Crypto covered the loss, but the bug was straightforward: signature verification bypass. The kind of thing audits are supposed to catch.

Keys fail under adversarial pressure. Ronin’s March 2022 hack used social engineering and server compromise to steal validator keys. Five of nine was enough. $615 million gone. Sherlock’s warning is blunt: “Real attackers go after the shortest path to authority, and keys are often shorter than consensus.”

Replay and ordering gaps become extraction paths. Nomad’s August 2022 incident drained $190 million in four hours through a smart contract bug that let anyone withdraw funds without verification. Messages could be replayed by changing the recipient address. Hundreds of users (not a coordinated attacker) looted the bridge. The bug was obvious in retrospect: messages weren’t bound to specific domains, no sequence tracking, no replay protection.

Even when authentication is solid, ordering assumptions leak into application logic. A cross-chain flow that assumes ordered delivery becomes a money printer if messages arrive twice or out of order.

What actually works

Secure bridges treat inbound messages like hostile inputs. Strict decoding, strict bounds checks, tight allowlists. Only accept messages from specific source chains and contracts. Reject before mutating state.

Authentication must be explicit. Bind every message to source chain ID, source contract, destination chain ID, destination contract, and version. Separate “verified and committed” from “executed” so execution references an immutable commitment. LayerZero V2 splits verification, commit, and execution into distinct steps.

Design for duplicates, retries, and disorder. You will see all three. Make receive paths idempotent. A message processes at most once, or processing twice is harmless. If ordering matters, enforce it with explicit sequence numbers and fail closed when sequencing breaks. IBC makes ordering a protocol-level choice with built-in sequences and acknowledgments.

These aren’t novel insights. IBC shipped years ago. The patterns are documented. Teams ignore them anyway.

The 2026 shift: economics matter as much as forgery

Cross-chain security in 2026 isn’t just “can they forge a message?” It’s “can they profit by manipulating message timing?”

Sherlock’s analysis separates economic attacks from forgery because both can drain protocols. Searchers front-run messages between chains. Sandwich cross-chain liquidity operations. Manipulate price inputs that affect bridged asset valuation. MEV isn’t L1-only anymore.

Monitoring is now core security. Independent watchers, anomaly detection on message patterns, reconciliation checks that alert when balances drift from expected accounting. Many drains are fast. The only way to stop the bleed is early detection and circuit breakers.

Composability amplifies risk. When bridged assets become DeFi primitives (collateral in lending markets, LP tokens, derivatives), bridge failures propagate. If Aave on Arbitrum accepts bridged USDC priced by oracles pulling data from a third chain, a bridge failure becomes a liquidation cascade. Cross-chain security is systemic risk management.

The intent-based alternative

ERC-7683, proposed in May 2024 by Uniswap Labs and Across Protocol, offers a different model. Instead of passing messages, users sign cross-chain orders specifying desired outcomes. Solvers compete to fulfill intents. Settlement contracts verify execution and handle disputes.

Traditional bridges move messages and trust validators. Intent systems specify outcomes and trust settlement contracts plus solver incentives. It reduces reliance on trusted message passing. Competition among solvers creates redundancy and better pricing.

But it doesn’t eliminate the problem. Settlement contracts still need to be secure. Solver collusion is possible. Economic attacks (MEV, timing manipulation) remain. It’s a promising direction, not a silver bullet.

We know how to do this

The frustrating part: secure cross-chain design isn’t unsolved. IBC exists. The principles are documented. The failure modes are cataloged. Auditors know what to look for.

Yet billions keep disappearing because teams treat bridges like plumbing instead of attack surfaces. They assume signatures mean security. They skip replay protection. They grant full authority through a single execution path.

Sherlock’s February 2026 analysis isn’t revealing new attack vectors. It’s documenting why the old ones keep working. The technology exists. The knowledge exists. What’s missing is discipline.

Cross-chain infrastructure is the foundation for multi-chain crypto. If we can’t secure the bridges, the rest doesn’t matter.

Sources