h hoge.gg
Subscribe
BTC$67,432.18+2.34%ETH$3,521.44+1.08%SOL$178.62-0.62%BNB$612.30+0.41%XRP$0.6234-0.18%ADA$0.4521+3.12%DOGE$0.1623+1.86%AVAX$38.71-1.24%LINK$17.84+0.92%HOGE$0.00004120+4.21%
BTC$67,432.18+2.34%ETH$3,521.44+1.08%SOL$178.62-0.62%BNB$612.30+0.41%XRP$0.6234-0.18%ADA$0.4521+3.12%DOGE$0.1623+1.86%AVAX$38.71-1.24%LINK$17.84+0.92%HOGE$0.00004120+4.21%
● Security & Exploits

Anatomy of a Bridge Hack: Why Crypto’s Weak Link Keeps Breaking

Cross-chain bridges have leaked billions since 2021, from Ronin to KelpDAO. Here's how the biggest hacks worked, and why fixes keep lagging behind the money.

Why Cross-Chain Bridges Are Crypto’s Weakest Link

In 2022 alone, attackers stole roughly $2 billion from cross-chain bridges across 13 separate incidents, according to Chainalysis, which at the time worked out to about 69% of all crypto stolen that year. Four years later, the pattern has not gone away. A single April 2026 attack on the liquid restaking protocol KelpDAO drained close to $292 million through a compromised bridge, and cross-chain exploits kept adding to that toll through the rest of the year. Bridges remain, by a wide margin, the single most lucrative target in crypto.

The reason is structural, not incidental. A bridge exists to solve a problem blockchains were never built to solve: letting value and information move between networks that otherwise cannot see each other. Doing that safely means concentrating enormous value, often hundreds of millions of dollars in locked collateral, behind a security model that is almost always thinner than the blockchains on either side of it. Ethereum’s validator set numbers in the hundreds of thousands; the bridges connecting Ethereum to everything else are typically secured by a committee of a dozen signers or fewer. Ethereum co-founder Vitalik Buterin flagged this mismatch back in January 2022, arguing that “there are fundamental limits to the security of bridges that hop across multiple ‘zones of sovereignty’” (Cointelegraph). His broader point, that crypto’s future would be multi-chain but not genuinely cross-chain, has held up well: almost every headline hack of the past five years traces back to exactly the kind of narrow, easily subverted trust boundary he described.

This piece works through how bridges are actually built, the recurring failure patterns behind the biggest hacks in crypto history (Poly Network, Ronin, Wormhole, Harmony’s Horizon Bridge, Nomad, BNB Bridge, Multichain, and 2026’s KelpDAO exploit), what was and was not recovered in each case, and where the industry and regulators are, and are not, making progress.

How Cross-Chain Bridges Actually Work

No blockchain can natively read another blockchain’s state. Bitcoin has no idea Ethereum exists; Solana cannot verify an Arbitrum transaction on its own. A bridge is the software, and often the small group of humans and servers behind it, that stands in the middle, watches one chain, and relays a claim about what happened there to a second chain. Nothing physically moves. In the most common design, a user locks or burns tokens on the source chain, the bridge observes and verifies that event, and a matching amount of tokens is then minted or released on the destination chain. The two ends are only as trustworthy as whatever verifies the link between them.

What actually crosses bridges in practice is anything liquid enough to be useful as collateral on more than one chain: wrapped Bitcoin, bridged ETH, stablecoins, and increasingly liquid staking and restaking tokens that need to move across rollups and appchains to stay productive everywhere at once (see our comparison of Lido, Rocket Pool, and Frax’s liquid staking tokens for how those derivatives work before they ever touch a bridge). Every one of those assets, once bridged, is only an IOU backed by whatever the bridge is actually holding on the original chain.

Security researchers commonly group bridge designs into four broad trust families: light client verified messaging, committee or external attestation, optimistic verification, and ZK validity proofs. The table below breaks down how each actually verifies a cross-chain claim, which real bridges use it, and where the risk concentrates.

Trust ModelHow It VerifiesExample BridgesWhere Risk Concentrates
Federated multisigA fixed, small set of signers approves every withdrawalRonin (2022), Harmony Horizon, early MultichainWhoever physically holds the signing keys
External validator networkA separate set of off-chain validators or oracles watch the source chain and sign attestations for the destinationWormhole (19 guardians), LayerZero (DVNs), AxelarBugs in the verification code, or compromise of the off-chain network itself
Optimistic (fraud-proof)Messages are assumed valid and executed after a challenge window unless a watcher proves fraudNomad, AcrossA single misconfiguration can validate everything at once; also depends on someone actively watching
Light client / ZK validityThe destination chain cryptographically verifies the source chain’s actual consensus, or a succinct proof of itIBC (Cosmos), Polyhedra zkBridgeComputational cost and complexity; still a small share of total bridge volume
Liquidity networkIndependent relayers front liquidity on the destination chain and get repaid from a source-chain pool; no wrapped asset is mintedAcross, HopRelayer and liquidity pricing risk rather than consensus risk

Trust-minimized designs, light clients and ZK validity proofs, are the theoretical end state because they let the destination chain verify the source chain’s actual consensus rather than trusting a third party to report it honestly. In practice they remain a small share of total bridge volume: they are expensive to run on-chain, hard to build correctly for chains with very different consensus mechanisms, and still maturing as production infrastructure. Most of the value moving across chains today, and most of the value stolen from bridges, still passes through the first two categories in that table.

The Anatomy of a Bridge Exploit

Strip away the technical specifics and almost every major bridge hack reduces to one sentence: the destination chain accepted a claim about the source chain that was not actually true. Sometimes that is because the people who were supposed to check the claim had their keys stolen. Sometimes it is because the code that was supposed to check the claim had a bug. Sometimes, as with Multichain, there was no meaningful check at all once one person controlled the entire operation.

The composition of that damage has shifted in a telling way. TRM Labs’ review of the first half of 2026 found that smart-contract exploits made up the majority of individual hacking incidents industry-wide, but only a small share of the dollar value stolen; infrastructure, key, and operational compromises accounted for roughly 15% of incidents but around 76% of the value lost (TRM Labs). Bridges are where that pattern shows up most starkly: a handful of compromised signers or a single forged message tends to be worth far more than any individual Solidity bug, precisely because a bridge’s entire reserve sits behind one verification step.

The case studies below cover seven distinct ways that verification step has failed in practice:

  • Signer or validator key compromise, where attackers obtain enough private keys to meet a multisig threshold
  • Signature verification bugs, where the code meant to check a cryptographic signature can be bypassed entirely
  • Access control flaws, where a privileged function can be called by anyone, not just the intended administrator
  • Initialization and logic errors, where a default or misconfigured value accidentally validates everything
  • Proof forgery, where an attacker fabricates a cryptographic proof the bridge fails to check properly
  • Centralized operator collapse, where a bridge’s real security was always just one person or company
  • Off-chain infrastructure compromise, where attackers target the servers and networks a bridge relies on rather than its smart contracts

What follows is not so much a ranking as a chronology. Read in order, the eight cases below trace how bridge security actually evolved, or failed to, from 2021 through the middle of 2026.

Poly Network (2021): $611 Million Stolen, and Handed Back

On August 10, 2021, an attacker exploited Poly Network, an interoperability protocol linking Ethereum, BNB Chain, and Polygon, for more than $610 million, at the time the largest DeFi hack ever recorded. The bug lived in a mismatch of privileges between two of Poly Network’s core contracts: EthCrossChainManager was allowed to call privileged functions inside EthCrossChainData, including the function that registers the “Keeper” public key authorized to approve cross-chain withdrawals. The attacker crafted a transaction that used this legitimate permission to register their own key as the Keeper, then used that new authority to approve withdrawals of virtually every asset the protocol held (Kraken).

What happened next became one of crypto’s stranger case studies in incident response. Poly Network posted an open letter to the attacker on social media asking for the funds back. The attacker began returning tokens within a day, communicating through messages embedded in on-chain transactions, and eventually described the exploit as being done partly “for fun” and to expose the vulnerability before someone more malicious found it. Poly Network, in turn, addressed the attacker as “Mr. White Hat,” publicly offered a $500,000 bounty and a symbolic “chief security advisor” title in exchange for full cooperation, and confirmed within about two weeks that essentially all of the stolen assets had been recovered. It is a resolution that has never quite repeated at that scale since, and it set an informal template, negotiate publicly, offer a bounty, treat voluntary return as a get-out clause, that later hacks like Nomad would try to copy with far less success.

Ronin Bridge (2022): A Fake Job Offer and $625 Million

Ronin is the Ethereum-linked sidechain built by Sky Mavis to run the play-to-earn game Axie Infinity, and its bridge remains the single largest crypto theft on record. The bridge’s security rested on a 5-of-9 validator multisig, but Sky Mavis directly controlled four of those validators, and a fifth, run by the Axie DAO, had been granted emergency signing authority back to Sky Mavis during a 2021 traffic surge and simply never had that authority revoked. An attacker who compromised Sky Mavis alone could reach five signatures without touching a single independent validator.

That is exactly what happened. Lazarus Group operatives, per U.S. officials, approached a senior Sky Mavis engineer on LinkedIn with a fake job offer, walked them through a fabricated interview process, and delivered a PDF laced with spyware as part of a bogus offer letter. The malware gave attackers a foothold inside Sky Mavis’ systems and, from there, access to the validator keys. The first fraudulent withdrawals hit on March 23, 2022; nobody noticed until March 29, when a user could not withdraw funds, by which point 173,600 ETH and 25.5 million USDC, worth about $625 million at the time, were gone (CoinDesk).

Sky Mavis raised $150 million in a Binance-led round in April 2022 specifically to backstop reimbursements, though it ultimately drew only a fraction of that and covered most of the shortfall from its own balance sheet, fully reimbursing affected users by the end of June (CoinDesk). Recovery of the stolen funds themselves has been much slower: law enforcement seizures and voluntary returns have clawed back tens of millions of dollars over time, a small fraction of the original $625 million, most of which remains attributed to North Korean state hacking operations.

Wormhole (2022): $325 Million From One Missing Check

Wormhole connects Solana to Ethereum and several other chains, and on February 2, 2022, an attacker found that one of its Solana-side smart contracts still called a deprecated verification function that failed to properly confirm a signature account belonged to Wormhole’s own guardian network. That gap let the attacker forge what looked like a validly signed message, a so-called Validator Action Approval, authorizing the mint of 120,000 wrapped ETH without ever getting the required sign-off from Wormhole’s guardians. The attacker then redeemed the counterfeit tokens for real ETH through the bridge’s normal unwrap process, netting roughly $325 million (Halborn).

Wormhole’s backstop was unusually fast. Jump Crypto, parent of Wormhole’s primary developer Certus One, deposited 120,000 ETH of its own funds into the bridge within about a day of the exploit, making users whole and keeping the protocol solvent without waiting on recovery or negotiation. It remains one of the only cases on this list where the immediate loss was fully absorbed by a single backer rather than by users, a bounty, or years of litigation.

Harmony’s Horizon Bridge (2022): $100 Million Through a Two-of-Five Multisig

Harmony’s Horizon Bridge needed only two signatures out of five to move funds, a notably low threshold for a bridge holding tens of millions of dollars in reserves. On June 23, 2022, attackers later attributed by the FBI to North Korea’s Lazarus Group and APT38 used compromised keys to push through eleven transactions and drain roughly $100 million in ETH, USDC, and other assets (CoinDesk).

The stolen funds moved through a now-familiar laundering circuit: Tornado Cash, the decentralized exchange Uniswap, and the mixer Sinbad.io, which the U.S. Treasury’s Office of Foreign Assets Control sanctioned in November 2023, specifically citing its role laundering proceeds from both the Horizon Bridge theft and the earlier Ronin hack (U.S. Department of the Treasury). Recovery for Harmony users was limited: exchanges intercepted a small amount of stolen Bitcoin worth a few million dollars, but the large majority of the $100 million was never returned, and Harmony’s own ONE token dropped sharply on the news.

Nomad (2022): $190 Million and a Free-for-All

Nomad’s failure was almost embarrassingly simple to trigger, once someone found it. A routine contract upgrade on July 31, 2022 initialized the bridge’s “trusted root,” the reference value against which incoming messages get checked, to a blank value. The problem was that this same blank value was also the default the contract used for messages that had never been proven at all. In effect, every single message, proven or not, now matched the trusted root and was treated as valid. Nomad’s core verification function had stopped actually checking anything.

One attacker found the flaw and drained funds on August 1, 2022. What happened in the following hours was, in Google Cloud’s Mandiant threat intelligence team’s words, closer to “decentralized robbery” than a conventional hack (Mandiant). Because exploiting the bug required nothing more than copying the first attacker’s transaction and swapping in a different destination address, hundreds of unrelated wallets, many belonging to people with no real hacking skill at all, piled in and drained roughly $190 million between them before the bridge could be paused.

Nomad offered a 10% white-hat bounty to anyone who returned what they took, and recovered about $36 million that way, a fraction of the total. Law enforcement pursued the rest for years afterward, and a key suspect in the exploit was eventually extradited to the United States, a reminder that even a chaotic, crowdsourced hack eventually narrows back down to identifiable individuals.

BNB Bridge: A Forged Proof and a $566 Million Near-Miss

In October 2022, an attacker targeted the BSC Token Hub, the bridge linking the original BNB Beacon Chain to BNB Smart Chain, by forging a Merkle proof that convinced the bridge a deposit had occurred when it had not. The forged proof let the attacker mint 1,000,000 BNB, and then mint the same amount again, worth roughly $566 million combined at the time (Halborn).

What limited the damage was BNB Chain’s own centralization. Its validator set, small enough to coordinate quickly, voted to halt the entire chain within hours of the exploit being detected, freezing roughly $430 million of the minted tokens before they could move further. Security firm SlowMist estimated that only around $100 million to $110 million actually made it off BNB Chain to other networks before the freeze, and Tether separately blacklisted several million dollars more in stolen assets. There is a real irony here: the same small, centralized validator set that made the Token Hub a viable target in the first place is also what allowed the network to respond fast enough to contain most of the damage. A more decentralized chain with thousands of independent validators could not have coordinated an emergency halt nearly as quickly.

Multichain: When the Bridge Operator Disappears

Every case above is, in some sense, a story about code or keys failing. Multichain, formerly known as Anyswap, is a story about what happens when a bridge’s real security was never more than one person’s discretion. Multichain routed cross-chain transfers through a network of MPC, or multi-party computation, nodes, but effective operational control, and by most accounts the actual keys, sat with founder and CEO Zhaojun.

On May 21, 2023, Chinese police took Zhaojun into custody and confiscated his computers, phones, and hardware wallets. The rest of the Multichain team lost contact with him and, more importantly, lost access to the infrastructure he alone controlled. On July 7, 2023, roughly $130 million in user funds moved out of Multichain’s contracts to unknown addresses; Zhaojun’s sister then moved a further large tranche, describing it publicly as a “preservation” measure to keep it safe, only to be detained herself days later, leaving the status of those funds uncertain (CoinDesk). Multichain shut down entirely soon after, citing a lack of alternative sources of information and operational funds.

The aftermath has dragged on for years. Singapore’s High Court later approved liquidating the Multichain Foundation, with KPMG appointed to pursue recovery, while a New York court has kept an extended freeze on tens of millions of dollars in stolen USDC by ordering Circle to keep the relevant wallets blacklisted. By 2026, litigation over recovery, including a potential claim worth tens of millions of dollars from early Fantom-network users, was still working its way through the courts, more than two and a half years after the collapse. No smart contract bug was ever required. A bridge is only as decentralized as its weakest operational dependency, and Multichain’s was a single founder who could be taken off the board in an afternoon.

2026’s Warning Shot: KelpDAO, LayerZero, and the DVN Dispute

On April 18, 2026, attackers linked to North Korea’s Lazarus Group stole 116,500 rsETH, KelpDAO’s liquid restaking token (see our beginner’s guide to restaking for how these tokens are backed), worth about $292 million, making it the largest single crypto hack of the first half of 2026. Like Ronin and Harmony before it, this was not a smart-contract bug. Attackers compromised internal RPC infrastructure feeding LayerZero’s Decentralized Verifier Network for the rsETH deployment, while simultaneously running denial-of-service attacks against external RPC providers so the compromised feed looked like the only available source of truth. That let them push through a spoofed cross-chain message and mint counterfeit rsETH elsewhere in the ecosystem.

The underlying configuration mattered enormously. The rsETH deployment used a 1-of-1 DVN setup, meaning a single verifier’s word was enough to approve a cross-chain message, rather than requiring multiple independent DVNs to agree. LayerZero and KelpDAO spent the following weeks publicly blaming each other for that choice: LayerZero maintained that Kelp had manually downgraded from a safer multi-DVN configuration and that a 1-of-1 setup fell outside its bug bounty’s scope, while Kelp argued the configuration had effectively been sanctioned by LayerZero at the time it was deployed (CoinDesk). Ben Fisch, CEO of Espresso Systems, summed up the deeper design flaw regardless of who was at fault: “Most bridges don’t fully verify what happened on another chain. Instead, they rely on a smaller system to report it,” he told CoinDesk, adding that “the bridge worked as designed. It just believed the wrong information.” 1inch co-founder Sergej Kunz, describing the industry’s incentives more broadly in the same report, put it more bluntly: “Security is often not the top priority. Teams focus on launching quickly,” warning that a single compromised bridge can drag down otherwise unrelated protocols because “that’s how contagion happens” once bridged assets are treated as legitimate collateral elsewhere.

The recovery, unlike almost every earlier case on this list, actually worked. A coalition of DeFi protocols organized as “DeFi United,” including Aave and Mantle, helped rebuild rsETH’s backing over roughly five weeks: a first tranche of 25,000 rsETH restored bridging between Ethereum and its Layer 2 networks by mid-May, and a final tranche of 20,373.72 rsETH closed out the recovery by May 25, with accrued staking rewards paid through to depositors and no losses ultimately passed on to users (Incrypted). Aave’s own rsETH lending market still absorbed well over $150 million in bad debt at points during the crisis, a cost the wider DeFi ecosystem effectively socialized to make Kelp depositors whole.

The exploit’s longer shadow fell on LayerZero itself. Within weeks, LayerZero conceded that allowing 1-of-1 DVN configurations for production assets had created unacceptable risk and moved its default pathways toward much higher verification thresholds. Even so, protocols managing roughly $4 billion in bridged assets, including Kraken’s kBTC and the liquid Bitcoin platform Lombard, announced plans to shift their cross-chain infrastructure to Chainlink’s Cross-Chain Interoperability Protocol instead (CoinDesk). Trust, once broken on a bridge, tends to migrate toward whoever looks hardest to configure down to a single point of failure.

Bridge Hacks by the Numbers

Laid side by side, the eight cases above cover roughly five years and, depending on how partial recoveries and disputed totals are counted, well over $2 billion in attempted or successful theft from cross-chain infrastructure alone.

BridgeDateAmount StolenRoot CauseOutcome
Poly NetworkAug 2021~$611MAccess control flaw let attacker register as “Keeper”Nearly all funds voluntarily returned within two weeks
Ronin BridgeMar 2022~$625MValidator keys compromised via social engineeringSky Mavis reimbursed users; tens of millions later seized or returned
WormholeFeb 2022~$325MDeprecated function skipped signature verificationJump Crypto replaced the full amount within about a day
Harmony HorizonJun 2022~$100MTwo of five multisig keys compromisedOnly a small fraction recovered
NomadAug 2022~$190MTrusted root initialized to a blank value, validating all messages~$36M returned under a bounty program
BNB Bridge (Token Hub)Oct 2022~$566M minted (~$100-110M left the chain)Forged Merkle proofChain halted by validators within hours
MultichainJul 2023~$130M (initial reported outflow)Centralized operator arrested, keys seizedProtocol shut down; liquidation still in courts as of 2026
KelpDAO / LayerZeroApr 2026~$292MRPC infrastructure compromise, spoofed message to a 1-of-1 verifierFully restored in about five weeks; no user losses

A few patterns jump out. Recovery outcomes are almost bimodal: either close to 100%, as with Poly Network and Wormhole, because a hacker chose to negotiate or a well-capitalized backer chose to absorb the loss, or a small single-digit-to-low-double-digit percentage, because the money genuinely left the ecosystem through mixers and cross-chain hops faster than anyone could freeze it. Only KelpDAO managed something in between: a near-full recovery achieved not through the attacker’s goodwill or one company’s balance sheet, but through a coordinated, multi-protocol bailout, arguably a new template for what happens after a bridge hack in a DeFi ecosystem mature enough to coordinate one.

How the Industry Is Trying to Fix Bridges

The most immediate fixes target the multisig and validator-key layer, since that is where most of the value on this list actually left the building. Security groups like the Security Alliance now publish concrete thresholds: a minimum of three signers and a majority-plus threshold for anything material, seven or more signers for wallets holding above $1 million, hardware from different manufacturers, geographically separated custody, and mandatory out-of-band verification before signing. None of that is exotic advice; Ronin and Harmony were both breached at thresholds and diversification levels well below it.

Audits remain necessary but demonstrably insufficient on their own. Several of the protocols behind the hacks on this list, and plenty of others that got hit before and since, had already passed third-party security reviews; our deeper look at CertiK, one of the industry’s largest auditors, and its own scandals covers why a clean audit report has never been a guarantee against exactly this category of failure. Audits are snapshots of code at a point in time; they say very little about who holds a signing key six months later, or whether a verifier network gets quietly reconfigured from a multi-party setup down to a single point of failure under commercial pressure.

The more structural response is a shift toward verification models that are harder to quietly weaken. Chainlink’s Cross-Chain Interoperability Protocol, the main beneficiary of the post-KelpDAO exodus from LayerZero, secures each cross-chain lane with a minimum of sixteen independent node operators rather than a single configurable verifier, a design goal Chainlink co-founder Sergey Nazarov has summed up as “defense in depth, not blind trust” (Chainlink). Zero-knowledge light-client bridges, such as Polyhedra’s zkBridge, push further still, using succinct cryptographic proofs so the destination chain can verify the source chain’s actual consensus rather than trusting any external party’s report of it. That approach remains a small fraction of total cross-chain messaging volume in 2026, but it is increasingly showing up as a verification module bolted onto existing systems like LayerZero’s DVNs, rather than as a wholesale replacement for them.

Whitehat bounty norms, informally invented by Poly Network’s negotiation in 2021 and later formalized by groups like the Security Alliance’s Safe Harbor framework, have also become closer to standard practice: a public, legally structured offer to return funds within a set window in exchange for a capped bounty and no prosecution, rather than hoping an attacker feels like negotiating. It will never recover everything Nomad or Harmony lost, but across the industry as a whole it has clearly recovered more than doing nothing.

The Regulatory Blind Spot

Bridges sit in an awkward regulatory gap almost by design. A centralized exchange has a headquarters, a legal entity, and in the United States, direct exposure to SEC and CFTC oversight. A bridge is frequently governed by a multisig whose signers are spread across several countries, or by a foundation with no clear operating entity at all, and the tokens it moves raise a question regulators have never fully settled: is a bridged or wrapped asset the same security or commodity as the original, a derivative of it, or something else entirely. The CLARITY Act, which would formally divide digital asset oversight between the SEC and CFTC (our explainer on the CLARITY Act covers the mechanics), is aimed largely at that jurisdictional ambiguity, but it does not specifically address who, if anyone, is supposed to directly supervise a bridge’s operational security the way a banking regulator supervises a custodian.

Where U.S. authorities have shown up in practice is downstream, going after laundering infrastructure rather than the bridges themselves. Treasury’s Office of Foreign Assets Control sanctioned Tornado Cash in August 2022, citing its role laundering more than $7 billion in virtual currency, including funds specifically traced to the Ronin, Harmony, and Nomad hacks by name (U.S. Department of the Treasury). It took similar action against the mixer Sinbad.io in November 2023, again citing laundering tied to Ronin and Harmony, as noted above.

That approach has since run into real legal limits. In November 2024, the Fifth Circuit Court of Appeals ruled that OFAC had exceeded its authority sanctioning Tornado Cash, reasoning that immutable smart contracts cannot qualify as “property” under the sanctions statute because there is no person left to actually control them once deployed. Treasury formally removed Tornado Cash from its sanctions list in March 2025 (Forbes). The same structural property that makes bridges so hard to secure, no single operator left to hold accountable once the code is live, turns out to make them just as hard to regulate after the fact. Criminal enforcement against individuals has fared better than sanctions against protocols: DOJ prosecutions tied to the Nomad exploit and ongoing Lazarus-linked indictments continue to work through the courts even as the sanctions toolkit gets narrowed.

Frequently Asked Questions

What is a crypto bridge hack and how does it happen?

A crypto bridge hack occurs when an attacker manipulates a cross-chain bridge, the software that lets tokens or messages move between separate blockchains, into releasing or minting assets it should not. Because bridges typically lock or burn tokens on one chain and mint or release equivalent tokens on another based on a claim that the first transaction actually happened, an attacker only needs to falsify that claim, whether by stealing the keys that approve it, forging the cryptographic proof behind it, or exploiting a bug in how it gets verified, to walk away with everything the bridge holds in reserve.

Why are cross-chain bridges the most-hacked part of crypto?

Bridges combine two things attackers love: a very large, concentrated pool of locked value, often hundreds of millions of dollars in a handful of smart contracts or wallets, and a comparatively thin security perimeter, usually a small multisig or validator committee rather than the full weight of a major blockchain’s consensus. That combination made bridges the single largest category of crypto losses in years like 2022, when Chainalysis attributed roughly 69% of all stolen crypto to bridge exploits.

What is the biggest bridge hack in crypto history?

The Ronin Bridge hack in March 2022 remains the largest, with attackers linked to North Korea’s Lazarus Group draining about $625 million in ETH and USDC from the Axie Infinity sidechain after compromising validator keys through a fake job offer. Poly Network’s $611 million exploit in August 2021 is a close second by amount stolen, though almost all of those funds were returned within about two weeks.

Can funds stolen in a bridge hack ever be recovered?

Sometimes, but rarely in full. Poly Network and Wormhole are the standout cases: Poly Network’s attacker voluntarily returned virtually everything, and Jump Crypto simply replaced Wormhole’s stolen ETH from its own reserves. Other cases recover only a fraction through bounties, law enforcement seizures, or years of civil litigation; Nomad recovered about $36 million of $190 million through a bounty program, while Multichain users are still pursuing recovery through the courts years after that bridge collapsed.

How can I tell whether a bridge is safe to use?

Check who or what actually controls the funds: a bridge secured by a small multisig with no published signer diversity is riskier than one using a larger external validator network or a light client design, and a protocol that discloses audits, bug bounty coverage, and its trust assumptions in plain language is generally safer than one that does not. It also helps to check whether a bridge has faced a prior incident and, if so, whether it publicly changed its architecture afterward, the way LayerZero raised its minimum verifier thresholds after the 2026 KelpDAO exploit.

By the HOGE Wire Security Desk.

Share 𝕏 Post Telegram