A bridge moves value between two blockchains. Since blockchains don't natively know about each other, the bridge always involves locking the asset on the source chain and minting a representation on the destination chain.
That representation is called a wrapped asset. Wrapped Bitcoin (WBTC) on Ethereum is a Bitcoin-pegged token. Wrapped ETH (WETH) on Solana is the same idea, the other direction. The wrapped token isn't Bitcoin or ETH itself — it's a synthetic that the bridge promises to redeem 1:1 for the original.
Why wrapped assets exist
You can't natively use Bitcoin on Ethereum smart contracts; Bitcoin doesn't have smart contracts. You can't natively use ATOM on Ethereum DeFi; Cosmos and Ethereum speak different languages.
Wrapped assets translate between them. The wrapped token follows Ethereum's ERC-20 standard so it can plug into Uniswap, Aave, etc. The bridge keeps the real BTC locked in an escrow address on Bitcoin and mints exactly that many WBTC on Ethereum.
The bridge's job in three steps
- Lock. User sends real asset to a bridge-controlled escrow address on chain A.
- Prove. Bridge mechanism proves to chain B that the lock happened.
- Mint. Wrapped token is created on chain B and sent to the user.
The "Prove" step is where bridges differ — and where they get hacked. We cover trust models in the next lesson.
Wrapping vs swapping vs IBC
Three things people confuse:
- Wrapping — Bridge locks asset A on chain X, mints wrapped-A on chain Y. The wrapped token has 1:1 backing.
- Swapping — DEX trades asset A for asset B. No bridge involved; both assets must already be on the same chain.
- IBC (Inter-Blockchain Communication, Cosmos) — Native cross-chain transfer protocol that doesn't require a bridge contract. Each chain runs a light client of the other. Iter-G's cosmos.101 course covers this.
When you "bridge ETH to Solana", you actually wrap ETH into wormhole-ETH on Solana. The Solana side is a synthetic; the real ETH is sitting locked in Wormhole's L1 contract.
Trust = lock-side custody
The most important sentence in this course: whoever controls the lock controls your funds. If a bridge has a multisig holding all the locked BTC, and that multisig gets compromised, every WBTC holder loses everything.
Different trust models distribute the "controls the lock" question differently:
- Federated multisig. A group of validators (5-of-9, 13-of-19) signs to release funds. Compromise the signers → drain the lock. ~$2B has been lost this way.
- Light client. Each chain runs a verifier of the other chain's consensus. No multisig signs releases; the cryptography of the source chain itself authorises them. Hardest to attack but most expensive to build.
- Optimistic. Withdrawals are pending for 7 days; anyone can challenge a fraudulent one. Cheaper than light-client but introduces the wait.
- Centralised. A company (Circle, Ripple) issues the wrapped asset and trusts itself to mint/burn correctly.
The wallet's bridge picker uses all four trust models. Iter-A through G shipped 6 different bridges.
Why the wallet has 6 bridges
Different routes need different bridges. Native XRPL ↔ XRPL-EVM uses Ripple's centralised native bridge (low-fee, fastest, single trust point). XRPL ↔ Ethereum L1 has Axelar + LayerZero. ETH ↔ Polygon uses CCTP for USDC. Polkadot ↔ Ethereum uses Snowbridge.
Each route has trade-offs. The wallet's bridge picker shows you the options and lets you pick (or accepts the recommended default).
The TL;DR
A bridge is a lock-and-mint mechanism. Wrapped assets are synthetic representations. Trust models vary; bridge hacks are common. The wallet's job is to pick the best-trust route for each (source, destination, asset, amount) — and let you override.
Next: the trust models in detail.