G GOPNIK ACADEMY
Bridges 101 — Initiate · Lesson 4 of 5

A short history of bridge hacks — $2.5B lost

5 min · read

Back to course

Bridges are the largest single attack surface in crypto. Roughly $2.5 billion has been lost to bridge exploits since 2021. Understanding the incidents shapes which bridges the wallet integrates and which it refuses to touch.

The big ones

Ronin Bridge — March 2022 — $625M The bridge for Axie Infinity, a Solana-Ethereum federation with a 5-of-9 multisig. Attackers (later attributed to North Korea's Lazarus Group) phished four validators via fake job interviews, then compromised the fifth that was held by an organisation Sky Mavis had outsourced control to. Result: full drain of the bridge's ETH + USDC pools.

Lesson: 5-of-9 is too few. Operational security of validators matters more than the math.

Wormhole — February 2022 — $326M A signature-verification bug let an attacker forge a wrapped-ETH mint message that the bridge accepted as valid. Wormhole's solana contract had verify_signatures() and post_vaa() as separate steps; the attacker passed an invalid VAA but pre-existed mock signatures to make it appear verified. Drained 120k ETH.

Lesson: code-level bugs in bridge contracts are catastrophic because the entire bridge balance is in scope.

Nomad — August 2022 — $190M A faulty contract upgrade marked a zero merkle root as "trusted". Any user could submit any withdrawal with a default proof, and the bridge would honour it. Within minutes, hundreds of users (and bots) drained it. Nomad pleaded with users to return funds; some did.

Lesson: optimistic bridges fail catastrophically if no one is watching. Bug-bounty + active monitoring is necessary.

Poly Network — August 2021 — $610M A single attacker exploited a permissionless function that let any address designate itself as the bridge's keeper. They then "withdrew" all assets to their own address. The attacker (calling themselves "Mr. White Hat") returned the funds within a week.

Lesson: missing access control on privileged functions. Bridges should re-verify every privileged operation.

Harmony — June 2022 — $100M Harmony's bridge multisig was 2-of-5. Attackers compromised 2 validators. Drained the bridge.

Lesson: even smaller than Ronin and even faster compromise.

BNB Bridge — October 2022 — $570M A bug in the IAVL+ tree verifier let the attacker forge a proof that they'd locked 2M BNB on Beacon Chain when they hadn't. The bridge minted 2M BNB on BSC for them. BSC halted the chain to prevent withdrawals; most was clawed back.

Lesson: proof-verification logic in bridges is among the most critical code in crypto.

What the cumulative numbers look like

Year Bridge losses Notes
2021 $620M Poly Network ($610M) dominates; user funds recovered
2022 $1.95B Ronin, Wormhole, Nomad, Harmony, BNB Bridge
2023 $360M Multichain, Orbit Chain, smaller incidents
2024 $180M Heco Bridge, LayerSwap
2025 $90M Various smaller
2026 (in progress) TBD

The trend is improving — newer bridges with better trust models lose less. But ~$200M/year still gets stolen.

Why bridges are uniquely risky

Three reasons:

  1. Concentrated TVL. A bridge's lock is the sum of every user's deposit. Compromise it and you get everyone's funds.
  2. Complex multi-chain code. Bridge contracts must reason about state on chain A from chain B's perspective. The implementation surface is large.
  3. Slow detection. A bug-bounty submission for a bridge bug might take days to triage. A bridge drain takes minutes.

Compare to a lending protocol: bad debt is bounded by the protocol's TVL; bridge drain is bounded only by the lock balance.

What the wallet does with this

Three policy decisions informed by this history:

  1. No Bitcoin bridges in iter-A-H. Bitcoin bridges have a near-100% incident rate. We expose native BTC + Lightning + RGB; Bitcoin↔Ethereum requires the user to leave the wallet.
  2. Light-client over federated where available. IBC and Snowbridge are preferred for their routes.
  3. Bridge picker shows ALL options. No hidden defaults. The user sees the security tier and chooses.
  4. Bridge-specific feature gates. Crossing-chain operations require the crosschain.401 cert above €2k/day (see iter-C).

What this means for you

Bridge hesitantly. Bridge small. Use the strongest trust model available. Check the bridge's incident history before sending €5000.

If a bridge offers 10× faster + 5× cheaper than IBC for an intra-Cosmos move, it's making a trade-off. The trade-off is your funds.

Next: safe-bridging discipline.