The XRPL-EVM sidechain uses XRP as its native gas token, but the XRP on the sidechain is a separate asset from the XRP on XRPL mainnet. They're convertible 1:1 via a bridge — but understanding the mechanics protects you.
The native bridge
Ripple operates a 3-of-5 multisig that controls bridging in both directions. The flow:
XRPL → XRPL-EVM (wrap)
- You send XRP to the bridge's XRPL custodian account
- After XRPL finality (~3 seconds), the bridge validator set observes the inbound transfer
- The validator set's multisig signs an attestation
- The bridge contract on the sidechain mints an equivalent amount of sidechain-XRP to your EVM address
- Total wall-clock time: ~10-15 seconds
XRPL-EVM → XRPL (unwrap)
- You send sidechain-XRP to the bridge contract on the EVM side
- The contract burns the tokens
- The validator set signs a release attestation
- Ripple's mainnet multisig releases the locked XRP to your XRPL address
- Total wall-clock time: ~10-15 seconds (similar)
The trust model
The bridge is trust-minimised but not trustless. You trust:
- The 3-of-5 multisig signers will not collude or be compromised
- The validator-set rotation process is auditable
- The wrapped-XRP supply on the sidechain exactly matches the locked XRP on mainnet (verifiable on-chain at any time)
This is stronger than most cross-ecosystem bridges (Wormhole, Multichain, etc.) because Ripple operates both endpoints. There's no foreign validator set to compromise.
Bridge UI in the Gopnik wallet
The wallet presents bridging as a picker with three slots:
| Slot 1 (Native) | Slot 2 (Axelar) | Slot 3 (LayerZero) |
|---|---|---|
| ★ Recommended for XRPL ↔ XRPL-EVM | Coming soon | Coming soon |
| 3-of-5 multisig | 60+ validators | DVN + relayer |
| ~10s finality | ~18s | ~4s |
| €0 fee | — | — |
| Up to €1M liquidity | — | — |
In iteration A only the Native route is active. Slots 2 and 3 light up when iteration B adds Ethereum L1 + L2 bridge routes via Axelar and LayerZero respectively.
Famous bridge hacks — pattern recognition
Bridges are the #1 most-attacked surface in crypto. The pattern is almost always the same: validator-set or multisig compromise.
- Ronin (2022, $625M) — 5 of 9 validators were the same actor; attacker stole 4 keys
- Wormhole (2022, $320M) — signature-verification bug in the Solana program; attacker minted unauthorised wrapped ETH
- Nomad (2022, $190M) — initialisation bug allowed anyone to prove any message; copycat exploiters drained it block-by-block
- Multichain (2023, $130M) — operator-side opacity; funds moved before the CEO was arrested
The XRPL-EVM native bridge is purpose-built and Ripple-operated, but no bridge is risk-free. Treat bridged XRP as an asset class with slightly different risk than mainnet XRP — because that's what it is.