Why Bridges Matter

Blockchains are isolated by design. Your ETH on Ethereum can’t directly interact with Solana. Bridges connect these islands.

Without bridge: ETH ←✕→ SOL (no connection)
With bridge:    ETH ←→ Wrapped ETH on Solana
```bash

But bridges are also the biggest source of hacks in crypto-over $2B stolen in 2022 alone.

---

## The Foundation: Lock and Mint

The basic bridge mechanism:

<div class="flow-diagram">
  <span class="flow-node primary">Lock ETH on Ethereum</span>
  <span class="flow-arrow">→</span>
  <span class="flow-node">Bridge Validators</span>
  <span class="flow-arrow">→</span>
  <span class="flow-node success">Mint wETH on Solana</span>
</div>

To go back:

<div class="flow-diagram">
  <span class="flow-node danger">Burn wETH on Solana</span>
  <span class="flow-arrow">→</span>
  <span class="flow-node">Bridge Validators</span>
  <span class="flow-arrow">→</span>
  <span class="flow-node success">Unlock ETH on Ethereum</span>
</div>

The bridge holds real ETH; you hold a "wrapped" representation on the destination chain.

---

The key insight about bridge security: every bridge is only as secure as its weakest validator set. If the bridge is secured by 5 validators and 3 collude (or get hacked), they can mint unlimited wrapped tokens and steal all locked funds. This is exactly what happened to Ronin (~$625M) and Wormhole ($320M).

The question is always: **Who validates, and how many need to collude to steal?**

---

## Bridge Security Models

### 1. Trusted (Centralized)

```yaml
Security: Single org or small multisig
Examples: Binance Bridge, centralized exchanges
Risk: One company can freeze/steal funds
```text

### 2. Federated (Multi-party)

```yaml
Security: N-of-M multisig (e.g., 5-of-9)
Examples: Wormhole, Multichain
Risk: If M/2+1 validators collude → funds stolen
```text

### 3. Light Client / Trustless

```solidity
Security: Cryptographic proofs verified on-chain
Examples: IBC (Cosmos), Succinct bridges
Risk: Smart contract bugs only
```text

### 4. Optimistic

```yaml
Security: Fraud proofs + challenge period
Examples: Optimism bridge, Arbitrum bridge
Risk: Need honest watcher during challenge period
```bash

| Model | Trust Required | Hack Risk | Speed |
|-------|---------------|-----------|-------|
| Trusted | High | High | Fast |
| Federated | Medium | Medium | Fast |
| Light Client | Low | Low | Slow |
| Optimistic | Low | Low | Slow (days) |

---

## Real Bridge Attacks

### Ronin Bridge (~$625M, 2022)
```yaml
Cause: 5 of 9 validators compromised
Method: Hackers obtained private keys via social engineering, signed fake withdrawals
Prevention: More validators, hardware key custody, key rotation
```text

### Wormhole ($320M, 2022)
```yaml
Cause: Solana account validation bug
Method: Attacker forged a "guardian set" account to bypass signature verification,
        minting 120,000 wETH without depositing any ETH on Ethereum
Prevention: Account ownership validation, auditing Solana-specific patterns
```text

### Nomad ($190M, 2022)
```yaml
Cause: Code allowed any message to be valid
Method: Copy-paste attack (anyone could steal)
Prevention: Test coverage, invariant testing
```diff

---

## Common Misconceptions

**Myth:** "Decentralized bridges are safe."
**Reality:** "Decentralized" can mean 9 validators controlled by the same team. Check WHO the validators are, not just how many.

**Myth:** "Audited bridges are secure."
**Reality:** Wormhole and Nomad were audited. Audits find some bugs, not all. Never bridge more than you can afford to lose.

**Myth:** "Big TVL means safe."
**Reality:** Big TVL means big target. Hackers prioritize high-value bridges. Ronin had billions locked.

---

## Risk Assessment Checklist

Before using a bridge, ask:

```python
1. Who are the validators?
   □ Named entities (good)
   □ Anonymous (bad)

2. How many need to sign?
   □ Threshold (e.g., 5-of-9)
   □ Single party (very bad)

3. What's the security model?
   □ Light client proofs (best)
   □ Optimistic with fraud proofs (good)
   □ Multisig only (risky)

4. Has it been hacked before?
   □ No history (neutral)
   □ Previously hacked (check fix quality)

5. What's at risk?
   □ Your transaction amount
   □ All locked funds (if bridge fails)
```diff

---

## Safer Bridge Practices

1. **Use native bridges when possible** (rollup → L1)
2. **Split large amounts** across multiple bridges
3. **Wait for finality** before trusting funds
4. **Check validator set** before bridging
5. **Monitor bridge health** (TVL changes, validator activity)

---

## Practice Exercises

### Exercise 1: Research a Bridge
```text
Pick a bridge you use. Find:
- How many validators?
- What's the signing threshold?
- Who runs the validators?
- Any previous incidents?
```text

### Exercise 2: Calculate Risk
```text
You want to bridge $10,000.
Bridge TVL: $100M
Historical hack rate: 1 per year

What's your expected loss?
```text

### Exercise 3: Compare Options
```yaml
For ETH → Polygon:
- Official Polygon Bridge
- Hop Protocol
- Across Protocol

Compare: Security model, speed, fees

---

Key Takeaways

1. Bridges = honeypots - High value, complex attack surface
2. Validator set is everything - Know who can sign
3. Light client > multisig - Cryptographic proofs beat trust
4. Never bridge more than you can lose - Hacks are inevitable

---

What’s Next?

Continue learning: Blockchain Consensus Mechanisms

Expert content: Cross-Chain Security