BlogThe Bridge Risk Reckoning: How to Evalua...
Bridges have lost billions to exploits. The risk isn't speed or fees. It's the trust model. Here's how to evaluate bridge risk and what a clean record requires.
Jul 3, 20264 min read

The Bridge Risk Reckoning: How to Evaluate Bridge Risk in 2026

Share this article

TL;DR

  • Bridge exploits are among the largest losses in crypto history. Ronin (~$612M), Wormhole (~$326M), and Nomad (~$190M) are three of the worst; Chainalysis put cross-chain bridge theft above $2 billion in 2022 alone.

  • The variable that predicts whether a bridge gets drained isn't speed or fees. It's the trust model: how many parties have to stay honest, and what happens when one doesn't.

  • Multisig and trusted-validator bridges concentrate that trust in a small set of keys. Compromise the keys, drain the bridge.

  • Across uses optimistic verification, where a single honest challenger can reject a bad settlement, plus V4 zero-knowledge proofs. It has never been exploited at the protocol level since 2021.

  • Bridge with Across

The Ronin bridge lost around $612 million in March 2022. The attackers didn't break the cryptography. They got control of five of nine validator keys, which was enough to sign whatever withdrawals they wanted. Wormhole lost about $326 million a month earlier to a signature-verification flaw that let a forged message mint 120,000 wrapped ETH out of nothing. Nomad lost roughly $190 million in a bug so plain that, once the first withdrawal worked, strangers copied the transaction line for line and drained the rest. Chainalysis counted more than $2 billion stolen from cross-chain bridges in 2022 alone.

These weren't bad luck. They were one failure wearing different masks: too few parties held too much trust, and nothing caught it when one of them broke.

The Number That Predicts Failure Isn't on the Dashboard

Bridge comparisons fixate on fill time, fees, and supported chains. None of those tell you whether the bridge still holds your money next week. The number that does is how many independent parties have to stay honest for the bridge to stay solvent, and what happens when one of them turns.

Call it the honesty threshold. A five-of-nine multisig has an honesty threshold of five: compromise five keys, by phishing or a malicious insider, and the bridge is yours. Ronin's threshold was five. Five keys went, and the bridge went with them. That threshold isn't a footnote in the docs. It is the risk profile.

Most Bridges Hide Their Trust in One of Three Places

Most designs concentrate trust somewhere, and the where is where an attacker starts.

Validator sets and multisigs trust a handful of keys. The bridge is only as secure as the people holding them. That is a human problem, not a cryptographic one, and humans get phished. Ronin is the case study.

Wrapped-asset bridges trust the custody of locked collateral. The wrapped token on the far chain is an IOU against assets sitting in a contract. Drain the contract and every wrapped token becomes a claim on nothing; holders learn their "dollar" was an unsecured loan to a bridge.

Message-passing bridges trust the validity of the messages they relay. Nomad initialized its trusted message root to zero, which the contract read as a valid proof. Every message passed. The first fraudulent withdrawal doubled as a tutorial, and 300-odd addresses followed it.

In each case the speed and the fees looked fine right up until the trust assumption broke.

Across Sets the Honesty Threshold to One

Across is built so the honesty threshold is one. Not one trusted party. One honest party, anywhere, willing to say no.

Settlement runs through UMA's Optimistic Oracle. Relayers front capital to fill transfers, then a proposer submits a settlement bundle describing who gets repaid. The bundle is accepted unless someone disputes it, and the proposer posts a bond that gets slashed if the bundle is invalid. A single honest actor watching the bundles is enough to reject a fraudulent one. You don't need a majority to stay honest; you need one party who isn't.

Across V4 adds zero-knowledge proofs through Succinct's SP1, putting cryptographic verification of settlement on top of the economic game. The optimistic layer makes fraud expensive to attempt. The ZK proofs make whole classes of it impossible to assert.

The result is a record. Across has processed billions in volume since 2021 with zero protocol-level exploits. No multisig compromise, because no trusted multisig holds user funds. No wrapped-asset collapse, because Across delivers native assets through mechanisms like Circle's CCTP V2 instead of minting IOUs. The architecture deletes the exact failure modes that drained the bridges before it.

How to Read a Bridge's Risk in 2026

Before you trust a bridge with size, ask its honesty threshold. How many parties have to stay honest for your funds to be safe, and what does the system do when one isn't? Then ask whether the asset arriving on the far side is the native, canonical token or an IOU carrying its own collateral risk. Then ask whether there is a track record long enough to mean something, or just an audit and a promise.

A bridge that answers those well can be slower or pricier and still be the right choice. A higher fee costs basis points. A broken trust model costs the balance.

The bridges that failed all looked fine on the dashboard. The one you want is the one whose security you can still explain after the speed and the fees stop mattering.