中文

A History of Cross-Chain Bridge Hacks: The Biggest Incidents and How Users Should Bridge

Cross-chain · 2026-05-29 · 比特三棱镜编辑部
Ask AI

Cross-chain bridges have lost more than 2.5 billion dollars to exploits over the past four years. That figure exceeds the combined losses of DEXs, stablecoins, and lending protocols over the same period. Every time someone repeats “blockchains are immutable,” the cross-chain bridge sector serves a reminder that bridges are not actually part of any chain — they are middleware bolted between two chains, importing all the trust risk that the underlying networks specifically aimed to remove. This article walks through the most representative incidents in order, sorts the attack patterns into categories, and ends with concrete advice for individual users.

Ronin, $625 million: phished private keys

In March 2022 the Axie Infinity sidechain Ronin lost roughly $625 million, the largest single bridge incident on record. The path was less technical than people expect. The Ronin Bridge ran on a 5-of-9 multisig over its validator set. The attacker used a precisely targeted LinkedIn phishing campaign to capture private keys from four nodes operated by Sky Mavis, then exploited a previously granted Axie DAO delegation to gather the fifth signature.

The shocking part was the silence afterward: the attack happened on March 23 and the community did not notice until six days later. There was no real-time monitoring on the bridge’s reserves, and five of nine signatures going wrong effectively blinded the whole system. Sky Mavis later expanded validators to eleven, introduced hardware wallet custody, and added OFAC-style monitoring. But the lesson cut deeper — multisig security depends less on signature count and more on operational discipline.

Wormhole, $320 million: a contract verification flaw

A month before Ronin, in February 2022, Wormhole’s Solana-side bridge contract was drained of $320 million. No private key leaked; the failure was entirely in code. The Solana program used a flawed instruction when verifying guardian signatures, so a crafted VAA (Verifiable Action Approval) tricked the contract into believing 120,000 ETH had been locked on Ethereum, allowing the attacker to mint 120,000 wETH against nothing.

In traditional software this would just be a textbook input-validation failure. Sitting under hundreds of millions of dollars, it becomes an existential event. Jump Crypto covered the entire loss, sparing the Solana DeFi ecosystem from a chain reaction. The point overlaps with the Wormhole vs LayerZero architecture comparison — even a strong architecture cannot save one buggy line of code.

Cross-chain bridge hack timeline overview

Nomad, $190 million: the hack everyone joined

The Nomad incident in August 2022 is unique in the history of crypto exploits. The root cause was tiny — during a contract upgrade the team accidentally set the “trusted root” to 0x00, which meant any forged message beginning with 0x00 passed verification.

The truly dramatic part came next. After the first attacker drained funds, anyone who copied the transaction and edited the destination address could replay the attack. Hundreds of distinct addresses, including copycats and well-meaning “whitehat rescuers,” cycled through the contract over a few hours, and 190 million dollars evaporated in a day. It was the first crowdsourced hack in DeFi, and it permanently changed how teams treat contract upgrades.

Harmony Horizon, $100 million: another multisig collapse

In June 2022, Harmony’s Horizon Bridge lost about $100 million. The pattern almost mirrored Ronin’s. Horizon ran on a 2-of-5 multisig at the time, meaning just two keys controlled everything. The attacker is believed to have used social engineering against developer environments to lift two signing keys and then casually drained the reserves. The US Treasury later attributed the attack to North Korea’s Lazarus Group.

The episode killed 2-of-5 multisig as a serious bridge design. There is no reasonable defense for guarding hundreds of millions of dollars behind two keys. Yet through 2021 and into 2022, similar setups appeared repeatedly. The deeper failure was engineering teams overestimating their key custody and underestimating their adversaries.

Multisig threshold failure and attack path illustration

Categorizing the attack patterns

Abstracting away the names, bridge attacks fall into three buckets:

  • Key or signature compromise: Ronin and Harmony both belong here. Attackers bypassed cryptography entirely by stealing the gatekeepers’ keys, reducing multisig to theater.
  • Contract logic flaws: Wormhole is the headline case. Signature verification, message hashing, initialization parameters — any one of them written wrong and a bridge can be drained overnight.
  • Configuration or upgrade mistakes: Nomad is the textbook example. A single misset initialization variable invited a public drain.

What unites the three: none of them happen during the moment you are actively bridging, but all of them can erase whatever you have parked inside the bridge. The logic mirrors identifying rug pull projects — the danger lives in code and keys you cannot see, not in the user-facing flow.

Industry improvements after these events

The major incidents did push real improvements forward:

  • Higher multisig thresholds: 2-of-5 is gone; mainstream bridges now sit at 2-of-3 or higher with hardware wallet custody.
  • Routine audits: overlapping reviews from CertiK, OpenZeppelin, and Trail of Bits are now standard pre-launch.
  • Real-time monitoring: Forta and Hexagate trigger alarms within seconds of abnormal outflows.
  • Insurance: Nexus Mutual and Sherlock underwrite select bridges, giving users a partial cushion.
  • Architectural evolution: from pure multisig toward light-client and ZK bridges.

These are real improvements, but the core problem persists — as long as a bridge is middleware between two chains, trust risk is never zero.

How users should actually bridge

Translating those lessons into individual behavior, a few principles matter more than memorizing any project name:

  • Split large transfers into batches: bridging 100,000 dollars once and bridging 10,000 dollars ten times look very different the moment a bridge fails.
  • Do not park funds on the bridge: as soon as the transfer finalizes, move funds into the destination chain’s applications. Long-term wToken balances are sitting ducks.
  • Prefer mainstream bridges: outside of Ronin, almost no small bridge has survived a major hack and stayed in operation. “High efficiency” and “low fees” at unknown bridges are usually the flip side of unmonitored risk.
  • Check L2BEAT ratings: independent scoring of each bridge’s trust assumptions is more honest than any project’s marketing.
  • Learn to skim smart contract audits: even reading the summary section is better than blind reliance on team statements.

Bridge security equals the weakest node’s security

In one sentence: a bridge is exactly as secure as its weakest node, weakest line of code, and sloppiest upgrade. Ronin lost on key custody, Wormhole on signature verification, Nomad on an initialization variable, Harmony on a low multisig threshold. Each was a precise blow against a small weak point, not a total collapse. That is why experienced users never leave funds parked in wrapped tokens, and why — much like picking a mining pool — “which bridge” and “trust whom” are the same question. Treat the bridge as a short hallway, not a destination.