🌉 BridgesInteroperabilityUpdated March 14, 2026 · 15 min read · +125 XP
Cross-Chain Bridges Guide 2026: How They Work, Top Protocols & Security Risks
Bridges are the highways connecting blockchains — moving assets and data between Ethereum, Solana, Arbitrum, Base, and 50+ other chains. They're also the #1 target for hackers: over $2.5B lost to bridge exploits. This guide explains bridge mechanics, the safest protocols, and how to move assets without getting rekt.
How Bridges Work: 3 Models
Lock & Mint
You lock Token A on Chain 1. The bridge mints a wrapped version (e.g. wBTC) on Chain 2. Risk: the locked pool is a honeypot — if hacked, wrapped tokens become worthless. Used by: early Ethereum ↔ BSC bridges.
Liquidity Pool (Native)
Liquidity providers fund pools on each chain. You deposit on Chain 1, an LP fronts native assets on Chain 2 and is reimbursed. No wrapped tokens. Used by: Hop, Stargate.
Message Passing
The bridge passes a generic message between chains, not just tokens. Smart contracts on each side execute based on the message. Enables cross-chain DeFi (not just transfers). Used by: Axelar, Wormhole, CCIP.
Top Bridge Protocols (2026)
| Protocol | How it works | Chains | Best for |
|---|---|---|---|
| Across Protocol | Fast relay model — relayers front liquidity, settle with UMA optimistic oracle | ETH L2s | Fastest withdrawals (minutes), lowest fees |
| Stargate (LayerZero) | Unified liquidity pools across chains via LayerZero messaging | 20+ chains | Native asset bridging (no wrapped assets) |
| Hop Protocol | Bonders provide liquidity, canonical tokens on destination | ETH L2s | Battle-tested, strong L2 liquidity |
| Wormhole | Generic message passing + token bridge; 19 guardian validators | 30+ chains | Broadest chain support, used by DeFi protocols |
| Axelar | Universal interoperability layer with proof-of-stake validators | 50+ chains | Cross-chain calls (not just tokens) |
| Chainlink CCIP | Cross-Chain Interoperability Protocol by Chainlink | Major EVM chains | Enterprise-grade, used by banks + TradFi |
Bridge Hacks: A $2.5B Graveyard
Ronin Bridge (Mar 2022)Lost: $625M
5 of 9 validator keys compromised by North Korean hackers (Lazarus Group). Sky Mavis had inadvertently handed Axie DAO 4 of the keys.
Wormhole (Feb 2022)Lost: $320M
Signature verification bug — attacker faked guardian signatures to mint 120,000 wETH without depositing collateral.
Nomad (Aug 2022)Lost: $190M
Fraudulent messages accepted due to initialisation bug. A 'copy-paste' exploit — hundreds of addresses copied the attack tx once discovered.
Harmony Horizon (Jun 2022)Lost: $100M
2 of 5 multisig keys compromised. Again attributed to Lazarus Group.
🌉 Key takeaway
For most users: use Across for fast ETH L2 transfers, Stargate for multi-chain native assets, and Axelar for non-EVM chains. Never bridge more than you can afford to lose. Prefer bridges audited by multiple firms, with a track record of 12+ months without exploits. Avoid new bridges with large TVLs and small security teams.