Key findings
- Most bridges lock assets on one chain and mint representations on another; the lock contract becomes a high-value honeypot.
- Bridge security often reduces to a small validator set or multisig — a trust assumption weaker than either chain it connects.
- Complexity and value concentration, not any single bug class, are the structural reasons bridges are repeatedly exploited.
Background
A bridge moves value between chains that cannot natively talk to each other. The common design locks an asset in a contract on the source chain and mints a wrapped representation on the destination chain. That lock contract accumulates the value of everything ever bridged — a permanent, growing target.
Data & method
Data: bridge design documentation and public post-mortems of past exploits. Method: analyze the trust model (who can authorize a mint or release) rather than enumerating specific hacks. Limitation: we do not attribute or date specific incidents here; we analyze the structural pattern.
Analysis
The security of a lock-and-mint bridge is the security of whatever authorizes releases and mints. Frequently that is a multisig or a small external validator set — a trust assumption strictly weaker than the chains being connected. Add cross-chain message verification, upgradable contracts, and off-chain relayers, and the attack surface is large and the reward is concentrated. That combination — maximum value behind maximum complexity and often minimal trust — is why bridges recur at the top of loss tables. The failures are rarely exotic; they are signature verification, access control, and upgrade-key compromise.
Risks & limitations
“Audited” is not “safe.” The questions that matter: who can authorize a release, how many independent parties must collude or be compromised, and can the contract be upgraded by a small key?
What to watch
Prefer designs that minimize external trust (e.g., native or proof-based verification). See self-custody vs exchange custody.
Sources — primary where possible
The BlackPearlBitcoin Research Desk holds no positions relevant to this report. See our conflict-of-interest policy in the methodology.
Independent institutional crypto research — primary-sourced, dated, method-explicit, and human-written. We disclose positions, correct openly, and license our work for citation. About the desk →
