What are the biggest bridging hacks in crypto history?

The largest bridging hacks include the Ronin Bridge exploit ($620 million), the Wormhole hack ($320 million), the Nomad Bridge exploit ($190 million), and the Harmony Horizon Bridge hack ($100 million). These incidents highlight the critical importance of bridge security.

How can I verify a bridge is safe before using it?

Check for third-party security audits from reputable firms like Trail of Bits, OpenZeppelin, or ConsenSys. Review the protocol's TVL history, check for bug bounty programs, and research the team's track record. Avoid unaudited or newly launched bridges with no security vetting.

What should I do if a bridge I used gets hacked?

Immediately revoke any remaining token approvals to the compromised bridge. Move unaffected assets to a secure wallet. Monitor official protocol channels for recovery updates. If you have funds stuck in the bridge, follow the protocol's official recovery process. Document all transactions for potential insurance claims.

Is bridge insurance worth the cost?

For small amounts, the insurance premium may not justify the cost. For larger positions, coverage through protocols like Nexus Mutual or InsurAce can provide meaningful protection. Evaluate the premium relative to your position size and the bridge's risk profile.

How to Protect Yourself from Bridging Hacks

If you're wondering how to protect from bridging hacks, this guide walks through the essentials step by step.

Major Bridge Hacks: What Happened and Why

Cross-chain bridges are the single most targeted category in all of DeFi. Since 2021, bridge exploits have stolen over $2.5 billion, and the attacks keep getting more sophisticated. Understanding what happened in these incidents is the first step to protecting yourself.

The Ronin Bridge hack in March 2022 remains the largest bridge exploit in history. Attackers compromised the private keys of five out of nine validator nodes, allowing them to drain 173,600 ETH and 25.5 million USDC, totaling roughly $620 million. The attack went unnoticed for six days because the bridge's monitoring system was offline during the incident.

Wormhole suffered a $320 million exploit in February 2022 when an attacker found a vulnerability that let them mint wrapped tokens on Solana without depositing the corresponding collateral on Ethereum. The attacker was able to create 120,000 wETH out of thin air and bridge it back to Ethereum. Jump Crypto, Wormhole's parent company, eventually covered the loss.

The Nomad Bridge hack in August 2022 was different because it wasn't a single attacker. A vulnerability in a routine upgrade allowed anyone to spoof bridge messages, and hundreds of copycat attackers drained $190 million in a free-for-all. The incident showed that bridge vulnerabilities can cascade quickly once discovered.

These aren't isolated events. The Harmony Horizon Bridge lost $100 million in June 2022. Multichain lost $126 million in July 2023. The pattern is clear: bridges are attractive targets because they hold large amounts of locked assets and their smart contracts are complex enough to hide vulnerabilities.

Common Attack Vectors in Bridge Exploits

Knowing how bridge attacks happen helps you evaluate the risks of different protocols. Attackers use several recurring methods, and each one targets a different weakness in bridge design.

Smart contract vulnerabilities are the most common attack vector. Bridges are complex systems that need to handle asset locking, message verification, token minting, and cross-chain state synchronization. A bug in any of these components can be exploited to drain funds. Many bridge hacks involve vulnerabilities that existed in the code for months before being discovered.

Private key compromises represent the second major category. Bridges rely on multisig wallets or validator sets to authorize cross-chain transfers. If an attacker compromises enough private keys or validator nodes, they can authorize fraudulent withdrawals. The Ronin Bridge hack is the textbook example of this approach.

Oracle and relayer attacks target the communication layer between chains. Bridges use oracles or relayers to verify transactions on the source chain before executing on the destination chain. If an attacker can manipulate these messages or compromise the relayer infrastructure, they can trick the bridge into releasing funds.

Governance attacks are less common but potentially devastating. Some bridges use governance mechanisms to control key parameters like fee structures, supported assets, and security settings. An attacker who gains governance control could modify these parameters to create an exploit path.

Bridge Verification Checklist Before You Transact

Before you bridge any funds, run through this verification checklist. It takes five minutes and can prevent catastrophic losses.

Check the audit status. Has the bridge been audited by at least two reputable security firms? Look for audits from firms like Trail of Bits, OpenZeppelin, ConsenSys Diligence, or Halborn. Read the audit reports, not just the summary. Pay attention to how many issues were found and whether they were all resolved.

Review the TVL history. A sudden spike in TVL can indicate a new incentive program or genuine adoption. A sudden drop might signal that sophisticated investors are pulling their funds. Check DeFiLlama or similar aggregators for historical TVL data.

Investigate the team. Are the founders and core developers public figures with verifiable track records? Anonymous teams aren't automatically risky, but they do reduce accountability. Check if the team has been involved in previous projects and whether those projects had security issues.

Look at the bug bounty program. A well-funded bug bounty program shows the protocol takes security seriously. Platforms like Immunefi host bridge bug bounties with rewards ranging from $10,000 to $10 million depending on the severity of the vulnerability found.

Test with a small amount first. Even if everything checks out, bridge a small test amount before moving larger sums. This lets you verify the process works as expected and gives you time to spot any unusual behavior.

Transaction Monitoring and Early Warning Signs

Once you've bridged your funds, staying vigilant is critical. Bridge exploits can happen at any time, and early detection gives you the best chance of protecting your assets.

Set up alerts for your wallet addresses. Services like Tenderly, Forta, and Etherscan's notification system let you receive alerts when transactions occur involving your addresses. If you notice unexpected activity, you can respond quickly.

Monitor the bridge's TVL. A sudden, large withdrawal from a bridge you're using could indicate that someone with inside knowledge is trying to exit before an exploit. While normal withdrawals happen regularly, coordinated large-scale exits are worth paying attention to.

Follow protocol social channels. Most bridge projects maintain active Discord, Telegram, and Twitter accounts. Turning on notifications for these channels ensures you hear about security incidents or emergency shutdowns quickly.

Watch for unusual gas spending on bridge contracts. Blockchain analytics firms like Chainalysis and Elliptic monitor bridge contracts for suspicious activity. If a bridge contract starts consuming abnormally high gas, it could indicate an ongoing attack.

Keep track of governance proposals. If a bridge you're using introduces a proposal to change security parameters, multisig signers, or upgrade mechanisms, pay attention. Malicious governance proposals have been used to set up bridge exploits in the past.

Wallet Security Best Practices for Bridging

Your wallet setup plays a huge role in how protected you are when bridging. These practices apply whether you're using a hardware wallet, a software wallet, or a smart contract wallet.

Use a hardware wallet for significant amounts. Ledger, Trezor, and GridPlus devices keep your private keys offline and require physical confirmation for transactions. When bridging large amounts, the extra security layer is worth the inconvenience.

Separate your bridging wallet from your main holdings. Create a dedicated wallet for bridging activities. Only transfer the amount you need to bridge into this wallet, and keep your long-term holdings in a separate, more secure wallet. If something goes wrong with a bridge, the damage is limited to what was in the bridging wallet.

Revoke token approvals regularly. After bridging, the bridge contract typically has an approval to spend your tokens. If you no longer plan to use that bridge, revoke the approval using tools like Revoke.cash or Etherscan's token approval checker. Unnecessary approvals increase your attack surface.

Be careful with permit signatures. Some bridges use EIP-2612 permit signatures for gasless approvals. While convenient, these signatures can be phishing vectors. Never sign a permit transaction you don't fully understand, and verify the contract address you're signing for.

Enable transaction simulation. Many modern wallets offer transaction simulation that shows you exactly what will happen before you confirm. Use this feature when bridging. If the simulation shows unexpected token transfers or contract interactions, don't proceed.

Emergency Response Plan: What to Do If Things Go Wrong

Having a plan before you need one makes all the difference. Here's what to do if you suspect a bridge you've used has been compromised.

First, revoke all remaining approvals immediately. If you still have tokens on the affected chain, go to a token approval checker and revoke the bridge's permission to spend your assets. This prevents the attacker from draining any additional funds.

Second, move unaffected assets to a fresh wallet. Create a new wallet address and transfer any assets that weren't on the compromised bridge. Don't reuse the compromised wallet, even if you think the threat has been contained.

Third, document everything. Take screenshots of your bridge transactions, save the transaction hashes, and record the amounts involved. This documentation will be essential for insurance claims, recovery efforts, or potential legal proceedings.

Fourth, follow official recovery channels. Most compromised bridges establish recovery processes. Monitor the project's official website and social media for updates. Some protocols have recovered funds through white-hat negotiations, law enforcement cooperation, or community-funded recovery efforts.

Fifth, report the incident. File reports with blockchain security firms, notify relevant regulatory authorities if applicable, and share information with the broader community. Collective intelligence often helps identify the attacker and recover funds faster.

Insurance Options for Bridge Users

DeFi insurance can provide a safety net for bridge users, though it comes with its own limitations and considerations.

Nexus Mutual is the most established DeFi insurance protocol. It offers coverage against smart contract failures, including bridge exploits. You can purchase coverage for specific protocols, and payouts are determined by community votes. Premiums typically range from 2% to 5% of the covered amount annually.

InsurAce provides similar coverage with a focus on multi-chain protocols. It supports coverage for bridges on Ethereum, BNB Chain, and several other networks. The claim process involves community voting, and coverage limits may apply to individual protocols.

Unslashed Finance offers structured insurance products that cover specific risk categories, including bridge hacks. Their products tend to be more accessible for individual users with lower minimum coverage amounts.

Before purchasing bridge insurance, read the policy carefully. Understand what triggers a payout, what the exclusions are, and how long the claim process takes. Some policies have waiting periods, specific covered events, or exclusions for certain types of attacks. Insurance is a valuable tool, but it's not a substitute for doing your own due diligence on the bridges you use.