Cross-chain bridges move billions of dollars every week. They connect blockchains that were never designed to talk to each other.
They are also, consistently, the single most exploited category in all of decentralized finance.
In May 2026, bridges accounted for roughly $28.6 million of the month's approximately $70 million in total crypto exploit losses. That's 42% of the damage, from a category that holds only a fraction of total DeFi value locked.
That ratio is not an anomaly.
Since 2021, cross-chain bridges have been responsible for a disproportionate share of the industry's largest single-incident losses. The list includes the $624 million Ronin exploit in March 2022, the $320 million Wormhole theft the month before, and the $190 million Nomad hack in August 2022.
The pattern hasn't stopped.
The same architecture that makes bridges possible also makes them uniquely fragile. Closing that gap means rethinking some of crypto's most fundamental design assumptions.
TL;DR
- Cross-chain bridges claimed $28.6M of May 2026's ~$70M in total crypto exploit losses, a 42% share from one protocol category.
- Bridge exploits are structurally different from typical smart contract hacks because they require trusting state from a chain the destination chain cannot natively verify.
- Zero-knowledge proof bridges and optimistic verification systems offer credible mitigations, but neither is yet deployed at the scale needed to replace today's vulnerable designs.
Why Cross-Chain Bridges Exist And What They Actually Do
The blockchain ecosystem was built in silos.
Bitcoin (BTC) was designed to be self-contained. Ethereum (ETH) was built separately. Every layer-2 network, application chain, and alternative layer-1 that followed added another isolated settlement environment.
Users and protocols that want to move value across these environments need infrastructure to connect them. That infrastructure is the cross-chain bridge.
At its most basic, a bridge works by locking or burning an asset on the source chain and minting a corresponding representation on the destination chain. The catch is that the destination chain's minting contract has to trust that the lock or burn on the source chain actually happened.
Establishing that trust is the entire technical problem.
A chain has no native ability to read another chain's state. So bridges must rely on external mechanisms to relay and verify cross-chain messages.
The core bridge security problem is not a bug in a single contract. It is a fundamental architectural challenge: one blockchain cannot natively verify what happened on another blockchain.
Those external mechanisms take several forms. Externally validated bridges use a set of validators or multisig signers who attest to cross-chain events. Locally verified bridges such as atomic swaps require both parties to act, limiting generality. Natively verified bridges rely on light clients of the source chain running inside the destination chain's virtual machine, which is technically expensive. Each design involves a different trust assumption, and in practice, most bridges deployed at scale have chosen speed and cost efficiency over cryptographic rigor.
Also Read: Hyperliquid Hits $1B In Daily Volume As Perp DEX Competition Intensifies
The Exploit Taxonomy: How Bridges Actually Get Drained
Bridge exploits don't follow a single pattern.
Researchers at Immunefi have categorized bridge hacks into three dominant classes: smart contract vulnerabilities in the bridge's own code, validator or relayer compromise, and cryptographic verification failures. Each class calls for a different defensive posture. That's part of why no single fix works across all bridge designs.
Smart contract vulnerabilities are the most familiar category.
A function that processes incoming messages may fail to validate that a cross-chain message was actually signed by the appropriate authority. The Wormhole exploit in February 2022, which cost $320 million, hit precisely this flaw. Attackers found a way to forge a valid guardian signature, bypassing the signature verification that was supposed to gatekeep token minting on Solana (SOL).
Certik's 2025 annual security report noted that input validation failures remain the most common root cause across all DeFi exploit categories. Bridges are especially exposed, because their message-processing surfaces are wide.
Immunefi data from 2024 showed that bridges and cross-chain messaging protocols accounted for $1.19 billion of that year's total losses, despite representing fewer than 5% of monitored protocols by count.
Validator compromise attacks are structurally different. The Ronin bridge, which served the Axie Infinity game, relied on nine validator nodes of which five signatures were needed to authorize withdrawals. Attackers compromised five nodes, four belonging to Sky Mavis and one belonging to the Axie DAO, over a period of days without the network detecting anything. The $624 million loss was only discovered five days after the fact, when a user reported being unable to withdraw. That incident remains the single largest DeFi exploit by dollar value.
Also Read: AI Adoption Index Crowns Nvidia, Amazon, Meta And Schlumberger
The May 2026 Incident Landscape And What It Tells Us
The May 2026 figures matter not because they set a record, but because they represent a baseline that has held despite years of claimed improvements.
The roughly $70 million in total losses across the month, with cross-chain bridges accounting for $28.6 million or 42%, according to reporting on May's incident data, mirrors patterns from earlier years. And this is a sector that has supposedly learned from its mistakes.
The May figures also arrive after a period of substantial growth in total bridge TVL.
DefiLlama tracks aggregate cross-chain bridge volume, and shows that monthly bridge flows regularly exceed $10 billion across major corridors. When the denominator of bridged value grows faster than security infrastructure matures, the absolute dollar exposure to exploitation grows too — even if the percentage of funds stolen stays constant.
This is the treadmill problem.
The industry is running faster, but not necessarily pulling ahead.
In May 2026, bridges represented 42% of all crypto exploit losses despite holding a fraction of total DeFi TVL, a ratio that has remained stubbornly elevated since 2022.
What distinguishes the current period from the 2022 peak is the profile of attackers. The Lazarus Group, North Korea's state-affiliated hacking unit, was attributed by the FBI with the Harmony Horizon bridge theft in 2022 and has been connected to subsequent incidents.
Nation-state-level attackers bring resources, patience, and operational security that differ fundamentally from opportunistic protocol-level exploiters. Their continued focus on bridges reflects the category's persistent high-value-per-exploit profile.
Also Read: North Korea Drained $577M From Global Crypto Theft In 2026 So Far
The Trust Assumption Spectrum: From Multisig To ZK Proofs
Security researchers and protocol designers generally analyze bridge architectures along a spectrum defined by their trust assumptions. At one end sit multisig or validator-set bridges that rely on a small group of human-operated nodes. At the other sit cryptographically native bridges that rely on mathematical proofs rather than human honesty. The distance between these two points maps almost perfectly onto the distance between the most vulnerable and most secure bridge designs.
Polynya, a pseudonymous Ethereum researcher, and others in the rollup research community have argued that the only long-term credible bridge design is one based on validity proofs that allow the destination chain to cryptographically verify source chain state without trusting any intermediary. Zero-knowledge proofs, specifically zk-SNARKs and zk-STARKs, make this technically possible. A ZK bridge generates a succinct proof that a particular transaction was included in a finalized block on the source chain. The destination chain verifies that proof natively, requiring no external validator set.
ZK-based light client bridges reduce trust assumptions to the cryptographic security of the proof system itself, eliminating the human-operated validator sets that have been the attack surface in most major bridge exploits.
The practical limitation is computational cost. Generating ZK proofs of consensus for chains like Ethereum requires proving the BLS12-381 signature aggregation used in Ethereum's beacon chain, which until recently required minutes of proving time and substantial hardware. Projects including Succinct Labs, =nil; Foundation, and Electron Labs have been working on accelerating this. Succinct's SP1 prover, described in its technical documentation, targets proof generation times measured in seconds for standard EVM blocks, a meaningful step toward practical deployment.
Also Read: Sui Crashes Third Time In 48 Hours, Wiping Out $1.88M In Trades
Optimistic Bridges: A Middle Ground With Its Own Attack Surface
Between the high security of ZK bridges and the low security of validator-set designs sits a class of optimistic bridges, modeled on the same fraud-proof logic that underlies optimistic rollups. Optimistic bridges process cross-chain messages immediately but include a challenge window, typically seven days, during which any party can submit a fraud proof demonstrating that the relayed message was invalid. If no challenge succeeds, the message is accepted as final.
Connext, Across Protocol, and the messaging layer Nomad (before its 2022 exploit) have all used variants of optimistic verification. The security argument is that a single honest watcher, anywhere in the world, can prevent a fraudulent message from finalizing. In theory this is strong. In practice it depends on whether watchers are reliably monitoring the system and whether the fraud-proof mechanism itself is correctly implemented.
Optimistic bridge security collapses if the fraud-proof window is not monitored, if the fraud-proof submission mechanism contains bugs, or if watchers can be economically coerced into inaction during the challenge period.
The Nomad exploit in August 2022 that cost $190 million was not, notably, an attack on the optimistic mechanism itself. It was a straightforward smart contract bug. A routine upgrade set the trusted root to zero, meaning any message could be replayed as valid. Once one attacker identified the flaw, hundreds of copycat transactions followed within hours in what researchers called an opportunistic "free-for-all" that drained the bridge almost completely. The incident illustrated that optimistic security is only as strong as every other component of the stack it relies on.
Also Read: Bonk Eyes A Return To Top-100 As Meme Coin Season Gains Volume
Validator Economics And The Incentive Failure At The Heart Of Bridge Security
Even well-designed validator-set bridges face a structural economic problem. Validators earn fees for relaying messages. They face potential slashing or reputational damage if they behave maliciously. But the fee revenue is typically small relative to the value flowing through the bridge, while the potential gain from a coordinated attack on a high-TVL bridge can be enormous. This asymmetry is not unique to bridges but it is particularly acute in bridge architecture because a single coordinated action across a threshold number of validators can drain the entire locked pool.
Academic work on this problem includes a 2023 paper by researchers at IC3, the Initiative for CryptoCurrencies and Contracts, which modeled rational validator behavior in cross-chain messaging systems. Their analysis found that when the bribe threshold required to corrupt a validator set falls below the value of assets that can be stolen, the system is economically insecure regardless of its cryptographic design. For bridges securing hundreds of millions of dollars with validator sets earning annualized yields of a few percent on staked collateral, that threshold is regularly crossed.
IC3 researchers found that validator-set bridges become economically insecure whenever the cost of corrupting a threshold of validators falls below the value of assets the bridge secures, a condition frequently met in practice.
The practical implication is that validator set size matters less than the economic relationship between validator collateral and bridge TVL. A 19-of-21 multisig that secures $500 million in TVL but requires only $5 million worth of slashable stake to compromise is structurally less secure than a 3-of-5 multisig securing $1 million with $10 million in stake behind each validator. The field has been slow to adopt this framing, with most bridge security discussions focusing on validator count rather than the economic security ratio.
Also Read: Cognition Raises $1 Billion At $26 Billion Valuation For Its AI Coding Agent Platform
Audit Coverage And The False Security Of Post-Deployment Certificates
Every major bridge that has been exploited was audited. Wormhole was audited. Ronin was audited. Nomad was audited. This observation is not a condemnation of audit firms but a clarification of what audits actually provide. A smart contract audit is a point-in-time review of code as it exists at the moment of review. It is not a guarantee that the code will remain secure through upgrades, dependency changes, or novel attack vectors discovered after publication.
Trail of Bits, one of the most respected security firms in the space, has published research noting that audit coverage for complex cross-chain protocols is structurally limited by the difficulty of modeling attacker behavior across two independent execution environments simultaneously. A reviewer auditing a bridge's Ethereum-side contracts may not have full visibility into how those contracts interact with logic on a destination chain running a different virtual machine with different finality assumptions.
Trail of Bits researchers have documented that multi-chain protocol audits are systematically harder than single-chain audits because the attack surface includes the interaction between environments, not just each environment in isolation.
The post-audit upgrade problem is equally serious. The Nomad exploit was triggered not by code that existed at the time of audit but by a specific parameter set during a subsequent upgrade. The upgrade itself was audited, but the consequences of that specific value being set to zero were not identified. This is a category of error that formal verification, as distinct from manual audit, is better positioned to catch. Certora and Runtime Verification have both developed formal verification tooling for EVM contracts, and their adoption in bridge codebases has grown, but it remains far from universal.
Also Read: Sui Foundation Blames Upgrade Bugs For Three Costly Outages
The Interoperability Protocol Layer: Replacing Bespoke Bridges With Shared Infrastructure
One architectural response to the proliferation of vulnerable bespoke bridges is to replace them with shared cross-chain messaging infrastructure that many application-layer bridges can build on. The argument is that concentrating security investment, audit coverage, and cryptographic rigor into a single well-resourced messaging layer reduces overall systemic risk compared to dozens of individually deployed bridge contracts each carrying their own attack surface.
LayerZero and Wormhole (which rebuilt significantly after its 2022 exploit) represent this approach. LayerZero's protocol, documented in its whitepaper, separates the oracle function (delivering block headers) from the relayer function (delivering transaction proofs) and requires both to collude to forge a message. This reduces but does not eliminate trust assumptions. Chainlink's CCIP (Cross-Chain Interoperability Protocol) adds a third layer of off-chain risk management nodes specifically tasked with rate limiting and anomaly detection on cross-chain message flows.
LayerZero's separated oracle-relayer architecture requires both oracle and relayer to collude to forge a cross-chain message, raising the attack cost relative to single-validator-set designs while still relying on external trust assumptions.
The counterargument is concentration risk. If a single cross-chain messaging protocol processes the majority of all bridge transactions, a critical vulnerability in that protocol becomes a systemic risk for the entire ecosystem. This is analogous to the concerns raised about widely used software libraries in traditional computing. The Interchain Security model developed in the Cosmos (ATOM) ecosystem takes a different approach, sharing validator sets across application chains within a defined trust zone rather than creating general-purpose messaging infrastructure between heterogeneous chains.
Also Read: NVIDIA Launches Cosmos 3, An Open Physical AI Model Built On Mixture-of-Transformers
Insurance, Bug Bounties, And Market-Based Risk Mitigation
While the engineering community works on architectural solutions, a parallel set of market mechanisms has emerged to absorb bridge exploit losses when they occur. On-chain insurance protocols, bug bounty programs, and bridge-specific coverage products have all grown significantly since the 2022 exploit wave, though their collective capacity remains small relative to aggregate bridge TVL.
Immunefi has become the dominant platform for crypto bug bounty programs. Its leaderboard data shows that total bounties paid across all programs exceeded $100 million cumulatively by 2025, with bridge protocols offering some of the largest individual rewards.
Wormhole's bug bounty program offers up to $2.5 million for critical vulnerabilities. LayerZero has offered comparable maximums. These programs create financial incentives for white-hat researchers to find and responsibly disclose vulnerabilities rather than exploit them.
Immunefi's platform has facilitated over $100 million in cumulative bug bounty payouts, but bridge protocols remain systematically underinsured relative to their TVL exposure, leaving hundreds of millions of dollars in potential losses uncovered.
On-chain insurance protocols including Nexus Mutual and Unslashed Finance offer parametric coverage for bridge exploits. But available coverage capacity across these protocols is materially smaller than the TVL in major bridge contracts. Nexus Mutual's published data shows that covered value across all its active covers represents a fraction of total DeFi TVL. For bridge users, this means that in practice, most funds transiting bridges are uninsured against exploit losses. The gap between the scale of bridge activity and the maturity of coverage infrastructure represents a meaningful market failure that has not yet attracted a solution at scale.
Also Read: ETH Loses Its Last Floor And Stares Down A Drop Toward $1,800
What A More Secure Bridge Ecosystem Actually Looks Like
The research and incident data from the past four years points toward a convergent view of what more secure cross-chain infrastructure looks like, even if that destination remains years away from full realization. It involves three overlapping shifts: a move from external validator sets toward cryptographic verification, a move from bespoke bridge contracts toward standardized cross-chain messaging layers, and a move from reactive security patching toward proactive formal verification and continuous monitoring.
ZK light client bridges represent the most technically credible long-term architecture. Projects including Electron Labs (which built a ZK proof of Ethereum's consensus for use in the NEAR Protocol (NEAR) ecosystem), Polyhedra Network, and Succinct Labs are all advancing the prover technology needed to make ZK bridges economically viable at scale. Succinct's SP1 zkVM, released in 2024, demonstrated that generating ZK proofs of EVM execution is achievable with commodity hardware in near-real-time, a meaningful benchmark that was not reachable two years prior.
Succinct Labs' SP1 prover demonstrated in 2024 that ZK proofs of EVM execution can be generated with commodity hardware in near-real-time, a technical milestone that makes ZK light client bridges viable for the first time at production scale.
Alongside cryptographic advances, the industry needs infrastructure for real-time monitoring that can detect anomalous cross-chain message patterns before funds are fully drained. Forta Network and Chainalysis KYT both offer on-chain monitoring tools, and several bridge protocols have implemented automated circuit breakers that pause withdrawals above a threshold value pending manual review. The Ronin exploit's five-day detection gap was exceptional even by 2022 standards, and today's monitoring tooling would be expected to catch such a large anomaly faster. But automated detection of bridge exploits still lags the speed at which sophisticated attackers can drain contracts once they have identified a vulnerability.
Read Next: Arthur Hayes Sees HYPE Clearing $150 And Eclipsing Solana
Conclusion
The persistence of cross-chain bridge exploits is not evidence that the problem can't be solved. It's evidence that the current generation of bridge architecture made explicit, visible tradeoffs between security and practicality. And those tradeoffs have been exploited at scale.
The 42% share of May 2026's exploit losses coming from bridges reflects a structural vulnerability. One that has survived multiple market cycles, multiple high-profile disasters, and multiple rounds of claimed remediation.
The path forward exists.
ZK light client bridges can eliminate the external validator trust assumptions that have been the attack surface in most major incidents. Shared cross-chain messaging infrastructure can concentrate security investment more efficiently than bespoke per-protocol bridge contracts. Formal verification can catch upgrade-induced vulnerabilities that manual audits routinely miss. Bug bounty programs can turn potential exploiters into paid researchers. And circuit breakers can limit the damage when a vulnerability does slip through and get exploited.
None of these measures is enough on its own. And none is yet deployed at the scale needed to materially reduce the category's exploit rate.
Bridge TVL keeps growing. The absolute dollar value at risk keeps rising. The sophistication of attackers targeting the category hasn't diminished.
The $28.6 million lost in May 2026 is not a warning shot.
It's a data point in a trend that has been running for four years — one the next generation of bridge architecture has the technical toolkit to break, if that toolkit is deployed with the urgency the loss record demands.