Lesson 6 — Bridges revisited: Ronin, Wormhole, Harmony, Multichain
Bridges have caused over $2.5 billion in user losses since 2021 — the single largest exploit category in DeFi history. Today: the architectural choices and how each one failed.
Of every dollar lost to DeFi exploits over 2021–2025, more dollars were lost to bridge exploits than to any other category. The bridges are large, hold pooled assets across many users, and bring together cryptography, validator economics, and integration complexity in a way that has produced repeated catastrophic failures. This lesson walks through the most documented cases at a mechanism level — and the architectural choices that made each possible.
**What a bridge actually does.** Most cross-chain bridges work by locking the original asset on the source chain and minting a wrapped (synthetic) version on the destination chain. To withdraw, the user burns the wrapped version, the bridge verifies the burn, and unlocks the original asset. The bridge holds pooled assets on the source chain — the larger the bridge, the larger the pool, the more attractive the target. The security model varies dramatically by bridge type: federated multisig (a small group of signers controls the bridge), light-client (the bridge runs a verifier of the other chain's consensus), zk-bridge (cryptographic proofs of state), optimistic (proofs disputed by watchers), or trusted-relayer (a single entity vouches for messages).
**Ronin Bridge — March 2022, $625M.** Ronin was the bridge connecting Axie Infinity's gaming sidechain to Ethereum. Architecture: a 5-of-9 multisig of validator signatures, with five of the nine validators run by Sky Mavis (the Axie team). North Korean state-affiliated attackers (Lazarus Group, per the FBI's attribution) compromised four of Sky Mavis's validator keys through a sophisticated social-engineering campaign — a fake job offer delivered via LinkedIn, ending in a PDF download that installed malware. The fifth Sky Mavis key was also exposed to the attackers because of a temporary access agreement with a backup validator that hadn't been revoked. With five of nine signatures controlled, the attackers signed transactions that drained 173,600 ETH and 25.5M USDC. The structural lesson: a 5-of-9 multisig where a single entity controls a majority of the signers is functionally a 1-of-1 multisig from a compromise perspective.
**Wormhole — February 2022, $325M.** Wormhole connects Solana to Ethereum (and other chains). Architecture: a set of 'guardian' nodes that sign attestations about events on each chain; the contract verifies guardian signatures. The exploit: a signature verification function on the Solana side accepted a forged signature because of a missing check. The attacker submitted a transaction claiming to have deposited 120,000 ETH on Ethereum (they hadn't); the forged guardian signature was accepted; the Solana contract minted 120,000 wETH to the attacker. The attack was a pure code bug — the signature scheme was correct, the implementation was wrong. Jump Crypto restored the funds within 24 hours from its own treasury to prevent cascading failure across protocols using wETH.
**Harmony Horizon Bridge — June 2022, $100M.** Architecture: a 2-of-5 multisig where the signers were Harmony team members. The attackers (also Lazarus Group per FBI attribution) compromised two of the five signer keys through social-engineering attacks. The bridge's smart contracts were sound; the keys protecting them were not. The same structural lesson as Ronin: a low-threshold multisig is only as strong as the social-engineering resistance of its signers.
**Multichain — July 2023, $130M+.** A different failure mode entirely. Multichain operated a network of bridges across many chains, controlled by a small team led by a developer known as 'Zhaojun.' In July 2023, Zhaojun was reportedly arrested by Chinese authorities. With him went the keys to the bridges; user funds were stuck. Then, transactions started flowing out of the bridges to unknown addresses — never definitively explained, possibly an inside exit. Users could not withdraw, the team did not communicate, and the bridges effectively collapsed. The structural lesson: a bridge whose security depends on the operational continuity of a small team has key-person risk that no audit captures.
**Nomad — August 2022, $190M.** Nomad's bridge used an optimistic verification model. An upgrade in early August initialized a contract with a default trusted root of 0x00, which (because of how the verification routine compared roots) made every message appear valid by default. The exploit was a 'free-for-all' — once the first attacker noticed, others copied the exploit transaction with their own addresses substituted in. Hundreds of addresses participated in draining the bridge over a few hours. Some 'whitehat' participants later returned funds; many did not. The structural lesson: optimistic verification depends on watchers being incentivized to dispute invalid messages; if the verification logic itself is broken, watchers can't help.
**The composite picture.** Every bridge holds pooled assets that scale with the bridge's success. The attack surface scales with TVL. The signer-set or verification design is the load-bearing security assumption, and historically those assumptions have been broken in three different ways: signature-scheme code bugs (Wormhole), signer-key compromise via social engineering (Ronin, Harmony), operational and key-person risk (Multichain), and verification-logic flaws (Nomad). When evaluating a bridge for any meaningful deposit, the question is not 'has this bridge been audited?' but 'what specifically secures it, and what is the catastrophic-failure mode if that breaks?'
Example
Compare four bridges along the same dimensions. **Bridge A**: 7-of-13 multisig with signers across 13 independent organisations on three continents. Funds custodied across hardware modules. Operational continuity does not depend on any single team. Bug-bounty program with $10M+ ceiling. Active for 4+ years, no major incidents. **Bridge B**: zk-rollup bridge where state transitions are proven cryptographically rather than vouched-for; trust assumption is the soundness of the SNARK and the integrity of the trusted setup ceremony (if applicable). **Bridge C**: 3-of-5 multisig where four of the five signers are at the same team. **Bridge D**: a bridge that has been live for six months, with a small audit, where the team is mostly anonymous. Same surface label, four different risk profiles. The bridge's architecture and operational history is the actual signal — not the marketing.
Common mistakes
- Using whichever bridge is cheapest without checking the security model. The fee saving is a fraction of a percent; the catastrophic-loss probability is concentrated at the bridge layer.
- Treating 'audited' as sufficient for bridges. Wormhole was audited; Nomad was audited. The audit didn't catch the specific bug.
- Holding wrapped assets long-term in bridge-issued forms. The wrapper depends on the bridge's continued solvency; the longer you hold, the more exposure.
- Underestimating social-engineering attacks against bridge teams. Lazarus Group has repeatedly compromised bridge keys through job-offer scams; every bridge with team-held keys is exposed.
- Treating bridges across testnets as equivalent to bridges across mainnet. The economic incentive to attack a $1M testnet bridge is roughly zero; the incentive to attack a $500M mainnet bridge is enormous.
Check your understanding
You need to bridge $50,000 across two major chains. Two bridges are available: Bridge A (7-of-13 multisig, signers across 13 independent organisations, 4+ years live with no major incidents, active bug bounty) and Bridge B (3-of-5 multisig with all signers at the same team, 6 months live, fees 50 percent lower). What is the structurally defensible choice?
Key terms covered
Sources & further reading
- Primary
- Primary
- Primary
- Secondary
- Secondary
We prioritise primary sources. Where a topic moves quickly (regulation, security incidents), we re-check sources on the cadence shown by the page's "Next review" date.