CoinBrew CoinBrew
Subscribe
education · CoinBrew

What Is a Crypto Bridge? How to Move Assets Between Blockchains

Crypto has a fragmentation problem. Ethereum has its ecosystem. Solana has its own. BNB Chain, Avalanche, Base, Arbitrum — each is a separate blockchain with its own tokens, apps, and liquidity. The trouble is, these chains don’t natively talk to each other. Moving assets between them requires a crypto bridge — and understanding how they work (and where they’ve failed catastrophically) is essential knowledge for anyone active in DeFi.

Why Do Blockchains Need Bridges?

Blockchains are, by design, isolated environments. Bitcoin doesn’t know Ethereum exists. Ethereum doesn’t know what’s happening on Solana. Each chain has its own consensus mechanism, its own validator set, its own state.

This isolation is a feature for security. But it’s a limitation for usability. If you’ve got ETH on Ethereum mainnet and want to use a DeFi protocol on Arbitrum, you need to move that ETH somehow. If you want to use Solana’s cheaper transaction fees with assets you hold on Ethereum, you need to cross that gap.

That’s what crypto bridges do: they let you move value (or representations of value) between blockchains that wouldn’t otherwise communicate.

How Crypto Bridges Actually Work

Here’s the fundamental mechanism, stripped to basics:

Most bridges use a lock-and-mint model:

  1. You deposit Token A on Chain 1 into the bridge’s smart contract
  2. The bridge locks those tokens (they’re now held by the contract)
  3. The bridge mints an equivalent “wrapped” version on Chain 2
  4. You receive the wrapped token on Chain 2

When you want to go back:

  1. You send the wrapped token back to the bridge on Chain 2
  2. The bridge burns those tokens
  3. The bridge releases your original Token A from escrow on Chain 1

The most common example: Wrapped Bitcoin (WBTC) on Ethereum. Real BTC is locked with a custodian, and an equivalent amount of WBTC is minted on Ethereum. You can use WBTC in Ethereum DeFi protocols, then redeem it for actual BTC later.

Variations on the Model

Burn-and-mint: Instead of locking tokens on one chain, they’re permanently burned. New tokens are minted on the destination chain. The total supply remains constant across both chains.

Liquidity pools: Some bridges (like Hop Protocol, Stargate) maintain native token pools on each chain. You deposit Token A on Chain 1, and the bridge pays you from its own pool on Chain 2. This is faster because you’re not waiting for the lock/mint cycle — but it requires the bridge to maintain deep liquidity.

Native bridges: Most L2 networks (Arbitrum, Optimism, Base) have an official bridge built by the same team. These use the L2’s own security model. Deposits are typically fast; withdrawals back to L1 can take up to 7 days for optimistic rollups (the challenge period).

The Security Problem: Bridges Are Juicy Targets

Here’s the uncomfortable truth: crypto bridges have been the single biggest source of hacks in crypto history.

Why? Because bridges concentrate enormous value in smart contracts — often on both chains simultaneously. Attack one vulnerability, and you can drain hundreds of millions. The bridge holds the keys to the locked assets, so compromising the bridge compromises everything inside it.

The numbers are brutal:

Ronin Bridge (2022): $625 million stolen. The Axie Infinity sidechain’s bridge used only 9 validator nodes, 5 of which were controlled or compromised by the Lazarus Group (North Korean state hackers). They gained control of 5 keys, signed fraudulent transactions, and drained the bridge. It went undetected for six days.

Wormhole (2022): $320 million stolen. A bug in the Solana side of the Wormhole bridge let an attacker mint 120,000 WETH without depositing any ETH. Jump Crypto (Wormhole’s backer) eventually covered the loss — one of the few cases where a bridge hack was made whole.

Nomad (2022): $190 million drained. A smart contract vulnerability allowed anyone to claim assets by copying a simple transaction format. Once the first exploit went public, it turned into a chaotic free-for-all where hundreds of wallets rushed in to drain whatever was left.

Poly Network (2021): $611 million stolen, later returned. A logic flaw let the attacker call a function to change the keeper address — essentially handing themselves control of the bridge’s treasury.

Collectively, bridge hacks have cost the industry over $2 billion, making them far and away the most exploited surface in crypto. If someone invites you to use a brand-new bridge with a flashy UI and big APY incentives, that should be a red flag, not a feature.

Major Bridges in Use Today

Not all bridges are equally sketchy. Here’s a realistic breakdown of what people actually use:

Official L2 Bridges

  • Arbitrum Bridge (bridge.arbitrum.io): Native bridge for Ethereum → Arbitrum. Deposits: fast. Withdrawals: 7 days (optimistic challenge period).
  • Optimism Bridge (app.optimism.io/bridge): Same model. Native, audited, relatively trustworthy.
  • Base Bridge: Coinbase-backed L2. Native bridge works the same way.
  • zkSync Bridge: ZK-based, so withdrawals are faster than optimistic counterparts.

Verdict: Official L2 bridges are among the safer options, backed by the protocol teams and secured by the chain’s own security model. Use these when you’re moving between Ethereum and a major L2.

Third-Party Bridges

Stargate / LayerZero: One of the most used cross-chain liquidity protocols. Uses a unified liquidity pool model for fast transfers. LayerZero’s messaging layer powers cross-chain communication for dozens of protocols.

Hop Protocol: Designed specifically for fast L2-to-L2 transfers without going through Ethereum mainnet. Uses “bonders” who front liquidity, settling later on L1.

Across Protocol: Uses UMA’s optimistic oracle for verification. Fast transfers, competitive fees, strong reputation for capital efficiency.

Synapse Protocol: Multi-chain bridge supporting many chains and tokens. Audit history, decent track record.

Celer cBridge: Wide chain support, reasonable fees, but had a BGP hijacking incident in 2022 (their frontend DNS was hijacked — not a smart contract exploit, but still).

Aggregators

LI.FI, Socket (Bungee), and Squid Router aggregate multiple bridges and DEXs to find the optimal cross-chain route. Like using a DEX aggregator, but for bridging. These don’t hold your funds — they route through underlying bridges.

How to Bridge: Step by Step

Here’s a general walkthrough for moving ETH from Ethereum mainnet to Arbitrum:

  1. Go to the bridge: For official, use bridge.arbitrum.io. For third-party, use Stargate or Across.
  2. Connect your wallet: MetaMask, Rabby, or your preferred web3 wallet.
  3. Select source and destination chains: Ethereum → Arbitrum.
  4. Select asset and amount: ETH, however much you want to bridge.
  5. Review fees: Bridges charge their own fees on top of gas. Compare a few if you’re moving a significant amount.
  6. Initiate the transaction: Sign it in your wallet.
  7. Wait: Official bridges to Arbitrum deposit in minutes. Withdrawals back to Ethereum mainnet take 7 days.
  8. Add Arbitrum to your wallet: If you haven’t already, add the network (chainid.link is useful for this). Your bridged ETH will appear once the transaction confirms.

Key tip: you’ll need ETH on the destination chain to pay for gas once you arrive. If you bridge ETH, you’ll have gas. But if you bridge USDC only, you won’t be able to do anything until you have some gas token. Some bridges have a “gas drop” feature that sends a small amount of native token — use it.

Risks to Know Before You Bridge

Smart contract risk: Every bridge is code. Code has bugs. Use audited, established bridges.

Liquidity risk: On liquidity-pool bridges, if the destination pool runs dry, your transfer can get stuck until liquidity is replenished.

Wrapped token risk: Wrapped tokens (WBTC, wETH, etc.) are IOUs. They’re only as good as the backing mechanism. If the bridge that minted them gets exploited, the wrapped tokens can depeg or become worthless.

Frontend attacks: Bridges’ websites have been compromised to show fake transaction approvals. Always verify you’re on the correct URL. Bookmark official bridges directly.

Long withdrawal times: Optimistic rollup withdrawals back to L1 take 7 days. If you need funds urgently, a fast bridge (that charges a fee) can bypass this via liquidity pools.

Chain support: Not all assets are supported on all chains. Check that your specific token has liquidity on the destination chain before assuming the bridge will work.

Tips for Bridging Safely

  • Use official bridges when going to/from L2s
  • For cross-chain, stick to audited protocols with significant TVL and real history
  • Never use a bridge you found in a Discord DM or a random tweet
  • Test with a small amount first if you’re using a new bridge
  • Check the destination chain address format — Ethereum and EVM chains use the same format, but Solana, Bitcoin, etc. are completely different
  • Track your transaction on both chains’ block explorers (Etherscan for source, Arbiscan for Arbitrum, etc.)

FAQ

Are crypto bridges safe to use? Established bridges from major protocols (Arbitrum, Optimism, Stargate, Across) are reasonably safe but not risk-free. Bridges have been the biggest hack target in crypto history. Use audited, established bridges with real track records. Avoid unknown or newly-launched bridges, especially ones with high yield incentives.

How long does bridging take? It depends heavily on the bridge and direction. Deposits to L2s via official bridges typically take 5-20 minutes. Withdrawals from optimistic rollups (Arbitrum, Optimism, Base) back to Ethereum take 7 days unless you use a fast liquidity bridge. Third-party bridges like Across or Hop can do it in minutes for a fee.

Why do wrapped tokens exist? Because native assets can’t move between chains. A wrapped token is a representation of an original asset locked on another chain. WBTC is ERC-20 Bitcoin on Ethereum. wETH on Arbitrum is Ethereum’s ETH, bridged. As long as the bridge backing them is sound, they hold their value 1:1 with the original.

Can I lose my funds if I bridge incorrectly? Yes. Sending to the wrong chain or wrong address format can result in permanent loss. Always double-check the destination chain and address. If you send ERC-20 tokens to a Solana address (or vice versa), recovery is usually impossible.

What is a bridge hack and how does it happen? Bridge hacks typically exploit vulnerabilities in the smart contracts that lock or mint assets. Common attack vectors include logic errors in signature verification, compromised validator keys, or bugs in cross-chain messaging. The Ronin hack, for example, used stolen private keys from validators. The Wormhole hack exploited a code bug that let attackers mint tokens without depositing collateral.