Pont

Définition

A blockchain bridge is a protocol that enables the transfer of assets, data, or messages between two separate blockchain networks that would otherwise be unable to communicate with each other. Since blockchains like Bitcoin, Ethereum, and Solana operate as isolated ecosystems with their own mécanismes de consensus, smart contract environments, and native assets, bridges serve as the connective tissue of the multi-chain ecosystem – allowing users to move tokens from one chain to another and interact with applications across multiple networks. Bridges typically operate by locking assets on the source chain and minting equivalent wrapped tokens on the destination chain, then burning those wrapped tokens and unlocking originals on the return journey. While bridges have become indispensable infrastructure for DeFi’s cross-chain ecosystem, they have also become one of the most targeted attack vectors in crypto – with bridge hacks accounting for the majority of all stolen DeFi funds, including the Ronin bridge ($625M), Wormhole ($320M), and Nomad ($190M) exploits of 2022.

Origine & Histoire

DateEspaces
2020wBTC (Wrapped Bitcoin) becomes first widely used bridge product; BTC moves to Ethereum
2021Multi-chain era begins; bridges proliferate connecting Ethereum, BSC, Polygon, Solana
2021Poly Network hacked for $611M (largest hack at time); partially returned
Fév 2022Wormhole bridge hacked for $320M; Jump Trading backstops
Mar 2022Ronin bridge (Axie Infinity) hacked for $625M; largest DeFi hack ever
2022 août Nomad bridge hacked for $190M
2022Total bridge hack losses exceed $2B; security auditing intensifies
2023ZK-based bridges advance; trustless verification approaches gain traction
2024LayerZero, Stargate, Circle CCTP provide improved cross-chain infrastructure
“Bridges are the banks of Web3 – they hold enormous value and are therefore the most targeted infrastructure in crypto.”
Les chercheurs en sécurité

Fonctionnement

Type de pontModèle de confianceSécuritéExemple
Trusted (federated)Multi-sig validatorsFaible-moyenWormhole (pre-2023)
OptimisteFraud proof watchersMoyenneOptimisme, arbitrage
ZK (zero-knowledge)Preuves cryptographiquesHautePolygon zkBridge
IBC (light client)Vérification sur la chaîneTrès élevé IBC Cosmos
Native wrapped assetCustodian trustVariablewBTC (BitGo)

Lire aussi: Multi-signature (Multisig)

En termes simples

  1. Cross-chain transportation: A bridge is like a tunnel between two countries (blockchains) – it allows you to take your asset from one chain to another, translating it into a form the destination chain understands.
  2. Serrure et menthe: The most common bridge mechanism locks your original token on one chain and mints a “copy” on the other. The copy is worthless without the locked original – the bridge is the custodian of your real asset.
  3. Why bridges are targets: Bridges hold enormous concentrations of locked tokens – essentially crypto banks. The bridge’s smart contract or validator set becomes a single point of attack, unlike decentralized networks, where there’s no central point to attack.
  4. Trust assumptions matter: Different bridges require different levels of trust. Some rely on a small group of validators (hackable). Others use cryptographic proofs (much harder to hack). Always understand what you’re trusting when using a bridge.
  5. Cercle CCTP: Circle’s Cross-Chain Transfer Protocol uses a burn-and-mint model for USDC – no locking required, and Circle’s attestation service validates transfers. This eliminates the “locked pool” hack surface while maintaining fiat-backed security.

Exemples du monde réel

ScénarioMise en œuvreRésultat
ETH to Polygon for DeFiUser bridges ETH to Polygon for lower feesReceives wETH on Polygon; uses Aave with $0.01 fees vs $5+ on Ethereum
Ronin bridge hack (2022)Attackers compromise 5/9 Ronin validators173,600 ETH + $25.5M USDC stolen ($625M); Axie Infinity devastated
Wormhole hack (2022)Attacker exploits signature verification bug$320M stolen; Jump Trading covers losses to maintain ecosystem trust
IBC transfer (Cosmos)User transfers ATOM from Cosmos Hub to OsmosisTrustless, light-client-verified transfer; no wrapped tokens
USDC CCTPUser bridges USDC from Ethereum to Avalanche via CircleBurns USDC on Ethereum; mints on Avalanche; no bridge custody risk

Avantages

AvantageDescription
Cross-chain accessUse any chain’s DeFi, NFTs, or applications with any chain’s assets
Efficacité du capitalAssets flow where yield and utility is highest
Ecosystem composabilityDeFi protocols across chains can interact
Optimisation des fraisBridge to lower-fee chains for specific operations
Agrégation de liquiditéUnified liquidity across otherwise isolated ecosystems

Inconvénients et risques

DésavantageDescription
Risque de sécuritéBridge hacks have stolen billions; largest single-event losses in DeFi
hypothèses de confianceMost bridges require trusting validator sets or federated custodians
Risque de contrat intelligentComplex cross-chain logic creates large attack surface
Fragmentation de la liquiditéAssets spread across chains reduce depth at each point
Délais de retraitSome bridges require 7-day waiting periods for security

Conseils de gestion des risques :

  • Use well-audited bridges with long operational history; avoid new, unaudited bridges
  • Start with small test transactions before bridging large amounts
  • Prefer native solutions (IBC for Cosmos, official L2 bridges for Ethereum rollups)
  • Use Circle CCTP for USDC transfers – eliminates locked pool risk
  • Never bridge more than you can afford to lose to a security exploit

QFP

Which bridge is safest to use?

For Ethereum L2s, use the official native bridges (Arbitrum Bridge, Optimism Bridge) as they inherit Ethereum’s security. For Cosmos chains, IBC is the safest option. For USDC cross-chain, Circle’s CCTP is excellent. For general multi-chain bridging, well-audited options with long track records (Stargate, Across Protocol) are preferable to new unaudited bridges.

How did the Ronin bridge get hacked for $625M?

Ronin used a multi-sig validator system requiring 5-of-9 signatures to approve transactions. Attackers (later attributed to North Korea’s Lazarus Group) compromised 5 of the 9 validator keys through social engineering and software exploits, allowing them to sign fraudulent withdrawals that drained the bridge.

How long does bridging take?

Varies significantly: Trusted multi-sig bridges: 5-30 minutes. Optimistic rollup exits: up to 7 days (due to fraud proof window). ZK-rollup exits: minutes to hours. IBC (Cosmos): seconds to minutes. Third-party fast bridges (Across Protocol) can complete transfers in minutes by using liquidity providers who front funds.

What is a “fast bridge”?

Fast bridges (like Across Protocol, Hop Protocol) use liquidity providers who immediately release funds on the destination chain, then settle with the main bridge later. This eliminates withdrawal delays while shifting the risk to liquidity providers (who earn fees). They provide near-instant cross-chain transfers.

Are bridges the biggest security risk in DeFi?

By total dollar value stolen, yes – bridge hacks have accounted for the majority of all DeFi hacks. Chainalysis reported that bridge hacks represented 69% of all crypto stolen in 2022 ($2B+ from bridges alone). The combination of large locked pools and complex cross-chain validation creates the most dangerous attack surface in the ecosystem.

Termes connexes

Actualités et Événements