
Payal Singh
Crypto Analyst
TL;DR
A crypto bridge lets you move assets from one blockchain to another. Most use lock-and-mint, burn-and-mint, or liquidity pools. They exist because chains are isolated. They've also been the biggest hack target in crypto, so choosing the right bridge matters a lot.
Key takeaways
- A bridge moves value between two chains that otherwise can't communicate.
- The three main designs are lock-and-mint, burn-and-mint, and liquidity-pool bridges.
- Native bridges are usually safer but slower; third-party bridges are faster but add trust.
- Bridges have lost over $2.5 billion to hacks since 2021, so they're a real risk category.
- Bridge small first, check the destination address, and use aggregators to compare routes.
You buy some ETH on Ethereum. Then you find a yield opportunity on Arbitrum, or a game on Polygon, or a token that only trades on Solana. Problem: your ETH is stuck. Blockchains don't talk to each other. Ethereum has no idea Solana exists, and vice versa. This is where a crypto bridge comes in.
I've bridged assets hundreds of times since 2021, across at least a dozen chains, and I've also watched bridges get drained for hundreds of millions of dollars. So this guide is both a plain explainer and a warning. Bridges are useful. They're also the single riskiest piece of plumbing in DeFi.
What is a crypto bridge, exactly?
A crypto bridge is a protocol that lets you move value between two blockchains that can't natively communicate. That's the whole job. Chain A and Chain B run separate ledgers, separate validators, separate rules. A bridge sits in the middle and coordinates a swap so that giving up an asset on one side results in getting an equivalent asset on the other.
Here's the mental model I use. You're not teleporting a coin. You're doing a two‑step handshake: lock or destroy something here, prove it happened, release something there. The bridge is the referee that makes sure both halves line up.
Why do bridges even exist?
Because crypto isn't one network. It's dozens of them. Ethereum, Solana, Avalanche, BNB Chain, Polygon, Arbitrum, Optimism, Base, and so on. Each has its own users, apps, fees, and speed. Liquidity gets scattered across all of them.
Without bridges you'd be trapped wherever you first bought your coins. Want cheaper transactions? You'd have to sell on one chain and rebuy on another through an exchange, eating fees and taxes each time. Bridges let value flow to wherever it's most useful. That mobility is a big part of what makes DeFi work at all.
How do crypto bridges work under the hood?
There are three main designs. Knowing which one you're using tells you a lot about the risk you're taking.
Lock‑and‑mint
This is the classic. You send 1 ETH to the bridge's contract on Ethereum. That ETH gets locked, frozen in place. The bridge then mints 1 wrapped ETH on the destination chain and hands it to you. The original never moves. It just sits there as collateral backing the wrapped copy.
When you want to come back, the wrapped ETH is burned and the real ETH unlocks. Most cross‑chain wrapped tokens work this way. The catch: all that locked collateral piles up in one contract, which is exactly what hackers go after.
Burn‑and‑mint
Here the token is destroyed on the origin chain instead of locked. You burn 100 USDC on Chain A, the bridge verifies the burn, and mints 100 fresh USDC on Chain B. Supply stays constant across both chains. Circle's official USDC transfer protocol uses this approach, and it's cleaner because there's no giant honeypot of locked funds sitting around.
Liquidity‑pool bridges
These skip wrapping entirely. The bridge keeps pools of real assets already sitting on both chains. You deposit USDC on Chain A, and the bridge pays you out of its existing USDC pool on Chain B. No minting, no wrapping, just a coordinated swap between two piles of liquidity. It's fast, and you get the native asset instead of a wrapped IOU. The trade‑off is that pools can run dry, and pricing depends on how deep the liquidity is.
Native vs third‑party bridges
This distinction matters more than most people realize.
A native bridge is built and run by the chain's own team. The Arbitrum Bridge for Arbitrum, the Optimism Gateway for Optimism, the Polygon PoS Bridge for Polygon. These are the canonical route in and out of a network. They tend to be the safest option because you're only trusting the chain you're already trusting anyway. The downside is speed. Withdrawing from an optimistic rollup back to Ethereum through the native bridge can take up to seven days thanks to the challenge period.
A third‑party bridge is an independent protocol that connects many chains at once. Names like Across, Stargate, Hop, and Synapse. They're usually far faster (minutes, not days) and often cheaper. But you're now trusting a whole extra layer of smart contracts and, in some cases, off‑chain validators. More trust, more surface area for something to break.
My rule of thumb: big transfers go through native bridges when I'm not in a hurry. Smaller, time‑sensitive moves go through reputable third‑party bridges. If you want the practical mechanics for specific networks, I've written guides on how to bridge from Polygon, how to bridge from BNB Chain, and how to bridge from Arbitrum.
The risks: a short history of bridge hacks
Let's be blunt. Bridges have been catastrophic. They hold enormous pools of locked assets, which makes them the juiciest target in the whole space. The numbers are ugly.
- Ronin Bridge (March 2022): about $625 million gone, after attackers compromised validator keys. It's the largest crypto hack on record.
- Wormhole (February 2022): roughly $325 million, from a signature verification flaw that let the attacker mint wrapped ETH out of thin air.
- Nomad (August 2022): around $190 million, drained in a chaotic free‑for‑all after a botched upgrade left a routine exploitable by anyone who copied the transaction.
- Harmony Horizon Bridge (June 2022): about $100 million, again through compromised keys.
Add it all up with the smaller incidents and bridges have lost well over $2.5 billion since 2021. That's not a reason to never bridge. It's a reason to be picky about which bridge, and to never route more than you'd hate to lose through an unproven one.
The pattern in most of these is the same. Either the multisig or validator set controlling the bridge got compromised, or a bug in the code let someone forge a deposit. The more parties you have to trust and the more code sits between your funds and the exit, the more can go wrong.
How to bridge safely
You can't remove the risk, but you can cut it down a lot. Here's the checklist I run through every single time.
- Pick an established bridge. Look for audits, a track record of at least a year, and real volume. New, unaudited bridges are where funds vanish.
- Bridge a tiny test amount first. Send $10 through, confirm it lands on the other side, then send the rest. This one habit has saved me more than once.
- Triple‑check the destination chain and address. Sending to the wrong network can mean funds that are gone for good.
- Compare routes with an aggregator instead of guessing. Fees and speed vary wildly between bridges for the same transfer.
- Don't leave wrapped tokens sitting around longer than you need to. The longer funds sit in a bridge contract, the longer they're exposed.
- Keep records. If you care about the tax side, read our take on whether bridging is taxable before you move large sums.
Where aggregators fit in
Manually checking five bridges for the best rate is tedious. This is why routing tools exist. Blazpay is a DeFi and AI aggregator that scans across bridges and swap venues to find you the cheapest, fastest path in one place, instead of you tabbing between a dozen sites and hoping you picked right. For anyone bridging regularly, letting a router compare quotes beats guessing every time.
So, should you use a bridge?
Yes, carefully. Bridges are what let crypto function as a connected system rather than a bunch of walled gardens. You almost can't use DeFi seriously without touching one. The trick is treating them as high‑risk infrastructure: use trusted names, test small, and never assume your funds are safe just because the transfer went through last time.
Understand the design you're using, respect the hack history, and bridge like someone who's seen what goes wrong. Because plenty has.
