The neglected bridge

When roughly $290 million was siphoned out of the LayerZero-powered bridge KelpDAO uses for rsETH 13 days ago, the crypto industry did what it often does after a big cross-chain loss: it argued about terminology and played the blame game. Whether you point the finger at RPC poisoning or DVN misconfiguration, the forensic answer obscures the historical problem: Bridges.

As a category, “bridges” is a bit of a misnomer, as they do not really move anything. What they do is produce a sentence — "X happened on chain A" — and ask a second chain to treat that sentence as true. Every bridge drain was made possible because the destination chain said “yes” to a sentence it shouldn't have.

Reading back through Blockworks' coverage of bridges over the years is like reliving the same accident over and over.

August 2022: Nomad Token Bridge Raided for $190M in "Frenzied Free-For-All", a "’security-first' token bridge" nevertheless "accidentally allowed anyone to submit illicit transactions." Days later we got, After Latest Crypto Bridge Hack, Industry Participants Call for Tighter Security, which noted an "embarrassing rash of exploits this year."

July 2023: Multichain halts on suspected $130M hack, which Chainalysis subsequently suggested "may have been an inside job or a rug pull." That November, Huobi's 'Heco' chain bridge drained of $87M in crypto assets.

Two months later: $80M lost in first hack of 2024, with "a recurrent theme" of private key compromise. Two weeks after that: Socket Tech security breach affects multiple dapps and wallets.

Year after year we hear the same refrain from the 2022 Nomad hack, that bridges "must step up security measures." But the “embarrassing rash of exploits” has never ended.

By late 2023, Chainlink's Sergey Nazarov was telling Blockworks that most bridges are "absolutely not secure." Uniswap's own framing during its bridge assessment was equally direct: Crypto Bridges Tend To Collapse.

IBC-no-evil

The scorecard for one cross-chain protocol reads differently, however: Interblockchain Communication (IBC). Aside from one “close call with a critical vulnerability” in April 2024, a bug that was patched before it could be exploited, IBC has just worked.

Why is IBC’s history so pleasantly boring? Because it was never the same kind of beast. Validator bridges and DVN networks are external attestors, where the destination chain accepts someone else's word. IBC is a light-client protocol; each connected chain verifies the other's consensus onchain, block by block. When IBC has had bugs, they've been in the verification code itself — which is out in the open, auditable, and patchable. For validators and DVNs, where the compromise is in the behavior of offchain signers, you usually don't see it until the funds are gone.

That asymmetry is why Cosmos has been slowly winning the argument on design even as it lost the market on distribution. Bitcoin crossed over to Cosmos without a wrapper when Nomic kicked off native Bitcoin bridging, and that system still works, last time I checked, despite team neglect and an evaporating use case.

The Ethereum rollup world could have imported this primitive.

Hashi-EEZ

Which brings us to the Hashi Alliance. The organization's public charter on GitHub reads like a direct response to four years of Blockworks bridge coverage: "Building the foundation for a better cross-chain future, relying on open standards, shared ownership & no vendor lock-ins."

Hashi, rather than a single bridge, is more like an aggregator with an opinion: if a destination chain has to trust some external attestation, make it trust several of them independently, each using a different verification method. That way, no single compromised oracle, multisig, or optimistic relayer can cause a forged message to pass muster.

So we find things like a Hashi DVN adapter for LayerZero, a module that lets a (Gnosis) Safe be controlled via Hashi-verified cross-chain calls, and an SP1 storage-proof verifier.

Sadly, after pings to the Hashi Early Builder’s Telegram group went unanswered, I learned from the group’s owner, Thomas Bertani, that Hashi has been discontinued by Gnosis.

According to Gnosis co-founder Friederike Ernst, the thesis remains sound, but checking multiple bridges in parallel carries two practical costs: latency is capped by the slowest verifier in the set, and gas has to be paid across all of them. Rather than pile on redundancy, Ernst would rather rethink the design.

A new proposal called the Ethereum Economic Zone (EEZ) would enable synchronous cross-chain execution. That means assets and state can be touched across networks inside a single transaction. That in turn makes bridging far less relevant.

The lesson Blockworks’ archive has been quietly accumulating since 2022 is that the bridges that break are the ones that ask users to trust a single attesting party — whether a federation, a multisig, an oracle pair, or a lone DVN. The ideal is one where the destination chain verifies the source chain itself. A third way is the Hashi Alliance approach, that Ethereum's rollup ecosystem can get close enough by stacking independent verifiers from across the existing message-passing options so that the trust assumption approaches the IBC baseline.

Or with EEZ, when a transfer is genuinely needed, native bridges can settle within that same transaction. The incentive to reach for a faster third-party bridge largely disappears.

The LayerZero/KelpDAO incident is a good reminder that a bridge's real security is whatever the weakest path through its verifier set happens to be on a given Saturday morning. The only nearly flawless record in production, for now, belongs to the one bridge protocol that never called itself one.