Why cross-chain bridges keep getting drained

Between 2021 and 2023, cross-chain bridges lost over $2.5 billion to exploits. Not because the blockchain technology was wrong. Because the trust models were. Most bridge architectures concentrate trust in one or two contracts that, if compromised, hand an attacker complete control over both the source and destination sides of every transfer in flight.

The Ronin Bridge ($625M, March 2022) was drained when an attacker compromised 5 of 9 validator private keys, signed fraudulent withdrawal transactions, and extracted funds before anyone noticed. The Wormhole exploit ($320M, February 2022) exploited a signature verification bug that let an attacker fake guardian approvals. In both cases, the single layer of trust wasn't enough.

This is day 12 of the 28-day Chainlink architecture series and the start of Week 3, the CCIP deep dive. Today covers the onchain architecture specifically: the Router, OnRamp, OffRamp, Token Pools, Fee Quoter, Token Admin Registry, and RMN Contract. The offchain components (the Role DON, Committing and Executing OCR plugins, and the Risk Management Network) come tomorrow. Understanding the onchain layer first is the right sequence because the contracts define the security surface, and every audit starts with the contracts.