Cross-Chain Depeg

The most common trigger, where a bridge's liquidity pool on the destination chain cannot meet redemption demand. This creates a supply/demand imbalance.

• Minting Imbalance: More assets are minted on Chain B than are locked on Chain A, creating excess supply.
• Redemption Pressure: A surge in users burning the bridged asset to withdraw the native asset can deplete the bridge's liquidity reserves, causing the bridged asset to trade at a discount.

A security breach or critical bug in the bridge's smart contracts can directly cause a depeg by compromising the 1:1 collateral backing.

• Funds Theft: If assets are stolen from the vault on the source chain, the bridged tokens become undercollateralized.
• Mint Function Exploit: An attacker could mint unlimited bridged tokens without locking collateral, instantly devaluing the asset.
• Example: The 2022 Wormhole bridge exploit, where 120k wETH was minted without collateral, required a bailout to re-peg.

Bridges relying on oracles for price feeds or state verification are vulnerable to data corruption, leading to incorrect minting or burning.

• Price Feed Attack: Manipulating the oracle reporting the locked asset's value can allow an attacker to mint more bridged tokens than allowed.
• State Verification Failure: If an oracle incorrectly attests that assets are locked, it enables unauthorized minting on the destination chain, diluting the pool.

For bridges using a multi-signature or federated model, malicious action or technical failure by the validating nodes can trigger a depeg.

• Collusion: If a supermajority of validators collude, they can steal locked funds or mint unauthorized tokens.
• Liveness Failure: Network partitions or downtime can prevent users from redeeming assets, causing the bridged token to trade at a discount until operations resume.

Even with functional bridges, high costs and delays in the arbitrage loop can sustain a depeg. The arbitrage cycle (buy cheap bridged asset -> burn it -> bridge native asset back -> sell) must be fast and cheap to correct price deviations.

• High Gas Fees: Can make small arbitrage opportunities unprofitable.
• Long Withdrawal Delays: Bridges with slow challenge periods (e.g., 7 days) prevent arbitrageurs from quickly correcting the peg, allowing the discount to persist.

A depeg can be triggered by issues on the native asset's blockchain, not the bridge itself. If the source chain experiences severe congestion, a halt, or a consensus failure, the fundamental value and redeemability of the locked collateral come into question.

• Redeemability Risk: Users may discount the bridged asset if they believe they cannot reliably redeem it for the native asset due to source-chain problems.
• Example: During the Solana network outage in September 2021, bridged Solana assets (like wSOL on Ethereum) traded at a significant discount.

Bridged assets (e.g., USDC.e) often exist in separate, shallow liquidity pools from their canonical counterparts. During market stress, a sell-off of the bridged token can cause severe slippage and a temporary depeg, as arbitrageurs may be unable to efficiently bridge assets back to restore parity. This creates a liquidity risk distinct from the asset's inherent solvency.

• Key Concept: The depeg reflects the pool's liquidity, not necessarily the bridge's solvency, but can trigger panic and compound losses.

Bridges relying on a multisig council or a federated set of validators are vulnerable to private key compromise or collusion. An attacker controlling the required threshold can authorize fraudulent withdrawals, draining the bridge's collateral reserve on the source chain. This leaves the minted assets on the destination chain completely unbacked, causing a permanent depeg.

• Security Model: This is a trusted or federated bridge risk, contrasting with trust-minimized models using light clients.

Bugs or vulnerabilities in the bridge's smart contract code on either the source or destination chain can be exploited to drain funds. This includes reentrancy attacks, logic errors in mint/burn functions, or improper access controls. Such an exploit directly compromises the collateral backing, causing an immediate and often irreversible depeg.

• Example: The Nomad bridge hack in 2022 was caused by a faulty initialization parameter that allowed fraudulent claims.

For centrally-issued stablecoins like USDC or USDT, the canonical issuer (Circle, Tether) can blacklist or freeze addresses on their native chain (Ethereum). If a bridge's reserve address or a wrapped token contract is frozen, the bridged tokens on other chains become unredeemable, breaking the 1:1 peg. This is a centralization risk inherited from the underlying asset.

A depeg can persist due to broken arbitrage mechanics. If bridge fees are prohibitively high, transaction times are slow, or the bridge is paused during volatility, arbitrageurs cannot efficiently restore the peg. This exposes users to basis risk—the risk that the price of the bridged asset permanently diverges from its canonical version due to market microstructure issues.

Ensuring deep on-chain liquidity for the bridged asset minimizes slippage and arbitrage latency, which helps maintain the peg.

• Incentivized Pools: Protocols use liquidity mining rewards to bootstrap and sustain pools on decentralized exchanges (DEXs).
• Canonical Bridges: Encouraging use of the official, audited bridge (e.g., Arbitrum's native bridge) as the primary liquidity source, rather than third-party bridges, reduces fragmentation.

Emergency controls that can temporarily halt bridge operations in the event of suspicious activity or a detected exploit.

• Function: Allows time for investigation and mitigation without permitting further fraudulent withdrawals.
• Trade-off: Introduces centralization risk and must be governed by a sufficiently decentralized multisig or DAO to prevent abuse.