Bridged Asset

Multichain facilitated the creation of numerous bridged assets (e.g., anyUSDC, anyETH) across dozens of blockchains via a liquidity network model. These were non-canonical assets, meaning they were distinct tokens from their originals, created by locking assets in a source chain vault and minting on a destination chain.

• Bridge Type: Liquidity network, non-canonical.
• Key Mechanism: Liquidity pools on connected chains.
• Primary Use: Fast, decentralized transfers between heterogeneous chains.

The security model of a bridged asset is defined by its underlying bridge mechanism. Custodial bridges rely on a single entity or federation to hold the locked assets, creating a central point of failure. Trustless bridges (or decentralized bridges) use smart contracts and cryptographic proofs (like light clients or optimistic verification) to secure transfers, removing the need for a trusted third party. The choice fundamentally impacts the asset's counterparty risk.

The smart contracts that mint and manage bridged tokens are a primary attack surface. Vulnerabilities can lead to catastrophic loss of funds. Key risks include:

• Logic bugs: Flaws in the mint/burn or pause mechanisms.
• Upgradability: Admin keys with excessive privileges can be compromised or act maliciously.
• Oracle failures: Bridges relying on external data feeds for consensus are vulnerable to manipulation. Major exploits like the Wormhole ($325M) and Ronin Bridge ($625M) hacks originated from compromised bridge contracts.

A bridged asset is typically a wrapped token (e.g., WBTC, WETH) on the destination chain. Its value is entirely dependent on the integrity of the bridge's collateralization. If the bridge's reserve of native assets is depleted, stolen, or frozen, the wrapped tokens become worthless. Users must verify the bridge's proof-of-reserves and redemption guarantees. This creates asset-backed security risk distinct from the underlying blockchain's security.

Many bridges use a multi-signature scheme or a set of external validators/oracles to attest to cross-chain events. This introduces consensus risk:

• If a majority of signers are compromised (via hacking or collusion), they can authorize fraudulent withdrawals.
• Liveness attacks can freeze assets if validators go offline. This model shifts security from the robust consensus of Layer 1 blockchains (e.g., Ethereum's PoS) to a smaller, often less battle-tested set of actors.

Bridged assets can suffer from fragmented liquidity across multiple bridge versions (e.g., USDC.e vs. native USDC). This impacts security by:

• Reducing capital efficiency and increasing slippage.
• Creating confusion that can be exploited in phishing attacks.
• Making the ecosystem reliant on specific bridge liquidity pools, which themselves can be hacked (e.g., liquidity pool exploits on decentralized exchanges).

Large-scale bridge failures pose systemic risk to the broader DeFi ecosystem. A major de-pegging or hack of a widely used bridged stablecoin can trigger cascading liquidations across lending protocols. Furthermore, bridges can become centralized choke points for censorship or regulatory action, as seen with sanctioned Tornado Cash assets on bridges. This introduces sovereign risk not present with fully decentralized native assets.

The most common bridging model where the native asset is locked in a smart contract or custodian on the source chain, and a corresponding wrapped token is minted on the destination chain. This process is custodial if a trusted entity holds the lockbox or non-custodial if secured by a decentralized validator set. The minted token (e.g., Wrapped Bitcoin (WBTC) on Ethereum) is a 1:1 representation of the locked asset.

A model where the bridged asset on the source chain is burned (destroyed), and an equivalent amount is minted on the destination chain. This is often used by native cross-chain protocols (e.g., Wormhole, LayerZero) where the asset is canonical on both chains. This approach avoids the need for a permanent lockbox but requires a secure, decentralized messaging layer to coordinate the burn and mint events across chains.

Some bridges use liquidity pools on both chains instead of locking assets. Users deposit an asset into a pool on Chain A and withdraw from a corresponding pool on Chain B. This model, used by liquidity network bridges, does not create a 1:1 wrapped asset but rather facilitates swaps. It introduces bridge-specific liquidity risk and potential slippage, but enables faster, more flexible transfers.

Bridged asset security is defined by its underlying bridge's trust assumptions.

• Trusted/Custodial: Relies on a single entity or multi-sig. High counterparty risk.
• Federated: A committee of known entities validates transfers. Risk of collusion.
• Trustless/Decentralized: Uses the destination chain's native validators (e.g., light clients) or an external proof-of-stake validator set. Highest security but more complex. The primary risk is the bridge contract being compromised, which can lead to the minting of unbacked tokens.

A canonical bridged asset is the official, recognized representation of the original asset on a foreign chain, often backed by its native protocol (e.g., Wormhole-wrapped ETH). A non-canonical asset is a wrapped version created by a specific bridge (e.g., Multichain's anyETH). Canonical assets have higher composability and safety, as DeFi protocols standardize their integration. Non-canonical assets create fragmentation and can become worthless if their specific bridge fails.

Bridged assets are fundamental for cross-chain DeFi, enabling liquidity to flow between ecosystems. Key uses include:

• Yield Farming: Using bridged BTC to earn yield on Ethereum DeFi protocols.
• Collateral: Posting bridged assets as collateral for loans or minting stablecoins.
• Governance: Participating in DAO votes on a chain different from the asset's origin. They are essential infrastructure but introduce systemic risk, as seen in major bridge hacks like Wormhole ($325M) and Ronin ($625M).

A canonical bridge mechanism where the original asset is locked in a smart contract on the source chain, and a wrapped representation is minted on the destination chain. This is the most common model for official, native bridges like the Polygon PoS Bridge or Arbitrum Bridge.

• Process: User deposits asset A on Chain 1, a verifier validates the deposit, and asset A' is minted on Chain 2.
• Key Feature: The original asset remains securely custodied, and the bridged version can typically be burned to redeem the original.

A bridge model that uses liquidity pools on both chains instead of locking the original asset. Also known as a liquidity bridge or pool-based bridge. Users swap assets via these pools, facilitated by relayers.

• Process: A user swaps asset A on Chain 1 for asset A' on Chain 2 from a pre-funded liquidity pool.
• Examples: Prominent implementations include Hop Protocol and Across.
• Advantage: Often faster for transfers between L2s, as it doesn't require waiting for L1 finality for the mint/burn cycle.

The token standard for representing a bridged asset on a non-native chain. It is a smart contract that tracks the locked collateral and grants ownership rights.

• Standards: On Ethereum and EVM-compatible chains, this is typically an ERC-20 token (e.g., wBTC, wETH).
• Function: The wToken contract manages minting (upon deposit/bridge) and burning (upon withdrawal/redeem).
• Critical Distinction: Not all wrapped tokens are bridged assets (e.g., wETH on Ethereum is a wrapper, not a bridge), but all canonical bridged assets are wrapped tokens on the destination chain.

The trust assumptions and validation mechanism that secure the bridge and the assets it custodies. This is the primary differentiator between bridge types and their associated risks.

• Trusted (Federated): Relies on a multisig council or known federation of validators. Higher speed, but introduces counterparty risk. Example: Multichain (formerly Anyswap).
• Trust-Minimized: Uses the underlying blockchain's cryptoeconomic security (e.g., light clients, fraud proofs, zero-knowledge proofs). More secure but complex. Example: IBC (Inter-Blockchain Communication).
• Risk: Bridge hacks often target the security model's weakest link, such as validator private keys or smart contract bugs.

A fundamental distinction based on whether the bridge is the official, sanctioned issuance path for an asset on a foreign chain.

• Canonical Bridge: The official bridge, often built or endorsed by the destination chain's core team. The bridged asset (e.g., USDC.e on Arbitrum) is recognized by the chain's native DeFi ecosystem. It is the primary liquidity source.
• Non-Canonical (Third-Party) Bridge: A bridge built by an independent project. It creates a competing, non-native representation of the same asset (e.g., USDC via a third-party bridge). This leads to fragmented liquidity (e.g., USDC vs. USDC.e) and potential de-pegging risks if the bridge is compromised.

The underlying protocol that enables bridges to communicate state changes (like a deposit) between two distinct blockchains. The bridge asset is a specific application of this general capability.

• Core Function: Reliably pass a message (e.g., "User X deposited 1 ETH") from Chain A to Chain B.
• Protocols: This is implemented by layers like Chainlink CCIP, LayerZero, Wormhole, and Axelar.
• Expanded Use: While used for asset bridging, this primitive also enables cross-chain smart contract calls, governance, and oracle data transfer, forming the backbone of the omnichain vision.