A trusted bridge (also known as a federated bridge or custodial bridge) is a type of blockchain bridge where users must trust a third-party entity or a predefined committee to hold and manage the assets being transferred. This stands in contrast to trustless bridges, which rely on cryptographic proofs and the underlying blockchains' security. In a trusted model, the bridge operators have custody of the locked assets on the source chain and mint the corresponding assets on the destination chain. This centralization creates a single point of failure and introduces counterparty risk, as users rely on the honesty and security of the bridge operators.
LABS
Glossary
Trusted Bridge
A trusted bridge is a cross-chain bridge whose security depends on the honesty of a centralized entity or a federated multisig of known validators.
Chainscore © 2026
definition
BLOCKCHAIN INTEROPERABILITY
What is a Trusted Bridge?
A trusted bridge is a cross-chain bridge that relies on a centralized or federated set of validators to secure asset transfers between blockchains.
The operational model typically involves a multisig wallet or a federated consensus mechanism among a known group of validators. For example, when a user locks 10 ETH on Ethereum, the bridge's validators observe this event, reach consensus off-chain, and then mint 10 wrapped ETH (wETH) on a chain like Polygon. The security of the entire bridge's asset pool is only as strong as the security practices and integrity of these validators. Many early bridges, such as the Wrapped Bitcoin (WBTC) system on Ethereum, operate on this trusted, permissioned model where a consortium of institutions manages the custodial reserves.
The primary advantage of a trusted bridge is often simplicity and efficiency. Transactions can be faster and cheaper to process because they don't require complex on-chain verification of state proofs. However, the significant trade-off is security risk. Historical exploits, like the $625 million Ronin Bridge hack in 2022, underscore the vulnerability of centralized validator sets. These bridges are susceptible to collusion, private key compromise, or regulatory seizure of the custodial assets, making them a less desirable option for large, trust-minimized value transfers.
When evaluating cross-chain solutions, understanding the trust model is critical. Developers and users must assess whether the convenience of a trusted bridge outweighs the inherent risks of custodianship. For high-value or institutional transfers, trustless alternatives using light clients or zero-knowledge proofs are increasingly preferred. Nevertheless, trusted bridges remain prevalent for specific asset wrappings (like WBTC) and in ecosystems where speed and low cost are prioritized over decentralized security guarantees.
how-it-works
CUSTODIAL BRIDGE
How a Trusted Bridge Works
A trusted bridge is a cross-chain bridge where users must rely on a central entity or federation to custody their assets and validate transactions between blockchains.
A trusted bridge, also known as a custodial bridge, operates on a centralized trust model where a single entity or a select group of validators controls the assets locked on the source chain and mints corresponding assets on the destination chain. This central custodian is responsible for verifying and relaying transaction proofs, making the bridge's security and availability entirely dependent on the honesty and operational integrity of that custodian. Users effectively delegate custody of their funds to this intermediary, which introduces counterparty risk—the risk that the custodian could act maliciously, become compromised, or suffer technical failure.
The operational mechanics typically involve a lock-and-mint or burn-and-mint process. In a lock-and-mint system, a user sends assets to a smart contract or a custodian-controlled address on the source chain (e.g., Ethereum). The custodian verifies this deposit and then mints a wrapped asset (e.g., a bridged ETH token) on the destination chain (e.g., Binance Smart Chain). To reverse the process, the user burns the wrapped token, and the custodian releases the original asset from the source chain vault. The custodian's private keys are the ultimate authority for authorizing these mints and releases.
Trusted bridges are often contrasted with their decentralized counterparts, trustless bridges, which use cryptographic proofs and decentralized validator networks to eliminate the need for a trusted third party. While trusted bridges are generally faster to build and can offer lower transaction fees due to simpler architecture, their security model is considered weaker. The central point of control creates a single point of failure, making the bridge a prime target for hacks, fraud, or regulatory action. Examples of this model include many early blockchain bridges and those operated by centralized exchanges for cross-chain transfers.
For developers and users, the choice to use a trusted bridge involves a clear trade-off between convenience and security. It is suitable for transferring assets where maximum decentralization is not a priority, speed is critical, and the custodian has a strong, verifiable reputation. However, for significant value transfers or DeFi applications requiring strong security guarantees, a trustless bridge model is generally preferred to mitigate the risks of custodial failure or malfeasance.
key-features
ARCHITECTURE
Key Features of a Trusted Bridge
A trusted bridge relies on a centralized entity or federation to validate and facilitate cross-chain transactions. Its security model is based on the trustworthiness of these operators rather than cryptographic or economic guarantees.
01
Centralized Custody
Assets moving across a trusted bridge are typically custodied by the bridge operator or a designated multi-signature wallet. Users must trust this entity to hold and release funds correctly on the destination chain. This is the core trade-off: convenience and speed are prioritized over decentralization and censorship resistance.
02
Permissioned Validator Set
Transaction validity is determined by a known, permissioned set of validators or federators. These are often companies or organizations selected by the bridge operator. Consensus (e.g., a 2/3 majority) among these entities is required to authorize a transfer, making their honesty and security critical.
03
Off-Chain Verification
The bridge's security logic and validation occur off-chain. Validators monitor the source chain, agree on the validity of a deposit event, and then collectively sign a message authorizing the minting or release of assets on the destination chain. The on-chain component is often just a simple contract that executes based on these signed approvals.
04
Fast Finality & Low Cost
Because validation is performed off-chain by a small, coordinated group, transactions are typically fast and have low fees. There is no need to wait for cryptographic proofs (like Merkle proofs) to be generated or for lengthy dispute periods, as with trustless bridges.
05
Single Point of Failure
The centralized custodian or validator set represents a single point of failure. Risks include:
- Insider Attack: Malicious collusion among validators.
- External Compromise: Hack of the validator private keys or custodian hot wallet.
- Censorship: The operator can arbitrarily freeze or reject transactions.
06
Common Examples
Trusted bridges are prevalent for wrapping major assets (e.g., wBTC, wETH on other chains) and in early-stage ecosystems. Examples include:
- Wrapped Bitcoin (wBTC): Custodied by a centralized entity (BitGo).
- Multichain (formerly Anyswap): Used a federated MPC model.
- Polygon PoS Bridge: Relies on a set of trusted validators (Heimdall).
examples
CASE STUDIES
Examples of Trusted Bridges
Trusted bridges, also known as federated or custodial bridges, are operated by a defined set of validators or a single entity. These are some prominent examples that have facilitated significant cross-chain value transfer.
04
Multichain (formerly Anyswap)
Originally launched as a decentralized cross-chain router, Multichain evolved to use a SMPC (Secure Multi-Party Computation) network of federated nodes. While more decentralized than a single custodian, the bridge's security model still requires users to trust the federated node set to honestly manage locked assets. It supported a vast array of chains before its operational issues.
80+
Supported Chains
06
Arbitrum Native Bridge
The canonical bridge for the Arbitrum rollup uses an optimistic security model that ultimately falls back to Ethereum for disputes. However, for deposits and fast withdrawals, it incorporates trusted components like a centralized sequencer for fast message relay. Users must trust these components for liveness and correct execution, classifying it as a hybrid trusted bridge for certain functions.
security-considerations
TRUSTED BRIDGE
Security Considerations & Risks
A trusted bridge is a cross-chain bridge that relies on a centralized entity or a permissioned set of validators to secure asset transfers, introducing counterparty risk and single points of failure.
01
Centralized Custody Risk
The primary risk is custodial risk. A trusted bridge holds user funds in a centralized wallet or multi-signature contract controlled by its operators. This creates a single point of failure; if the operator's private keys are compromised, lost, or if the operator acts maliciously, all user funds can be stolen or frozen. This is the core distinction from trust-minimized bridges that use cryptographic proofs.
02
Validator Set Compromise
Many trusted bridges use a permissioned validator set (e.g., a federation) to approve transactions. Security depends entirely on the honesty of these validators. Risks include:
- Collusion: If a majority of validators collude, they can approve fraudulent withdrawals.
- Regulatory Action: Validators in a specific jurisdiction can be compelled to censor or freeze transactions.
- Technical Failure: A bug in the validator software or infrastructure can halt the bridge.
03
Upgradeability & Admin Keys
Trusted bridge contracts typically have upgradeable proxies controlled by admin keys. While useful for patching bugs, this power allows the admin to:
- Pause all operations, freezing funds.
- Upgrade the logic to a malicious contract that drains funds.
- Change critical parameters like fees or validator sets without user consent. Users must trust the admin's ongoing benevolence and operational security.
04
Economic & Liquidity Risks
These bridges often face liquidity fragmentation. They may mint wrapped assets (e.g., wBTC) that are only as valuable as the underlying collateral held by the custodian. If the custodian becomes insolvent or the bridge is hacked, the wrapped assets can depeg. Furthermore, the bridge's economic security is not cryptoeconomically enforced; it relies on legal agreements and the reputation of the central entity.
05
Historical Exploits & Examples
Major bridge hacks have predominantly targeted trusted or semi-trusted models, highlighting these risks:
- Ronin Bridge (2022): $625M stolen via compromise of 5 out of 9 validator private keys.
- Poly Network (2021): $611M exploited due to a vulnerability in keeper management logic.
- Wormhole (2022): $326M stolen due to a signature verification flaw in its guardian network. These events underscore the catastrophic impact of validator/key compromise.
06
Mitigation & Trust Assumptions
Users must clearly assess the trust assumptions. Key questions include:
- Who controls the keys/custody?
- What is the legal jurisdiction and recourse?
- Is the validator set transparent and reputable?
- Is the code audited and open-source? While convenient, using a trusted bridge requires placing faith in the operator's security practices and integrity, accepting risks akin to traditional finance.
CUSTODIAL VS. NON-CUSTODIAL
Trusted vs. Trustless Bridge Comparison
A technical comparison of the core architectural and security models for cross-chain asset transfers.
| Feature / Metric | Trusted (Custodial) Bridge | Trustless (Non-Custodial) Bridge |
|---|---|---|
Custody of Assets | Centralized entity or multi-sig committee | Locked in on-chain smart contracts |
Trust Assumption | Trust in the bridge operator(s) | Trust in the underlying blockchain cryptography |
Security Model | External, off-chain validators | Cryptoeconomic, on-chain proofs |
Typical Withdrawal Latency | 5 min - 2 hours | 10 min - 7 days (varies by finality) |
User Risk Profile | Counterparty and censorship risk | Smart contract and protocol risk |
Decentralization | ||
Example Protocols | Binance Bridge, Multichain | Across, Hop, Stargate |
ecosystem-usage
TRUSTED BRIDGE
Ecosystem Usage & Context
Trusted bridges are critical infrastructure for cross-chain asset transfers, relying on a designated set of validators or a centralized entity to secure the connection. Their usage is defined by trade-offs between speed, cost, and security assumptions.
03
Speed vs. Security Trade-off
Trusted bridges prioritize finality speed and low transaction costs over decentralized security.
- Fast Withdrawals: They provide near-instant confirmation because they don't wait for source chain finality; they rely on their validators' attestations.
- Cost Efficiency: Operating off-chain with a known validator set reduces gas costs compared to cryptographic verification on-chain.
- Security Model: This creates a custodial risk; users are protected only by the bridge operators' honesty and security practices, not cryptographic guarantees.
04
Regulatory & Institutional Context
Often the only compliant option for regulated entities. Institutions and certain jurisdictions require identifiable, licensed custodians.
- KYC/AML: Trusted bridge operators can implement identity verification and transaction monitoring to comply with financial regulations.
- Insurance: Custodied assets may be covered by traditional insurance policies, a feature not available with trustless bridges.
- Use Case: Used for tokenized real-world assets (RWA) and large-scale institutional transfers where legal recourse is required.
05
Canonical Bridge for New L2s
Many Layer 2 rollups (Optimism, Arbitrum) launch with an official, trusted bridge managed by the core development team.
- Purpose: To bootstrap initial liquidity and provide a secure, vetted pathway for users during the network's early stages.
- Evolution: These often have a roadmap to progressively decentralize the validator set or upgrade to a more trust-minimized design.
- Example: The initial Arbitrum One bridge was operated by a whitelisted set of validators before further decentralization.
06
Risk Profile & Historical Incidents
The centralized trust model has led to major exploits, highlighting its systemic risk.
- Validator Compromise: If a majority of bridge validators are hacked or act maliciously, all locked funds can be stolen.
- Key Examples: The Wormhole hack ($325M) and Ronin Bridge hack ($625M) exploited vulnerabilities in the multi-signature validator sets.
- Mitigation: Relies on off-chain security audits, operational security for validators, and often pause mechanisms that can freeze funds in an emergency.
TRUSTED BRIDGES
Common Misconceptions
Trusted bridges are a foundational but often misunderstood component of blockchain interoperability. This section clarifies their core mechanisms, security assumptions, and how they differ from other bridge designs.
A trusted bridge (or custodial bridge) is a cross-chain interoperability protocol that relies on a centralized entity or a permissioned set of validators to secure the transfer of assets and data between blockchains. It works by users depositing assets (e.g., ETH) into a smart contract on the source chain, which are then custodied by the bridge operator. The operator mints a corresponding wrapped asset (e.g., wETH) on the destination chain. The security of the entire system depends entirely on the trustworthiness and operational integrity of this central party, making it a single point of failure.
TRUSTED BRIDGE
Frequently Asked Questions
Trusted bridges are a foundational method for transferring assets between blockchains, but they introduce specific security assumptions. These FAQs address their core mechanisms, risks, and alternatives.
A trusted bridge is a cross-chain bridge where the security of asset transfers depends on a centralized entity or a permissioned set of validators, known as a federation. It works by locking or burning assets on the source chain and minting equivalent wrapped assets on the destination chain, with the bridge operator's multisig or validator set controlling the process. Users must trust this central authority to hold the locked collateral honestly and to correctly validate and execute transactions. This model contrasts with trustless or trust-minimized bridges, which rely on cryptographic proofs and decentralized networks for security.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall