Author: Sandeep
Translated by: Jiahuan, ChainCatcher
This weekend has been nerve-wracking. Three cross-chain bridge security incidents occurred within three weeks. Rather than obsessing over the specifics of any single attack, I’ve spent these days reflecting more deeply on the underlying patterns common to all these events.
- Drift on April 1: $285 million lost.
- Polkadot Hyperbridge on April 13: A single replay proof minted 1 billion unsupported tokens; had the target chain’s liquidity not already been extremely thin, losses would have far exceeded this figure.
- KelpDAO on April 18: $292 million lost.
Before these, there were Wormhole, Ronin, Harmony, BNB Bridge, Nomad, and Multichain.
First and foremost, I want to extend full respect to every team that responded proactively during this high-pressure weekend. I have no intention of piling on while anyone is managing an emergency. We’ve all been in similar situations—and the teams currently shipping patches are working incredibly hard. Kelp’s emergency multisig pause successfully blocked two subsequent attempts to drain assets, preventing an additional $200 million in losses.
What I’d like to emphasize here is that what happened this weekend is not merely a Kelp issue. It stems from a design choice the entire industry has long embraced. Today, most cryptocurrency cross-chain infrastructure still operates like a notary office. Whether you call it a DVN, a relayer set, an oracle committee, or a multisig, the essence remains the same: a small committee monitors activity on one chain and attests to it on another. Once that committee—or the underlying price feeds it relies upon—is compromised, the notary will endorse falsehoods without hesitation.
Protocol names change, but the trust assumptions remain unchanged. @moo9000 gave it the most fitting name: MultisigFi. That label hits the nail on the head. Regardless of what you call the underlying committee, the trust model is identical—and the events of the past three weeks painfully illustrate how catastrophically this model collapses at scale.
A recent Dune data scan of active LayerZero applications found that 47% run on a 1/1 validator configuration, 45% on a 2/2 configuration, and fewer than 5% adopt stronger security configurations. This means that for roughly nine out of ten cross-chain applications currently in production, just one or two compromised signers constitute the entire security barrier standing between users’ funds and attackers.
Five years ago, this might have been a passable default security setting. At that time, cross-chain bridges moved only millions of dollars—and nobody was probing them at industrial scale. But in 2026, it’s utterly indefensible. The same design now moves billions of dollars! And AI-assisted tools are continuously discovering operational misconfigurations at machine speed. The attack surface has expanded exponentially—while the security model has stood still.
Let me be clear: This is not an article designed to pit Polygon against everyone else. Years ago, we ourselves built early versions of this trust assumption into our own products. We learned from those experiences—and so did the broader industry. Along the way, some of us continued building under the committee model; others bet their entire companies on ZK (zero-knowledge proofs). Our ZK bet is no empty talk: In July 2024, we launched ZK proofs for the Agglayer bridge—and they’ve been in production for over a year, settling massive volumes of cross-chain transactions daily.
Frankly, what happened this weekend only further strengthens my conviction in this argument. ZK proofs take over the work previously done by committees. They function like tiny cryptographic receipts—proving that a given computation was executed correctly—and any machine on Earth can verify them in milliseconds. Either the proof checks out and the transfer settles, or the mathematical verification fails and the assets remain untouched. No operator can be bribed, no RPC can be poisoned, no quorum needs coordination—and no one has to sit in a room at 3 a.m. on Saturday deciding whether your money is safe. On top of that, we call it:
[ChainCatcher]
Cross-Chain Bridge Vulnerabilities Expose Systemic Flaws in Crypto Infrastructure
The recent spate of cross-chain bridge security incidents represents not just isolated failures but a fundamental crisis in how the crypto industry approaches trust and security in multi-chain environments. Sandeep’s reflections, following the $292 million KelpDAO breach, cut to the core of what has become an unacceptable status quo in cross-chain infrastructure.
The MultisigFi Paradigm: A House of Cards
Sandeep’s characterization of current cross-chain infrastructure as “MultisigFi” is painfully accurate. The reliance on small committees—whether DVNs, relayer sets, oracle committees, or multisigs—creates single points of failure that are increasingly being exploited at scale. The data revealing that 92% of cross-chain applications rely on 1/1 or 2/2 validator configurations is particularly damning. In an era where bridge security should be evolving to match the billions at stake, these configurations represent security practices that were arguably acceptable five years ago but are now criminally negligent.
The economic incentives are misaligned. As bridges handle more value, they become juicier targets, yet security models haven’t scaled accordingly. The Polkadot Hyperbridge incident, where 1 billion unsupported tokens were minted due to thin liquidity on the target chain, illustrates how even sophisticated systems can fail spectacularly when assumptions about market conditions prove incorrect.
Market Impact and Token Price Implications
These repeated breaches are eroding confidence in the entire cross-chain ecosystem. We’re seeing a flight to quality, where:
- Projects with robust ZK-based infrastructure (like Polygon’s Agglayer) are gaining relative strength
- Token prices of projects with “MultisigFi” architectures are facing increased downward pressure as security concerns mount
- Risk premiums are being factored into valuations for cross-chain dependent projects
The most immediate impact is on liquidity. As seen in the KelpDAO case, where the emergency multisig prevented an additional $200 million in losses, the market is becoming increasingly sensitive to any indication of vulnerability. This creates a vicious cycle where security incidents beget liquidity crises, which in turn make the remaining assets more vulnerable to secondary attacks.
Investment Opportunities in the Wake of Systemic Failure
From an investment perspective, these incidents are creating a bifurcation in the market that presents opportunities:
-
ZK Infrastructure Projects: Polygon’s successful implementation of ZK proofs for over a year demonstrates the viability of this approach. Projects building with zero-knowledge proofs as their foundation are positioned to capture market share from less secure alternatives. The mathematical certainty of ZK proofs removes the human element that continues to fail in committee-based systems.
-
Security-First Middleware: Companies providing security audits, monitoring, and incident response for cross-chain infrastructure will see increased demand. The KelpDAO team’s successful response blocking secondary attempts highlights the value of prepared security measures.
-
Decentralized Oracles: Projects moving beyond simple multisig models to more sophisticated decentralized oracle networks with economic incentives and slashing mechanisms may outperform their less secure counterparts.
Risks That Cannot Be Ignored
The current situation presents several systemic risks that investors must carefully navigate:
-
Contagion Risk: As bridges become more interconnected, a failure in one system can rapidly propagate through the ecosystem, potentially causing cascading failures across multiple chains.
-
Regulatory Backlash: Each major security incident increases the likelihood of regulatory intervention. Regulators are increasingly looking at bridge infrastructure as potential points of systemic risk.
-
Insurance Market Disruption: As losses mount, insurance providers may become more restrictive or expensive to obtain, creating additional friction for cross-chain activities.
-
User Exodus: If confidence in cross-chain infrastructure continues to erode, we may see a return to siloed ecosystems, undermining the core value proposition of interoperability.
The Path Forward: Beyond Notary Offices
Sandeep’s argument for ZK proofs represents the most viable path forward, but it’s not without challenges. ZK technology, while mathematically sound, faces:
- High computational costs
- Implementation complexity
- Verification latency for certain operations
However, these are engineering challenges, not fundamental limitations. The alternative—continuing with “MultisigFi” models that have repeatedly proven catastrophically inadequate—is not a sustainable position. As bridges handle increasingly valuable assets and AI-assisted attacks become more sophisticated, the gap between ZK-based and committee-based security will only widen.
The crypto industry has reached an inflection point where security can no longer be an afterthought but must be the foundation of cross-chain infrastructure. Projects that recognize this and invest in robust security models will not only protect user funds but will capture market share from those that continue to rely on increasingly fragile committee-based approaches.
The question is no longer whether these “notary office” models will fail, but when and how spectacularly. For investors, the writing is on the wall: the future belongs to those who build with cryptographic certainty, not committees.