Home
News
Details

Polygon co-founder Sandeep reflects on cross-chain bridge security following recent attacks.

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
POL
$0.09781.34%
This is the logo of the coin.
DOT
$1.27664.12%
AI summary iconSummary

expand icon
Polygon co-founder Sandeep Nailwal comments on cross-chain bridge security following attacks on Drift, Polkadot Hyperbridge, and KelpDAO, which resulted in over $500 million in losses. He criticizes centralized trust models and advocates for cryptographic verification, such as ZK proofs. Polygon’s Agglayer employs ZK and a pessimistic proof mechanism to securely process $200 million in bridged transactions. On-chain data highlights the urgent need for more robust infrastructure. Sandeep urges the industry to adopt scalable, secure models instead of committee-based systems. On-chain analysis reveals recurring vulnerabilities in current cross-chain designs.

Author: Sandeep

Compiled by: Jiahuan, ChainCatcher

This weekend has been nerve-wracking. Three cross-chain bridge security incidents have occurred within three weeks. Over the past few days, I haven’t focused much on the details of any single attack; instead, I’ve been thinking about the underlying patterns behind all these events.

On April 1, Drift suffered a loss of $285 million.

On April 13, the Polkadot Hyperbridge minted one billion unsponsored tokens with a single replay attack; had the target chain’s liquidity not been so thin, the losses would have been far greater.

On April 18, KelpDAO suffered a loss of $292 million. Prior to this, there were Wormhole, Ronin, Harmony, BNB Bridge, Nomad, and Multichain.

First and foremost, I extend full respect to every team that responded proactively during this stressful weekend. I have no intention of adding insult to injury for anyone managing an emergency.

We have all been in similar situations, and the team releasing the patch is working extremely hard. Kelp’s emergency pause multisig mechanism prevented two subsequent attempts to drain assets, which would have resulted in an additional $200 million in losses.

I want to emphasize here that what happened this weekend is not just an issue with Kelp—it stems from a design choice the entire industry has been making. Most cross-chain infrastructure for cryptocurrencies today still functions like a notary public.

Whether you call it DVN, the relayer set, the oracle committee, or multisig, the essence is a small committee monitoring activities on one chain and attesting to them on another.

Once this committee or its underlying price feed data is compromised, the notary will unhesitatingly endorse lies. The protocol name may change, but the trust assumption remains unchanged.

@moo9000 gave it the most fitting name: MultisigFi.

This is a very accurate statement. Regardless of what you call the underlying committee, the trust model is the same, and the events of the past three weeks have painfully demonstrated how this model collapses when scaled.

A recent Dune data scan of active LayerZero applications found that 47% operate under a 1/1 validator configuration, 45% under a 2/2 configuration, and fewer than 5% use more robust security setups.

This means that for nine out of ten cross-chain applications currently in production, one or two compromised signers are the entire security barrier between user funds and attackers.

Five years ago, this might have been an acceptable default security setting. At that time, cross-chain bridges only transferred millions of dollars, and no one was probing them at an industrial scale.

But this makes no sense in 2026. The same design now handles billions of dollars in transfers! Meanwhile, AI-assisted tools are continuously discovering operational configuration vulnerabilities at machine speed. The attack surface has expanded exponentially, while security models have stood still.

To be clear, this is not an article meant to pit Polygon against everyone else. Many years ago, we also built early versions of this trust assumption in our own products. We learned from it, and the entire industry learned from it.

Along the way, some of us continued building under the committee model, while others bet the entire company on ZK (zero-knowledge proofs).

Our bet on ZK is not theoretical: we launched ZK proofs for the Agglayer bridge in July 2024, have been in production for over a year, and settle cross-chain transactions at scale every day. Honestly, what happened this weekend only further solidified my confidence in this thesis.

ZK proofs have taken over the work previously done by committees. They are like tiny cryptographic receipts that prove a computation was performed correctly, and any machine on Earth can verify them in milliseconds.

Either the proof is valid and the transfer is settled, or the mathematical verification fails and your assets remain untouched. No operator can be bribed, no RPC can be poisoned, no quorum needs to be coordinated, and no one will sit in a room at 3 a.m. on a Saturday deciding whether your money is safe.

On top of that is what we call the "Pessimistic Proof" (Pessimistic Proof). The simplest way to understand it is: no trust in anyone for on-chain accounting.

Each chain connected to Agglayer has a dynamic ledger recording incoming and outgoing assets, and the ledger must remain balanced before any withdrawal is finally confirmed. A chain can never withdraw more of any asset than is recorded in the ledger, regardless of the reason or whether upstream messages have been forged.

Mathematical rules do not allow this to happen. Agglayer enforces this through Succinct's SP1 proof system, which is built on Polygon Plonky3.

If the scenario from last weekend were run on an Agglayer, the pessimistic proof would immediately block withdrawals, as there are no deposit records, so funds would never be transferred.

The same accounting mechanism can also detect the infinite minting vulnerability in Wormhole, the infinite minting vulnerability in BNB Bridge, and the replay proof vulnerability in Hyperbridge.

These vulnerabilities are fundamentally different, but they all boil down to the same issue: cross-chain bridges releasing assets that have no backing on the other end. Agglayer will prevent all of these scenarios before any settlement occurs.

This isn't just theory. While a large portion of DeFi hit pause this weekend, Agglayer processed around $200 million in bridge volume without a hitch.

Katana, natively connected to Agglayer, maintained zero risk exposure throughout the event. Before the root cause was publicly disclosed, our security team suspended LayerZero integrations across the entire Polygon ecosystem, and our product and support teams worked continuously over the weekend calling institutional partners.

Nearly six years of building. $2.4 trillion settled on Polygon. 7 billion transactions. 99.99% uptime. Zero cross-chain bridge vulnerabilities on Agglayer. This is why we spent years building Agglayer—security has always come first.

I’m sharing these numbers not to boast, but because to confidently walk into an institution and tell them that cryptocurrency is ready to handle massive payment volumes, you need to present these concrete results.

Cross-chain bridges built on a committee model are cheaper and faster to develop, which is why I understand why teams choose to build them—we’ve even built early versions ourselves. But the capabilities of attackers have truly changed now.

Since 2022, the Lazarus group has been targeting these designs, and they show no signs of slowing down. AI-assisted audits can now uncover all configuration errors previously hidden beneath complex layers. These attacks will not disappear. Mathematics will eventually catch up to the committee’s shortcomings.

For the past two or three years, this industry has been settling trillions of dollars in transactions annually. We’re asking banks and payment companies to keep massive sums of money on systems that still rely on one or two signatories making the right call on a Saturday night. That’s our demand—say it out loud, and you’ll see how absurd it is.

We must do better, and we already know how.

Nevertheless, it’s important to acknowledge that LayerZero is now disabling 1/1 setups (single-signature) across the entire industry. This is the right decision, and it will make cross-chain operations significantly more secure—I fully support it. Other teams will also continue to strengthen their committee designs. This work is crucial.

But the greater shift is in the architecture. ZK proofs never tire, cannot be compromised by social engineering, and never have a bad weekend. Mathematics either holds or it doesn’t—and if it doesn’t, nothing settles.

This is the direction the industry is heading, and the pace has accelerated compared to a month ago—great news for every builder and every institution entering the chain.

This week, every team building cross-chain infrastructure should ask themselves: Do I really need a committee? Strengthening existing committees is merely a second-best solution.

Agglayer is open-source. No protocol fees. No licensing restrictions. Any team ready to transition from trusted proof mechanisms to cryptographic verification can integrate. If you're currently operating a cross-chain bridge and the events of the past three weeks have made you reconsider your trust model, please reach out to us.

This is not a moat we're hoarding—it's infrastructure that the entire industry should use.

The fate of cryptocurrency over the next decade will be decided by teams willing to tackle more complex architectures today. Cryptographic proofs are harder to build than notaries, but they won’t crash over a weekend, and they can scale to the trillions of dollars that cryptocurrency has been asked to support.

Do you want a committee or a mathematical proof? We chose the latter. We hope more people will choose the same.

After this weekend, I’m even more confident in ZK cross-chain. Tough times forge clear architectures.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.