BTC $- · ETH $- · SOL $- · BNB $- · XRP $- · DOGE $- · TON $- · ADA $- · AVAX $- · LINK $- · SUI $- · TRX $- · gas - gwei degen 85/100

~/defi/bridges $ cat ronin-wormhole-nomad-uroki.md

defi Bridges and Cross-Chains ·June 27, 2026

Ronin, Wormhole, Nomad: Three Mega Bridge Heists and the Lessons They Taught Us

the crptch team · analytics desk · 2 reading time

2022-the year of the bridges: three heists, three different attack vectors, totaling one billion dollars. Perfect case study material.

Ronin (~$620 million): keys

The Axie Infinity bridge was validated by 9 validators, with a threshold of 5 signatures. Lazarus obtained 4 Sky Mavis keys plus the key of a “third-party” validator who had delegated their rights to the same team. Five signatures were collected-the funds were withdrawn. Lesson: A key committee is only as independent as its members actually are.

Wormhole (~$320 million): Code

A signature verification bug allowed an attacker to “prove” a nonexistent deposit and mint 120,000 wETH out of thin air. Jump Capital closed the loophole, saving the collateral backing the receipts. Lesson: A single line of cross-chain code holds hundreds of millions; a receipt without a vault is worth nothing.

Nomad (~$190 million): the crowd

An initialization error validated a “proof” consisting of zeros-and the first-ever crowdsourced heist began: hundreds of addresses copied the pioneer’s transaction, changing only the recipient’s address. Lesson: An exploit can be accessible to any passerby-the team’s response time is everything.

The overall takeaway for users remains the same: a bridge is a transit point, not a storage solution; a wrapped asset is a receipt for a treasure chest that gets robbed more often than any other storage solution in the industry.

$ grep --tags: #ronin взлом#wormhole эксплойт#nomad bridge что случилось

✓ track record