Where Is the Real Risk in Cross-Chain Bridges?

Every bridge has risk. The question is where. When people talk about bridge security, the conversation usually jumps to "bridges got hacked." And that's true, some did, spectacularly. But treating all bridges as equally dangerous misses the point. The risk profile depends entirely on the model: what's being trusted, who controls it, and what happens when something breaks. I've spent enough time working with cross-chain stablecoins to develop a mental model for this. Here's how I think about it. Risk in Lock & Mint Canonical bridges (the lock & mint model) concentrate risk in one place: the bridge contract. When you lock 100 USDC in a bridge contract on Ethereum to mint 100 USDC.e on Arbitrum, that contract is now holding your USDC. Scale that up across thousands of users and you get a contract sitting on hundreds of millions of dollars. That's a honeypot. The attack surface is straightforward: Smart contract bugs. The bridge contract itself might have vulnerabilities. The Wormhole expl