Don't burn your bridges. Or expose them.
That line came to me on a Friday morning, reading about Gravity Bridge. $5.4 million gone on May 30, routed through Binance and ChangeNow before the incident response team had time to react. The protocol code had done its job. The signing key had not.
I have spent most of my career at the intersection of operations, technology, and risk. First in traditional banking, now in crypto risk management. The pattern I keep seeing is not a crypto pattern. It is a human pattern. And we have been writing it into post-incident reports for decades.
The weakest link is almost never the technology. It is the authorization layer. It is the person, or the key, that sits between the instruction and the execution. In crypto's case, that layer is the set of private keys that control what comes in and goes out of a cross-chain bridge.
In May 2026, bridges lost $328.6 million across eight separate exploits, according to blockchain security firm PeckShield. That number is not a one-month anomaly. It is the continuation of a trend that has been running since at least 2022, and the root cause keeps pointing back to the same structural problem: concentrated signing authority, inadequately protected.
This article is not a post-mortem on Gravity Bridge specifically. It is an attempt to understand why, four years after the Ronin hack proved the lesson at a cost of $625 million, the industry keeps paying the same tuition.
Why Bridges Are Built This Way
Cross-chain bridges exist because blockchains do not natively communicate. If you hold ETH and want to use a Solana application, or move assets between Ethereum and the Cosmos ecosystem, you need something in the middle. A bridge locks assets on one chain and mints corresponding representations on another.
The architectural challenge is that someone must hold signing authority over those locked assets. The bridge's security is only as strong as the protection around those signing keys. Compromise the keys, drain the bridge. It is that direct.
In traditional finance, this problem has a name: concentrated custody risk. It is the operational equivalent of putting your entire cash reserve in one safe, with one lock, held by one person. Every major bank that survived the last fifty years learned, usually at cost, that this is a catastrophic idea.
TradFi's answer, built up over decades of painful experience, is multi-party authorization. No single person can authorize a large transaction. Hardware security modules, known as HSMs, are tamper-resistant physical devices that hold cryptographic keys and require dual-control: at least two authorized operators to unlock. PCI standards, developed collaboratively by Visa, Mastercard, and the major card networks, mandated these controls across the payment industry. The four-corners model that underpins global card processing relies on HSM-protected keys as a foundational architectural assumption. (Thales)
These controls did not emerge from a regulatory committee's imagination. They emerged from actual theft. The wire fraud cases of the 1990s, the payment card skimming operations of the 2000s, and the SWIFT attacks of 2016, where attackers compromised Bangladesh Bank's credentials and attempted to steal $1 billion from the Federal Reserve Bank of New York, each taught the industry something specific about what happens when signing authority is inadequately controlled. Each incident produced guidance. Each set of guidance was subsequently examined and enforced.
Crypto arrived at the same structural problem as if those fifty years of hard-won lessons had never been written down.
The Ronin Lesson That Didn't Land
The Ronin bridge hack in March 2022 should have been the defining case study. Sky Mavis, the company behind the Axie Infinity gaming ecosystem, operated the Ronin bridge with nine validator nodes. Five of those nine needed to sign off on a withdrawal. That sounds like a reasonable threshold.
In practice, four of the nine validators were controlled by Sky Mavis itself, and one was held by Axie DAO, a third party granted temporary signing authority during a high-traffic period that had never had that authority revoked. An attacker, later attributed by the U.S. Treasury to North Korea's Lazarus Group, compromised five validator private keys. That was enough. 173,600 ETH and 25.5 million USDC left the bridge. Total loss: approximately $625 million. (Bank Info Security, March 2022)
The failure was not in the code. The smart contracts did exactly what they were instructed to do. The failure was in how signing authority had been distributed, retained, and never audited after the operational context changed. Axie DAO's temporary permission had become permanent by oversight. Four of the nine nodes were effectively one party. The 5-of-9 threshold, in practice, was closer to 2-of-2.
I have seen this failure mode in traditional finance. Not at this scale, but structurally identical. Someone grants emergency access during a system outage. The outage resolves. The access is never revoked. It sits there, a loaded gun, until something goes wrong. Operational hygiene around access review is unglamorous work. It does not get celebrated. It often does not get done.
The 2022 Cascade
Ronin was not the end of the 2022 bridge story. It was the beginning.
In February 2022, the Wormhole bridge was exploited for $320 million through a signature verification bug in the smart contract, a code flaw rather than a key management failure. But the scale confirmed that bridges were the industry's most exposed attack surface. (Halborn, February 2022)
In June 2022, the Harmony Horizon bridge lost $100 million to private key compromise. The attacker needed only two of five multi-signature keys. In August 2022, the Nomad bridge lost $190 million in a chaotic free-for-all: once one attacker found the exploit, others copied the transaction and drained it in parallel. Four hacks. Over $1.2 billion. A single calendar year. (LimeChain, 2022; Google/Mandiant, August 2022)
The pattern emerging from 2022 was not primarily a smart contract problem. Code bugs contributed in some cases. But the dominant failure mode was authorization: who held the keys, how many were required, and how those keys were protected operationally.
The Pattern Persists
The industry did not fix this after 2022.
In July 2023, Multichain lost $125 million. The explanation that surfaced was that the CEO held exclusive access to the bridge's MPC keys, keys that could not be recovered or rotated after he became unreachable. One person. One point of failure. $125 million gone. (DeepStrike, 2025)
In January 2024, Orbit Chain was drained of $81.5 million. Post-incident analysis pointed to compromise of its 7-of-10 multisig threshold. Not a code flaw. A key management failure. (Coindesk, January 2024)
And now, May 2026, $328.6 million across eight incidents. The Gravity Bridge exploit on May 30 is the latest in a line that stretches back four years and shows no sign of breaking.
Across all of crypto, Chainalysis recorded $3.8 billion stolen in 2022, $1.7 billion in 2023, and $2.2 billion in 2024. Bridges consistently account for a disproportionate share of those totals. They are the highest-value, most structurally vulnerable targets in the ecosystem, and the primary failure mode remains human and operational rather than technical.
Why Multisig Alone Is Not Enough
The standard defense against concentrated signing risk is multisignature authorization, requiring M of N keys to approve a transaction. Ronin had it. Orbit Chain had it. Harmony had it. None of it was sufficient.
Multisig is a necessary condition for security. It is not a sufficient one. The questions that actually matter are operational, not architectural.
How are the individual keys stored? Are they on hardware security modules or hot wallets? Are key holders geographically distributed, or all reachable in the same jurisdiction at the same time? What happens when a key holder leaves the organization? Is there a key rotation policy, and has it ever been exercised? Who reviews the list of authorized signers, and how often?
Most bridge teams document answers to these questions in a whitepaper or technical specification. Whether those answers reflect actual, practiced operational procedure is rarely audited until after the incident report.
In traditional finance, external auditors specifically examine key management procedures. The Federal Financial Institutions Examination Council guidelines in the U.S. require banks to implement dual-control and split-knowledge procedures for cryptographic key management. These are not recommendations. They are examined controls with regulatory consequences for non-compliance. Banks hold capital against operational risk losses under Basel III's Pillar 1 framework. The regulatory pressure to actually practice what is written is constant.
Crypto has no equivalent enforcement mechanism. Self-certification is the norm.
The Case for the Other Side
It would be unfair not to acknowledge what the opposing argument actually says. Some bridge architectures have genuinely improved since 2022. Threshold signature schemes and multi-party computation can eliminate the existence of a single reconstructed private key entirely: the signing operation happens across multiple parties without any one party ever holding the complete key material. This is technically superior to naive multisig.
Some bridge protocols now use MPC custody providers with hardware-backed infrastructure. Several have completed multiple independent security audits and run meaningful bug bounty programs. The argument is that the industry is maturing, the worst-managed protocols are being weeded out by natural selection, and the survivors are building better controls.
That argument would be more convincing if Multichain and Orbit Chain had not happened in 2023 and 2024, after the 2022 lessons should already have been absorbed. It would be more convincing if $328.6 million had not left the ecosystem in a single month in 2026. The pace of learning, measured in losses, remains very high.
Deep Dive: Four Years of Bridge Losses
The data across the past four years is instructive. Nine major incidents, over $1.5 billion in losses directly attributable to key management or authorization failures, against roughly $500 million attributable to smart contract code bugs.
| Exploit | Date | Loss | Root Cause |
|---|---|---|---|
| Ronin | March 2022 | $625M | Compromised validator private keys |
| Wormhole | February 2022 | $320M | Signature verification bug (code) |
| Nomad | August 2022 | $190M | Logic flaw enabling arbitrary replay (code) |
| Harmony Horizon | June 2022 | $100M | Private key compromise, 2-of-5 multisig |
| Multichain | July 2023 | $125M | CEO held exclusive MPC key access |
| Orbit Chain | January 2024 | $81.5M | 7-of-10 multisig key compromise |
| Verus Bridge | May 2026 | $11.5M | Under investigation |
| THORChain | May 2026 | ~$10M | Under investigation |
| Gravity Bridge | May 2026 | $5.4M | Suspected signing key compromise |
Of the nine incidents, at least six are directly attributable to key management or authorization failures. Two are code-level exploits. One remains under investigation. The ratio across confirmed cases runs approximately 3:1 in favor of human and operational failures over technical ones.
This ratio matters for how the industry prioritizes security spend. Smart contract audits get significant attention and resources. Security firms audit code extensively. Bug bounties run into the millions of dollars. But the operational question of who holds the keys, how they are stored, what the rotation schedule is, and whether it has ever been executed, is less standardized, less audited, and apparently less funded.
The comparison to TradFi is not hypothetical. Basel III's operational risk capital framework, which has been in effect since 2008 and progressively strengthened since, requires banks to hold capital specifically against losses from inadequate internal processes, people, and systems. Operational risk is a recognized, regulated, capitalized risk category. It has dedicated teams, regulatory examination schedules, and board-level reporting requirements.
In crypto, the equivalent of an operational risk management framework is, at most, a security section in a documentation repo. The incentive to invest in unglamorous operational hygiene is low when the regulatory pressure is absent.
The $328.6 million lost in a single month in May 2026 exceeds the total operational risk losses of several mid-size regional banks across years of operation. The industry is absorbing losses at a rate that would attract immediate regulatory intervention in any other financial sector.
What to Watch Over the Next 12 to 18 Months
For risk managers at bridge protocols, the audit question to ask is not "has our smart contract been reviewed?" It is "has our key management procedure been independently verified in the last twelve months?" These are different engagements, handled by different specialists. The second is chronically underused.
Specific controls to examine: Are individual signing keys stored on hardware devices, or software-based? Is there a documented key rotation schedule that has been executed in practice, not just written down? Are key holders geographically distributed? What is the escalation protocol if a key holder becomes unreachable? What happens when someone leaves the team?
For institutional investors and liquidity providers, the due diligence checklist should include a specific question about key custody architecture. "We use multisig" is an incomplete answer. The follow-up is "how are the individual keys held, by whom, and what is the rotation policy?"
For policy makers, the $328.6 million figure will eventually reach regulatory attention. When it does, the useful frame is not to treat bridge security as a smart contract code problem to be addressed by audit requirements. It is to treat it as an operational risk problem, the same category as SWIFT credential compromise in 2016, the same category that prompted the development of the FFIEC's cybersecurity examination framework for banks. The EU's MiCA regulation, which came into full effect in December 2024, does not specifically address bridge key management procedures. That gap will likely be revisited.
Three signals worth monitoring. First, watch for any major bridge protocol publishing a formally verified key management policy, independently audited rather than self-attested. That would be a meaningful shift from current norms. Second, watch for bridge-specific insurance products that explicitly price key compromise coverage. Premium levels will be a useful signal about how the market actually assesses this risk. Third, watch whether PeckShield's May 2026 figure of $328.6 million becomes an anomaly or establishes a new baseline. If June produces a similar number, the trend is accelerating.
The Bottom Line
After Ronin. After Wormhole. After Nomad. After Multichain. After Orbit Chain. After $328.6 million in a single month.
The argument that the industry simply needs more time to figure this out is getting harder to sustain.
The knowledge exists. HSMs, dual-control authorization, key rotation schedules, geographic distribution of signing authority. These are documented, proven, and available. They are not technically complex to implement. They are operationally inconvenient. They add friction. They slow things down.
TradFi chose to accept that friction after painful experience, and the regulatory environment made the choice non-negotiable over time. Without a similar forcing function, crypto keeps choosing speed over hygiene.
I started my career writing workflows for systems where there was no UAT, no dev environment, no production sign-off process. You slammed code directly into production. It was chaotic and occasionally brilliant and it led to serious failures. The industry eventually built the discipline to do it differently. Not because the engineers wanted to. Because the losses made the alternative untenable.
Don't burn your bridges. Or expose them.
That is where I keep landing. Will crypto build better operational controls because the cumulative $1.5 billion-plus in key management losses has finally made the lesson impossible to ignore? Or will it wait for a regulatory mandate that forces the issue?
I genuinely don't know. But I have seen what happens when an industry waits for the mandate. The losses between now and then tend to be avoidable.
Further Reading
- Cross-Chain Bridges: The CDOs of DeFi — how bridge concentration risk mirrors the systemic exposure that brought down the CDO market in 2008
- $292 Million Gone in 46 Minutes — a parallel case study in what happens when DeFi protocols skip the institutional-grade controls that TradFi built through hard experience