
Cross-chain bridges have lost $340.7 million across 14 exploits in 2026. The year isn't half over.
That figure comes from PeckShield's June 1 tally, and it sits inside an even uglier picture: total DeFi losses passed $750 million by mid-April, and April 2026 became the most-hacked month in crypto history with 30 separate incidents - nearly one per day. Bridges were just one category of target, yet they produced the single largest losses. Again.
This keeps happening for a reason. And the reason is architectural, not accidental.
On April 18, attackers drained 116,500 rsETH - worth roughly $292 million, about 18% of the token's circulating supply - from Kelp DAO's LayerZero-powered bridge. LayerZero's post-mortem, prepared with Mandiant and CrowdStrike, attributed the attack to TraderTraitor, a unit of North Korea's Lazarus Group. But the most important detail isn't who did it. It's how.
This wasn't a smart contract bug. There was no reentrancy exploit, no missing access check, no oracle manipulation. The attackers compromised two internal RPC nodes feeding LayerZero's verification network, then hit the remaining external providers with a DDoS attack, forcing all verification traffic onto the poisoned machines. Because the rsETH bridge was configured with a 1-of-1 verifier quorum, that single manufactured attestation was all it took. The Ethereum contract released funds against a token burn that never happened on the source chain.
Here's the part that should worry everyone: at the transaction level, every step of the exploit looked completely valid. The signature was valid. The message format was valid. The release function behaved exactly as designed. Chainalysis's post-mortem noted that traditional security tools missed the attack precisely because every onchain transaction was, technically, correct. The system executed a proper transaction on top of a falsified view of reality. The failure was structural.
And the blast radius was structural too. That rsETH backed token versions across more than 20 chains - Base, Arbitrum, Linea, Blast, Mantle, Scroll. The attacker deposited the stolen rsETH as collateral on Aave and borrowed roughly $190 million in real assets against it. Aave froze its rsETH markets to contain bad debt risk, and about $6 billion in TVL exited the protocol in the days that followed - even though Aave's own contracts were never touched. One bridge failure, twenty ecosystems exposed.
If this feels familiar, it should. Ronin lost $625 million in 2022 through compromised validator keys. Wormhole lost $320 million the same year from a signature verification bug. Nomad lost $190 million from a configuration error. Since 2022, bridges have produced more than $2.8 billion in cumulative losses - roughly 40% of all value hacked in Web3. The technology changes every cycle. The failure modes repeat with striking consistency.
2026 alone reads like a catalogue of the same lesson. The Verus-Ethereum bridge was drained for roughly $11.5 million in May, the attacker's wallet funded through Tornado Cash. THORChain halted trading after a cross-chain exploit pulled more than $10 million across Bitcoin, Ethereum, BNB Chain and Base. Hyperbridge lost $2.5 million in April. The IoTeX bridge lost about $2 million in February to a private key compromise - an operational failure, not a code flaw. Transit Finance was drained of $1.88 million in May.
Different protocols, different codebases, different teams. Same root cause: bridges ask one blockchain to trust information about another, and that trust has to be manufactured through validators, signers, message layers, and quorum rules. Every one of those components is an attack surface. PeckShield's May data makes the asymmetry explicit: 60 separate incidents that month - the highest count of the year - with bridge exploits producing the largest per-incident losses of any category, and only 13.7% of stolen funds ever recovered. The soft point in the stack isn't just the code anymore. It's everything around it.
A bridge works by locking tokens on one chain and minting representations on another. To do that, it concentrates pooled collateral - sometimes hundreds of millions of dollars - behind a single verification mechanism. Compromise the verification, and the entire pool is yours. That's not a vulnerability that better audits fix. It's the shape of the system.
The industry's optimistic take has been that bridges are young infrastructure and the holes will close as the technology matures. The 2026 data tells a less comfortable story. Drift at $285 million and Kelp at $292 million are each larger than any single DeFi exploit in 2023 or 2024. The attacks are getting bigger, more patient, and more operational - Drift's attackers ran a six-month social engineering campaign before the first transaction fired; Kelp's were state-sponsored and funded through mixers hours in advance.
The most damning detail came out after the Kelp hack. The 1-of-1 verifier setup that enabled it wasn't an outlier - data showed nearly half of active LayerZero applications ran the same single-verifier configuration, which Kelp says was the documented default. LayerZero later acknowledged it “made a mistake” allowing its own verifier to secure high-value assets that way, banned single-verifier setups entirely, and forced a protocol-wide migration. Kelp moved its bridge to a competitor. When the default configuration of a leading cross-chain messaging layer is the thing that enabled the year's biggest theft, the problem isn't user error. It's the architecture.
There's a quieter design choice that sidesteps this entire class of failure: don't bridge the asset at all. Have the issuer mint it directly on the chain where it's used.
Natively issued assets have no lock-and-mint contract holding pooled reserves. No wrapper whose peg depends on a custodian's honesty. No cross-chain message that a forged signature can spoof. No validator quorum to compromise. The asset on the chain is the asset - a direct liability of the issuer, not a claim on a bridge's escrow.
This doesn't make a chain immune to every risk. Nothing does. But it removes the specific attack surface that has produced the largest individual losses in crypto, year after year, cycle after cycle. When the stakes were a few million in DeFi experiments, the tradeoff was debatable. With stablecoins settling trillions annually and real world assets moving onchain, it isn't. Financial infrastructure that holds real value cannot sit behind a single verifier's signature.
Kava made this design choice years ago. 88% of stablecoins on the network are natively issued USDT - minted by Tether directly at the protocol level. Not bridged, not wrapped, no third-party escrow in the flow. Combined with unified liquidity across the network's EVM and IBC environments, it means the settlement layer for everything Kava is building - including its upcoming tokenized financial products - carries none of the bridge attack surface that produced this year's headlines.
$340 million in bridge losses in five months isn't bad luck. It's the cost of an architecture the industry keeps choosing for convenience. Every exploit makes the alternative clearer. Native issuance isn't a feature. It's the absence of a failure mode.