Polygon Co-founder Sandeep: Written after the series of cross-chain bridge failures

Author: Sandeep

Compiled by: Jiahui, ChainCatcher

This weekend is heartbreaking. Three cross-chain bridge security incidents have occurred within three weeks. In the past few days, I haven’t dwelled much on the specific sequence of any one attack; instead, I’ve been thinking about the patterns hidden behind all these events.

On April 1, Drift lost $285 million.

On April 13, Polkadot Hyperbridge—just one replay proof minted 1 billion unsupported tokens. If the liquidity on the target chain hadn’t already been thin, the losses would have far exceeded this figure.

On April 18, KelpDAO lost $292 million. Before that, there were Wormhole, Ronin, Harmony, BNB Bridge, Nomad, and Multichain.

First, it’s important to state clearly: I have full respect for every team that actively responded during this pressure-filled weekend. I have no intention of kicking anyone when they’re handling an emergency.

We’ve all been in similar situations, and the teams releasing patches now are working incredibly hard. Kelp’s emergency multi-signature pause prevented two subsequent attempts to drain assets; otherwise, losses would have increased by another $200 million.

What I want to emphasize here is that what happened this weekend is not just a Kelp problem. It comes from a design choice that the entire industry has been making. Right now, most cross-chain infrastructure for cryptocurrencies still works like a notary office.

No matter whether you call it a DVN, a relay set, an oracle committee, or multisignature, at its core it’s a small committee monitoring activity on one chain and attesting to it on another.

Once this committee—or the underlying price-feed data it depends on—is compromised, this notary office will endorse lies without hesitation. The protocol name changes, but the trust assumptions never do.

@moo9000 gave it a most fitting name: MultiSFi(MultisigFi).

This description is spot on. No matter what you call the underlying committee, the trust model remains the same. The painful lesson of the past three weeks is how this model collapses when applied at scale.

A recent Dune data scan of active LayerZero applications found that 47% of applications run on a 1/1 validator configuration, 45% run on a 2/2 configuration, and only less than 5% use stronger security configurations.

That means that for nine out of ten cross-chain applications currently in production, 1 to 2 compromised signers are the only security line standing between user funds and attackers.

Five years ago, this might have been a reasonable default security setting. Back then, cross-chain bridges only moved millions of dollars, and no one probed them at an industrial scale.

But in 2026, that makes no sense at all. The same design is now moving billions of dollars! And AI-assisted tools are continuously discovering configuration vulnerabilities at machine speed. The attack surface has expanded exponentially, while the security model has stayed put.

To be clear, this is not an article meant to pit Polygon against everyone else. Years ago, we also built early versions of these trust assumptions into our own products. We learned the lesson, and the whole industry learned the lesson as well.

Along the way, some of us continued building under the committee model, while others bet the entire company on ZK(zero-knowledge proofs).

Our bet on ZK isn’t just talk: as early as July 2024, we launched ZK proofs for the Agglayer bridge. After over a year in production, we settle cross-chain transactions at large scale every day. Honestly, what happened this weekend only further strengthens my confidence in this argument.

ZK proofs take over the work previously done by committees. It’s like a tiny cryptographic receipt proving that a computation was executed correctly—any machine on Earth can verify it in a few milliseconds.

Either the proof is valid and the transfer is settled, or the mathematical verification fails and the assets remain untouched. No operator can be bribed, no RPC can be poisoned, no quorum needs to be coordinated, and no one has to sit in a room at 3 a.m. on Saturday deciding whether your money is safe.

On top of that, there is what we call the “Pessimistic Proof”(Pessimistic Proof). The simplest way to understand it is: don’t trust anyone’s on-chain bookkeeping.

Each chain connected to Agglayer has a dynamic ledger that records assets sent and received. Before any withdrawal is finally confirmed, the books must remain balanced. A chain can never withdraw more of a given asset than what is recorded, for any reason, and regardless of whether someone has forged upstream messages.

Mathematics won’t allow this to happen. Agglayer enforces this through a Succinct SP1 proof system built on Polygon Plonky3.

If we ran last weekend’s scenario on Agglayer, the pessimistic proof would have blocked withdrawals on the spot—because there would be no deposit record, the funds absolutely would not be transferred.

The same accounting mechanism can also catch Wormhole’s infinite minting vulnerability, BNB Bridge’s infinite minting vulnerability, and Hyperbridge’s replay proof vulnerability.

These vulnerabilities are fundamentally different, but they all come down to the same issue: cross-chain bridges release assets that are not actually supported on the other end. Agglayer will prevent all of these before any settlement occurs.

This isn’t just theory. Although a large portion of DeFi hit pause during this weekend, Agglayer handled roughly $200 million in bridged transaction volume with no loss.

Katana, natively connected to Agglayer, maintained a zero-risk exposure throughout the entire incident. Before the root cause was publicly disclosed, our security team paused all LayerZero integrations across the entire Polygon ecosystem, and the product and support teams worked non-stop contacting institutional partners throughout the weekend.

Nearly six years of building. $2.4 trillion settled on Polygon. 7 billion transactions. 99.99% uptime. Zero cross-chain bridge vulnerabilities on Agglayer. That’s why we spent years building Agglayer—security has always come first.

I’m putting these numbers out there not to show off, but because if you want to walk into an institution with confidence and tell them that crypto is ready to handle massive payment volumes, you need to produce these concrete results.

Building cross-chain bridges using committees is cheaper and faster, so I understand why teams built them, and we built early versions ourselves. But what attackers can do has changed now, in a fundamental way.

Since 2022, the Lazarus organization has been attacking these designs, and there are no signs of slowing down. AI-assisted audits can now detect configuration errors that were hidden beneath complex layers in the past. These attacks won’t disappear. Eventually, mathematics will catch up to the shortcomings of committees.

For the past two or three years, this industry has been settling transaction volumes in the tens of trillions of dollars every year. We ask banks and payment companies to put huge sums of money onto those same rails that still rely on only one or two signers making the right decision on a Saturday night. That’s what we’re asking for—and if you say it out loud, it’s absurd.

We must do better, and we already know how to do it.

Even so, it’s still worth recognizing that LayerZero is now disabling 1/1 settings (single signature) across the entire industry. That’s the right decision. It will make cross-chain security much stronger, and I fully support it. Other teams will continue to strengthen their committee designs. This work is important.

But the bigger shift is in architecture. ZK proofs are tireless, immune to social engineering attacks, and there won’t be a bad weekend. Either the math holds or it doesn’t—if it doesn’t, nothing gets settled.

This is the direction the industry is moving. The pace is faster than a month ago, which is good news for every builder and every institution entering the chain.

This week, every team building cross-chain infrastructure should ask themselves one question: Do I really need a committee? Reinforcing existing committees is just a fallback approach.

Agglayer is open source. No protocol fees. No licensing restrictions. Any team ready to move from trusted proof mechanisms to cryptographic verification can connect. If you are currently running a cross-chain bridge and the incidents from the past three weeks have made you rethink your trust model, please contact us.

This is not a competitive moat we’re hoarding; it’s infrastructure that the entire industry should use.

The fate of crypto over the next ten years will be decided by teams that are now willing to bite into more hardcore architectures. Cryptographic proofs are harder to build than notary offices, but they won’t collapse on weekends—and they can scale to the trillion-dollar level that crypto is already being asked to carry.

Do you want a committee, or a mathematical proof? We chose the latter. Hope more people choose the same.

After this weekend, I’m even more convinced about ZK cross-chain. In hard times, you forge clear architecture.