This article belongs to a series analyzing monitoring and security analysis of cross-chain protocols. In this piece, we examine historical data from major bridge protocols to understand how UX failures led to millions in user losses, and what the evolution of cross-chain infrastructure can teach us about building better systems. Access the paper below 👇
https://dl.acm.org/doi/10.1145/3721462.3770781
UI Design: Photo by Kelly Sikkema on Unsplash
TL;DR
This historical analysis of cross-chain bridges like Ronin and Nomad shows how users lost money more than hackers did:
Users sent tokens the wrong way → funds vanishedUsers forgot gas on the destination chain → withdrawals failedTiny typos in addresses → irreversible lossesFake tokens and bad mappings → phishing risk
The big picture: Early bridges were engineered for protocol safety, not user safety. While bridge designs have evolved significantly since this data was collected, these lessons remain essential for understanding how interoperability infrastructure must be built.
Coming in the next articles: We’ll explore how modern bridge architectures are addressing the new challenges and what the future of cross-chain interoperability looks like.
The Promise vs. The Reality
Crypto loves to talk about the future: seamless interoperability, permissionless finance, assets flowing freely across chains. Cross-chain bridges are supposed to be the highways that make this vision real. And in many ways, they do. Billions of dollars move through them every day (https://defillama.com/bridges).
But if we look back at the data from earlier bridge implementations, a problem emerges that no one liked to admit:
For many users, using a bridge felt like defusing a bomb. One wrong move — and funds were gone.
Our analysis of historical data from major bridges like Ronin and Nomad reveals something uncomfortable: not all losses came from sophisticated hackers. Sometimes, these early systems quietly allowed users to make irreversible mistakes. Tokens got sent without triggering transfers. Funds landed in addresses no one controlled. Withdrawals failed because users didn’t have enough funds to cover gas fees. Millions ended up stuck in limbo (i.e., in the bridges’ addresses 😉).
This isn’t just a security story; it’s a user experience story. And while bridge designs have evolved significantly since this data was collected in 2022 (with new architectures addressing many of these pain points), the lessons remain critical for understanding how interoperability infrastructure must be built.
Most early bridges were built with a protocol-first mindset. They were technically impressive, engineered for decentralization, and optimized for on-chain correctness. What they often weren’t optimized for was how real users behave: distracted, rushed, sometimes inexperienced, and almost always one click away from a costly mistake.
The data revealed a clear paradox: The technology securing billions was cutting-edge, but the user experience felt stuck in crypto’s earliest days.
Where Users Lose Money
1. Sending Tokens Directly to Bridge Contracts
A common issue arises when users send tokens directly to bridge contracts without going through the protocol’s user interface or SDK. While technically possible to initiate a cross-chain transfer by manually sending tokens to a bridge contract, this method is discouraged, it’s cumbersome, and requires deep technical knowledge.
The main problem: users mistakenly interact with token contracts (e.g., ERC20 tokens) to transfer tokens to the bridge contract address, which does not trigger the intended cross-chain transfer.
From our analysis:
Nomad Bridge: 105 transactions on Ethereum, totaling $93.8K sent to bridge contracts without triggering transfersRonin Bridge: 80 random transfers amounting to $113KThese funds were essentially sent into a void, where they could no longer be retrieved or moved across chains. No exploit. No hacker. Just users following the wrong process, highlighting their inexperience and the lack of information available.
2. Incorrect Input Formatting
Sometimes the biggest failures come from the smallest details.
We identified cases where users entered beneficiary addresses with the wrong padding format (e.g., right-padded instead of left-padded). The bridge contract still processed the transaction; it simply extracted the last 20 bytes of the user input and sent the funds to an address the user didn’t control.
No exploit. No attacker. Just an input mistake.
The root cause: protocols often lack strict input validation, largely because they’re designed to be blockchain-agnostic.
In other words, the system accepts technically valid data even when the human intent is obviously wrong.
3. Insufficient Gas on the Destination Chain
Another major issue in early bridge designs: users initiated withdrawals without sufficient funds to cover gas fees on the destination blockchain.
But here’s what’s striking: this problem existed long before these attacks.
Throughout the operation of both bridges, users continuously tried to withdraw tokens without success, not because of malicious activity, but due to insufficient balance to cover gas fees on the destination blockchain:
6,175 addresses on Ethereum (≈49%) had zero balance at the time of their withdrawal event5,333 of those (≈43%) still hold a zero balance today7,700 addresses (≈61%) lacked enough ETH to issue a transaction (minimum 0.0011 ETH according to Ronin documentation)
Note: Modern bridge architectures, including those leveraging solver networks and improved withdrawal mechanisms, have made significant strides in addressing this UX pain point — a topic we’ll explore in future articles in this series.
4. Stuck Withdrawals
In these early bridge implementations, deposits were automated. Withdrawals were not.
When the Nomad Bridge was attacked in August 2022, users tried to withdraw over $24.7M in the 24 hours before the attack. Similarly, the Ronin bridge saw users attempting to withdraw $24.3M before its attack. Since the protocols were already paused, they were unsuccessful as expected.
However, the study found 729 withdrawal attempts that were never completed, leaving up to $4.8M stuck inside bridges. The surprising part? Nearly half of those users didn’t have enough ETH to pay gas on the destination chain to claim their assets.
This wasn’t panic behavior during an attack — it mostly happened during normal bridge usage.
The signal was clear: these bridges assumed users understood multi-chain operational mechanics. Most didn’t.
Events emitted by the bridge contracts in the target blockchain (T) that were matched or unmatched with events on the source blockchain. The unmatched instances represent asset movements only in one side of the bridge.
5. Phishing & Fake Tokens
Attackers don’t always break bridges. Sometimes they just impersonate legitimacy.
We observed attempts to exploit bridges using fake token contracts, including ones labeled like reputable assets such as Wrapped ETH, to trick the system into unlocking real funds. They also found cases where fake or duplicate tokens were linked across chains, exposing weak verification practices and opening the door to spoofing attacks.
This is where security and UXÂ collide.
If users cannot easily distinguish real assets from malicious lookalikes, the interface is part of the attack surface. Good design doesn’t just warn users, it makes dangerous actions difficult or impossible to execute.
What Better Bridge UX Looks Like
The paper doesn’t prescribe design fixes, but the implications are obvious.
Bridges should move toward:
Strict input validation — reject malformed addresses before processing, or prompt the user to confirm.Pre-flight transaction checks — verify conditions before committingAutomatic gas warnings — alert users when destination balances are insufficientClearer withdrawal flows — make the multi-step process explicitToken verification layers — flag or block suspicious token contractsSafer defaults — protect users from themselves whenever possible
Why These Historical Failures Still Matter
Hacks are episodic. Bad UXÂ scales.
The data from these early bridges revealed a critical truth: as cross-chain infrastructure pushes toward mainstream adoption, the biggest threat isn’t just elite attackers; it’s normal users interacting with systems that expect expert-level understanding.
You cannot onboard the next 100 million users into flows where:
One formatting mistake nukes fundsWithdrawals require operational knowledgeGas mechanics aren’t surfaced clearly
Mass adoption doesn’t fail dramatically. It fails quietly through bad experiences.
The good news? The industry has been learning. Bridge designs have evolved significantly, with new architectural approaches addressing many of these pain points. But understanding where we came from (and what happens when UX is an afterthought) remains essential for building the next generation of interoperability infrastructure.
Final Thought: The Evolution of Cross-Chain UX
The bridges that succeed long-term won’t just be the most secure, they’ll be the ones that make it easier for users.
The way forward may include better user education, improved UI/UX, and more robust bridge aggregators that can streamline cross-chain transfers while minimizing risks. Future research explored ways to reduce user error, such as allowing users to pay gas fees on the origin blockchain rather than the destination, improving the overall cross-chain experience.
In the next articles, we’ll continue exploring the evolution of cross-chain interoperability — examining how modern bridge architectures are tackling these challenges, what new risks emerge, and where the industry is heading.
Some additional references:
Cross-Chain Bridges 101 — How do tokens flow between blockchains?On the Security of Cross-Chain ProtocolsThe Importance of Cross-Chain Protocols in Web3 [2024]
UX Failures in Cross-Chain Bridges: When Users Become the Weakest Link was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.