Cross-Chain Swap Protocols: Bridge vs DEX vs Atomic Swap
Compare cross-chain swap methods including bridges, decentralized exchanges, and atomic swaps across security, speed, and fees.
Cross-Chain Swap Methods Compared
Moving assets between blockchains requires a cross-chain swap protocol, and the choice of protocol determines the security, speed, and cost of the transfer. Three fundamentally different approaches exist: messaging bridges that relay proofs between chains, cross-chain DEXes that pool liquidity across networks, and atomic swaps that use hash time-locked contracts for trustless peer-to-peer exchange.
Each approach makes a different tradeoff between trust assumptions, capital efficiency, and user experience. Bridge exploits alone have accounted for over $2.8 billion in cumulative losses since 2022, making security model evaluation critical for anyone moving value across chains.
| Approach | Trust Model | Typical Fees | Speed | Chains Supported | Key Risk |
|---|---|---|---|---|---|
| Messaging bridges (Wormhole, LayerZero) | Trusted validator/guardian set | 0-0.06% + gas ($0.50-$10) | 1-15 min | 30-75+ | Validator collusion or key compromise |
| Cross-chain DEXes (THORChain, Chainflip) | Economic security via bonded validators | 0.1-0.5% + outbound gas | 15s-60 min | 5-10 L1s | Protocol bugs, liquidity shortfalls |
| Atomic swaps (HTLC-based) | Trustless (cryptographic only) | On-chain fees on both chains | 10 min to hours | Any HTLC-capable chain | Counterparty availability, timelock griefing |
| Submarine swaps (Loop, Boltz) | Trustless via HTLCs | 0.1-0.5% + mining fee | 10-60 min | Bitcoin L1 + Lightning | Lightning route liquidity |
| Spark (L2 transfers) | Threshold operator set with unilateral exit | Near-zero (internal); mining fee (L1 exit) | Near-instant (internal); 10-30 min (L1) | Bitcoin | Operator liveness (mitigated by exit tree) |
Messaging Bridges: Wormhole and LayerZero
Messaging bridges work by relaying cryptographic proofs of events on one chain to a verifier contract on another. The security of these systems depends entirely on who validates those proofs. A cross-chain bridge using a small, trusted validator set is functionally a multisig wallet with extra steps.
Wormhole
Wormhole uses 19 Guardian nodes run by known entities (Jump Crypto, Figment, Staked, and others) that observe and attest to cross-chain messages. A message is valid when 13 of 19 Guardians sign it, producing a Verifiable Action Approval (VAA). This is a permissioned proof-of-authority model: users trust that a supermajority of Guardians will not collude. Wormhole supports 30+ actively connected blockchains and has processed over $60 billion in total transfer volume across more than 1 billion messages. The protocol itself charges no percentage fee: users pay only gas on source and destination chains.
On February 2, 2022, an attacker exploited a signature verification bug in Wormhole's Solana contract, minting 120,000 unbacked wETH worth approximately $321 million. Jump Crypto replaced the stolen funds. In February 2023, a court-ordered counter-exploit via Oasis.app recovered approximately $225 million from the attacker's DeFi positions. Post-hack, Wormhole added a Global Accountant enforcing 1:1 asset parity, a Governor rate-limiting outflows, and zero-knowledge proof verification.
LayerZero
LayerZero takes a different architectural approach with its Ultra Light Node (ULN) design. Instead of a fixed validator set, it separates message verification into two independent roles: an Oracle (now configurable as a Decentralized Verifier Network, or DVN) that submits block headers, and a Relayer that submits transaction proofs. Security relies on the assumption that the Oracle and Relayer do not collude. With LayerZero v2, applications choose their own security configuration, selecting which DVNs must verify their messages and how many are required.
LayerZero connects 75+ chains and has facilitated over 150 million cross-chain messages. Stargate Finance, the primary bridge built on LayerZero, charges approximately 0.06% per swap. In April 2026, the KelpDAO bridge (built on LayerZero) was exploited for approximately $290 million by the Lazarus Group: the attackers compromised RPC nodes and fed false data to LayerZero's verifier. The root cause was KelpDAO's use of a 1-of-1 DVN configuration, making a single verifier the sole point of failure. At the time, roughly 47% of LayerZero applications used a similar single-DVN setup, highlighting the risks of configurable security when defaults are weak.
Cross-Chain DEXes: THORChain and Chainflip
Cross-chain decentralized exchanges replace trusted validator sets with economic security: validators must post collateral that can be slashed for misbehavior. This aligns incentives rather than relying on reputation alone.
THORChain
THORChain operates its own Layer 1 blockchain (Cosmos SDK-based) with a native RUNE token. All liquidity pools are structured as ASSET:RUNE pairs, so a BTC-to-ETH swap routes through two pools: BTC/RUNE and RUNE/ETH. Validators must bond twice the value of pooled assets in RUNE, creating a 2:1 economic security ratio. TVL fluctuates between $250-400 million, and cumulative swap volume exceeds $80 billion.
THORChain supports approximately 10 L1 chains including Bitcoin, Ethereum, BNB Chain, Avalanche, Cosmos, Dogecoin, Bitcoin Cash, and Litecoin. Fees follow a slip-based model (0.1-0.5% for typical trades) plus outbound gas. The protocol suffered two exploits in July 2021 totaling approximately $13 million, and faced solvency concerns in January 2025 when its lending product accumulated roughly $200 million in liabilities, leading to a lending pause and restructuring plan.
Chainflip
Chainflip uses 150 validators running a threshold signature scheme via multi-party computation (requiring a 100-of-150 supermajority to sign). No single validator holds keys to the vault wallets on any chain. Its Just-In-Time (JIT) AMM allows market makers to provide one-sided liquidity at the moment of a swap, improving execution price. Launched in late 2023, Chainflip currently supports Bitcoin, Ethereum, Polkadot, and Arbitrum, with TVL in the $15-40 million range and no major security incidents to date.
Atomic Swaps: Trustless but Limited
Atomic swaps use hash time-locked contracts (HTLCs) to enable trustless cross-chain exchange without any intermediary. The mechanism works in four steps: Alice locks BTC with a hash lock and timelock. Bob locks ETH using the same hash with a shorter timelock. Alice claims Bob's ETH by revealing the preimage. Bob uses the revealed preimage to claim Alice's BTC. If either party fails to act, timelocks ensure refunds.
The first known atomic swap was performed between Decred and Litecoin on September 19, 2017. Komodo (now Komodo Wallet) pioneered on-exchange atomic swaps the same year. Despite being the only fully trustless cross-chain mechanism, atomic swaps have seen limited adoption due to several constraints:
- Both chains must support hash-lock and time-lock scripting
- Both parties must be online and monitoring both chains
- No pooled liquidity: every trade requires a direct counterparty
- On-chain transactions on both chains make small swaps expensive
- Timelocks can lock funds for hours if a counterparty delays
These limitations explain why bridges and DEXes dominate cross-chain volume despite their trust assumptions: pooled liquidity and one-click interfaces are simply more practical for most users.
Bitcoin-Specific Cross-Layer Solutions
Bitcoin's cross-layer problem is distinct from general cross-chain swaps. Rather than moving assets between independent blockchains, the challenge is moving BTC between Bitcoin L1 and its Layer 2 networks, particularly the Lightning Network. Two approaches dominate: submarine swaps and cooperative L2 architectures like Spark.
Submarine Swaps
Submarine swaps use HTLCs to bridge Bitcoin L1 and the Lightning Network. In a "Loop Out" (Lightning-to-L1), a user makes a Lightning payment locked with a hash, while a service provider locks on-chain BTC with the same hash. Once the provider reveals the preimage to claim the Lightning payment, the user claims the on-chain BTC. The reverse ("Loop In") moves on-chain BTC to Lightning. For a detailed walkthrough, see our submarine swaps explained guide.
Lightning Loop (by Lightning Labs) and Boltz Exchange are the primary implementations. Loop charges a variable service fee (roughly 500 sats on a 300,000 sat swap) plus mining and routing fees. Boltz charges 0.1-0.5% depending on direction and supports Bitcoin L1, Lightning, Liquid Network, Rootstock, and (since March 2026) USDT on Arbitrum via routed swaps. Both are non-custodial. The main limitation is speed: because submarine swaps require on-chain Bitcoin confirmations, they typically take 10-60 minutes.
Spark: Cooperative L2 Architecture
Spark takes a fundamentally different approach to Bitcoin cross-layer transfers. Instead of HTLC-based swaps, Spark uses a threshold signing group of operators (Spark Service Providers) who cooperatively manage Bitcoin UTXOs via FROST threshold signatures. Deposits create a "leaf" in a shared UTXO tree: a single on-chain transaction to a cooperative address with no HTLCs, no timelocks, and no service fees beyond the standard mining fee. Transfers within Spark happen off-chain and are near-instant. Withdrawals are cooperatively signed back to L1, with pre-signed exit trees providing unilateral withdrawal if operators become unresponsive.
This architecture avoids several limitations of submarine swaps: no Lightning routing is required, no HTLC timelock management is needed, and the system supports stablecoins (like USDB) natively rather than just BTC. Spark also maintains Lightning interoperability, allowing users to send and receive Lightning payments through the protocol. For a deeper comparison, see Lightning vs Spark.
Bridge Security Track Record
Cross-chain bridges have been the single largest category of DeFi exploits by total value lost. Bridge hacks represented 69% of all funds stolen in crypto during 2022. The following table documents the most significant incidents. Understanding these failures is essential context for evaluating any bridge security model.
| Protocol | Date | Loss | Attack Vector |
|---|---|---|---|
| Ronin Bridge | March 2022 | ~$625M | Lazarus Group compromised 5 of 9 validator keys via social engineering |
| Poly Network | August 2021 | ~$611M | Access control vulnerability in relay contract (funds returned) |
| BNB Bridge | October 2022 | ~$570M minted (~$110M exfiltrated) | Forged Merkle proof allowed minting 2M BNB |
| Wormhole | February 2022 | ~$321M | Signature verification bug on Solana allowed unbacked wETH minting |
| KelpDAO (LayerZero) | April 2026 | ~$290M | Lazarus Group compromised RPC nodes feeding LayerZero's sole DVN verifier |
| Nomad | August 2022 | ~$190M | Upgrade bug let anyone copy valid transactions with new recipient addresses |
| Multichain | July 2023 | ~$130M | CEO held sole control of MPC servers, undermining decentralization |
| Harmony Horizon | June 2022 | ~$100M | Lazarus Group compromised 2 of 5 multisig keys |
| Orbit Chain | December 2023 | ~$82M | Bridge vault private key compromise |
A recurring pattern emerges: most bridge exploits target the validator key infrastructure rather than the cryptographic protocol itself. Low multisig thresholds (Harmony's 2-of-5), centralized key management (Multichain), single-DVN configurations (KelpDAO), and social engineering (Ronin) are the dominant attack vectors. Protocols with higher validator counts and economic slashing (THORChain, Chainflip) or user-enforceable exit mechanisms (Spark) address different parts of this risk surface. For protocol-level security analysis, see our bridge security comparison.
How to Choose a Cross-Chain Swap Method
The best cross-chain swap method depends on what you are optimizing for. Use this framework:
If you prioritize security over speed and are swapping between HTLC-capable chains: atomic swaps eliminate counterparty risk entirely, at the cost of requiring a direct counterparty and on-chain fees on both chains.
If you need broad chain coverage and fast execution: messaging bridges like Wormhole (30+ chains) or LayerZero (75+ chains) offer the widest reach. Accept the trust-in-validators tradeoff, but verify the application's DVN configuration when using LayerZero-based bridges. Use the bridge fee calculator to estimate costs for specific routes.
If you are swapping native assets (BTC, ETH, AVAX) and want economic security without trusted validators: THORChain's bonded validator model provides decentralized cross-chain swaps with pooled liquidity, though its 2:1 bonding ratio depends on RUNE token value stability.
If you need to move BTC between L1 and Lightning: submarine swaps via Loop or Boltz are the established, trustless approach. Expect 10-60 minute settlement times.
If you want fast, low-cost transfers within the Bitcoin ecosystem including stablecoin support: Spark provides near-instant internal transfers, Lightning interoperability, and native stablecoin support without HTLC timelock management. L1 deposits and withdrawals still require on-chain confirmations.
Frequently Asked Questions
What is the safest way to swap tokens across blockchains?
Atomic swaps using HTLCs are the only fully trustless cross-chain swap mechanism: they rely solely on cryptographic guarantees and timelocks, with no intermediary holding funds. However, they require both chains to support hash-lock scripting and a direct counterparty for every trade. For practical use, cross-chain DEXes like THORChain offer a middle ground: economic security through bonded validators rather than trusted multisigs, with pooled liquidity that eliminates counterparty-finding friction.
How do cross-chain bridges work?
A cross-chain bridge locks tokens on the source chain and mints equivalent wrapped tokens on the destination chain. A set of validators or relayers observes the lock event and attests to it on the destination chain. The security depends on who those validators are and how many must agree. Wormhole uses 13-of-19 known Guardians. LayerZero separates verification into an Oracle and Relayer that must independently confirm each message. The bridge's trust model is its most important characteristic.
Why have so many bridges been hacked?
Bridges concentrate large amounts of locked value behind validator key infrastructure, making them high-value targets. Most exploits have targeted key management rather than cryptographic protocols: Ronin fell to social engineering of validator keys, Harmony used a dangerously low 2-of-5 threshold, Multichain's CEO secretly held sole control of MPC servers, and KelpDAO relied on a single DVN verifier. Bridge hacks represented 69% of all crypto funds stolen in 2022. The pattern suggests that operational security of key infrastructure, not protocol design, is the primary failure mode.
What is the difference between a bridge and an atomic swap?
A bridge uses intermediaries (validators, relayers, or guardians) to attest that assets were locked on one chain before minting them on another. An atomic swap uses hash time-locked contracts so two parties can exchange assets across chains without any intermediary: either both sides complete or both refund. Bridges offer pooled liquidity and broad chain support but introduce trust assumptions. Atomic swaps are trustless but require direct counterparties, compatible chain scripting, and on-chain transactions on both networks.
What are submarine swaps and how do they relate to cross-chain swaps?
Submarine swaps are a specific type of atomic swap that bridges Bitcoin L1 and the Lightning Network using HTLCs. They enable trustless movement between on-chain and off-chain Bitcoin without a centralized intermediary. Services like Lightning Loop and Boltz Exchange implement submarine swaps for Lightning node operators managing channel liquidity. While technically a cross-layer rather than cross-chain mechanism, submarine swaps share the same HTLC primitives that underpin general atomic swaps.
How does THORChain compare to using a bridge like Wormhole?
THORChain and Wormhole represent different security philosophies. Wormhole relies on 19 known Guardian nodes with reputation at stake. THORChain requires validators to bond twice the pooled value in RUNE tokens, creating economic incentive alignment: misbehaving validators lose their bond. THORChain supports fewer chains (approximately 10 L1s vs Wormhole's 30+) and charges higher fees (0.1-0.5% vs near-zero protocol fees), but swaps settle to native assets rather than wrapped tokens. The tradeoff is narrower chain coverage and higher cost for stronger economic security and no wrapped token risk.
Can I swap Bitcoin for tokens on other chains without a centralized exchange?
Yes. THORChain supports native BTC swaps to ETH, AVAX, BNB, and other L1 assets through its decentralized liquidity pools. Chainflip offers BTC-to-ETH swaps using threshold signatures. Both require Bitcoin block confirmations, so expect 15-30 minutes for the BTC side of the swap. For smaller amounts, atomic swaps are possible with any counterparty on an HTLC-capable chain, though finding liquidity is the main challenge.
This tool is for informational purposes only and does not constitute financial advice. Data is approximate and based on publicly available information as of mid-2026. Protocol TVL, fees, supported chains, and security models change frequently. Always verify current data on official protocol documentation before making decisions.
Build with Spark
Integrate bitcoin, Lightning, and stablecoins into your app with a few lines of code.
Read the docs →