Is Across Protocol Safe?
Risk Grade: C+ (38/100)
Across Protocol is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
Elevated risk — never been directly hacked, but relies on a custom oracle system with a proven attack vector demonstrated in the Polymarket incident
A bridge that moves crypto between blockchains by having professional relayers front the money for instant transfers. It holds $41M in liquidity pools and has never been directly exploited in 2+ years of operation. Its C+ grade reflects the use of a custom oracle system (UMA) that has a proven attack vector demonstrated in the $7M Polymarket incident.
TVL
$28M
Mechanisms
7
Interactions
5
Value Grade
C
Key Risks for Across Protocol Users
The system that verifies bridge transfers uses UMA token voting, and a $7M attack on Polymarket proved that a single wealthy actor can buy enough votes to approve fake transactions. This same mechanism secures Across.
Your transfer depends on professional relayers completing it. If they go offline during a market crash, your money could be delayed.
There is only a 1-hour window to catch fraudulent transfers. If nobody is watching during that hour, a fake claim gets approved and paid out from the liquidity pool.
Top Risk Factors
- •UMA optimistic oracle demonstrated vulnerability in the March 2025 Polymarket attack ($7M loss) where a single entity accumulated 25% of voting power to manipulate market resolution. The same vector could theoretically be applied to Across bridge verification.
- •Intent-based architecture depends on active relayer network; relayer concentration creates censorship risk and single points of failure for bridge execution.
- •Custom oracle system (UMA optimistic oracle) with a 1-hour challenge window trades security for speed. If disputers are offline or economically disincentivized, fraudulent fills could be finalized.
How Across Protocol Compares to Peers
Across Protocol ranks #8 of 24 Bridge protocols (above-median). At a risk score of 38/100, it's 5 points safer than the sector average of 43/100.
Adjacent peers: ZetaChain (C+, 36/100) is ranked just safer, and Bitlayer YBTC Family (C+, 40/100) is ranked just riskier.
See the full Bridge sector leaderboard or the Across Protocol vs Bitlayer YBTC Family comparison.
Common Questions about Across Protocol
Plain-English answers based on Across Protocol's scores across Hindenrank's 8 risk dimensions. The highest-scoring (riskiest) dimension is Oracle Surface (7/10).
Has Across Protocol ever been hacked or exploited?
Across Protocol has a fairly clean operational history. The track record dimension scored 3/15, indicating minor or no significant incidents on record. A clean track record is a positive signal but it does not guarantee future safety, especially as protocol complexity grows.
How much money is at stake in Across Protocol?
Across Protocol currently holds roughly $28M in user deposits. Smaller TVL means individual depositors carry a larger share of any loss event, and it can be harder to exit a position quickly during stress.
What's the worst-case scenario for Across Protocol?
Hindenrank has identified specific collapse scenarios for Across Protocol. The most prominent: "UMA Oracle Governance Capture". The trigger condition is A single entity accumulates 25%+ of UMA voting power and submits fraudulent bridge fill proposals during a period of low disputer activity. Reading through the full scenario list on the protocol page is the single best way to understand the actual failure modes — generic "smart contract risk" is rarely the thing that takes a protocol down.
Is Across Protocol regulated or insured?
Across Protocol has low regulatory exposure on Hindenrank's framework (3/10). The protocol is structured in a way that minimizes counterparty and jurisdiction concentration, though regulatory risk in crypto can change rapidly. No DeFi protocol carries FDIC-style insurance — even with low regulatory risk, depositors are not protected in the way bank customers are.
What are the biggest red flags for Across Protocol?
Hindenrank's retail-focused risk audit flagged: The system that verifies bridge transfers uses UMA token voting, and a $7M attack on Polymarket proved that a single wealthy actor can buy enough votes to approve fake transactions. This same mechanism secures Across. Your transfer depends on professional relayers completing it. If they go offline during a market crash, your money could be delayed. There is only a 1-hour window to catch fraudulent transfers. If nobody is watching during that hour, a fake claim gets approved and paid out from the liquidity pool.
Should beginners deposit into Across Protocol?
Across Protocol's C+ grade puts it in the elevated-risk band. This is not a beginner-friendly protocol. Anyone depositing here should treat the position as speculative and avoid concentrating significant savings in it.
How does Across Protocol compare to safer Bridge alternatives?
Across Protocol is one protocol in Hindenrank's Bridge coverage. The safest Bridge protocols on the leaderboard tend to share three traits: a long incident-free track record, conservative mechanism design, and high-quality public documentation. Compare Across Protocol against the full Bridge ranking before committing capital.
For the full 8-dimension score breakdown, the radar chart, and dependency graph, see the Across Protocol risk report.
Read the Full Across Protocol Risk Report
This protocol has 2 collapse scenarios. 1 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Get risk alerts before it's too late
Weekly grade changes, downgrade alerts, and new protocol risk findings. Free.