W3-BRIDGE-EXPLOITImpact

Cross-Chain Bridge Exploit

Bridge's validator-set check is flawed (Ronin / Nomad / Wormhole class). Mint wrapped tokens on the destination chain without locking on the source.

§ Where this technique fits

W3-BRIDGE-EXPLOIT is catalogued under the Impact tactic of the offensive-security kill-chain. It appears in 2 approved dossiers in the registry, typically at step 4 on average.

§ Dossiers chaining this technique

Cross-chain bridge validator-set bypass → mint wrapped tokens
Bridge's signature-set check is off-by-one (Nomad-class) or accepts a zero address (Ronin-class). Mint wrapped tokens on the destination chain without locking on the source.
step 2 / 6
Wallet drainer dApp → setApprovalForAll → instant theft
Victim connects their wallet to a phishing dApp (fake mint / fake airdrop). One click on 'Confirm' calls setApprovalForAll on every valuable NFT collection — drained moments later.
step 6 / 6

§ What commonly comes next

01
Valid Accounts
T1078 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Cross-chain bridge validator-set bypass → mint wrapped tokens

Wallet drainer dApp → setApprovalForAll → instant theft

§ What commonly comes next