Research

Paper

Back to Papers Download PDF
TESTING February 19, 2026

Exploiting Liquidity Exhaustion Attacks in Intent-Based Cross-Chain Bridges

Authors

André Augusto, Christof Ferreira Torres, André Vasconcelos, Miguel Correia

Abstract

Intent-based cross-chain bridges have emerged as an alternative to traditional interoperability protocols by allowing off-chain entities (\emph{solvers}) to immediately fulfill users' orders by fronting their own liquidity. While improving user experience, this approach introduces new systemic risks, such as solver liquidity concentration and delayed settlement. In this paper, we propose a new class of attacks called \emph{liquidity exhaustion attacks} and a replay-based parameterized attack simulation framework. We analyze 3.5 million cross-chain intents that moved \$9.24B worth of tokens between June and November 2025 across three major protocols (Mayan Swift, Across, and deBridge), spanning nine blockchains. For rational attackers, our results show that protocols with higher solver profitability, such as deBridge, are vulnerable under current parameters: 210 historical attack instances yield a mean net profit of \$286.14, with 80.5\% of attacks profitable. In contrast, Across remains robust in all tested configurations due to low solver margins and very high liquidity, while Mayan Swift is generally secure but becomes vulnerable under stress-test conditions. Under byzantine attacks, we show that it is possible to suppress availability across all protocols, causing dozens of failed intents and solver profit losses of up to \$978 roughly every 16 minutes. Finally, we propose an optimized attack strategy that exploits patterns in the data to reduce attack costs by up to 90.5\% compared to the baseline, lowering the barrier to liquidity exhaustion attacks.

Metadata

arXiv ID: 2602.17805
Provider: ARXIV
Primary Category: cs.CR
Published: 2026-02-19
Fetched: 2026-02-23 05:33

Related papers

Fractal universe and quantum gravity made simple

Fabio Briscese, Gianluca Calcagni • 2026-03-25

POLY-SIM: Polyglot Speaker Identification with Missing Modality Grand Challenge 2026 Evaluation Plan

Marta Moscati, Muhammad Saad Saeed, Marina Zanoni, Mubashir Noman, Rohan Kuma... • 2026-03-25

LensWalk: Agentic Video Understanding by Planning How You See in Videos

Keliang Li, Yansong Li, Hongze Shen, Mengdi Liu, Hong Chang, Shiguang Shan • 2026-03-25

Orientation Reconstruction of Proteins using Coulomb Explosions

Tomas André, Alfredo Bellisario, Nicusor Timneanu, Carl Caleman • 2026-03-25

The role of spatial context and multitask learning in the detection of organic and conventional farming systems based on Sentinel-2 time series

Jan Hemmerling, Marcel Schwieder, Philippe Rufin, Leon-Friedrich Thomas, Mire... • 2026-03-25
Raw Data (Debug) 
{
  "raw_xml": "<entry>\n    <id>http://arxiv.org/abs/2602.17805v1</id>\n    <title>Exploiting Liquidity Exhaustion Attacks in Intent-Based Cross-Chain Bridges</title>\n    <updated>2026-02-19T20:13:36Z</updated>\n    <link href='https://arxiv.org/abs/2602.17805v1' rel='alternate' type='text/html'/>\n    <link href='https://arxiv.org/pdf/2602.17805v1' rel='related' title='pdf' type='application/pdf'/>\n    <summary>Intent-based cross-chain bridges have emerged as an alternative to traditional interoperability protocols by allowing off-chain entities (\\emph{solvers}) to immediately fulfill users' orders by fronting their own liquidity. While improving user experience, this approach introduces new systemic risks, such as solver liquidity concentration and delayed settlement. In this paper, we propose a new class of attacks called \\emph{liquidity exhaustion attacks} and a replay-based parameterized attack simulation framework. We analyze 3.5 million cross-chain intents that moved \\$9.24B worth of tokens between June and November 2025 across three major protocols (Mayan Swift, Across, and deBridge), spanning nine blockchains.\n  For rational attackers, our results show that protocols with higher solver profitability, such as deBridge, are vulnerable under current parameters: 210 historical attack instances yield a mean net profit of \\$286.14, with 80.5\\% of attacks profitable. In contrast, Across remains robust in all tested configurations due to low solver margins and very high liquidity, while Mayan Swift is generally secure but becomes vulnerable under stress-test conditions. Under byzantine attacks, we show that it is possible to suppress availability across all protocols, causing dozens of failed intents and solver profit losses of up to \\$978 roughly every 16 minutes. Finally, we propose an optimized attack strategy that exploits patterns in the data to reduce attack costs by up to 90.5\\% compared to the baseline, lowering the barrier to liquidity exhaustion attacks.</summary>\n    <category scheme='http://arxiv.org/schemas/atom' term='cs.CR'/>\n    <published>2026-02-19T20:13:36Z</published>\n    <arxiv:comment>13 pages, 11 figures</arxiv:comment>\n    <arxiv:primary_category term='cs.CR'/>\n    <author>\n      <name>André Augusto</name>\n    </author>\n    <author>\n      <name>Christof Ferreira Torres</name>\n    </author>\n    <author>\n      <name>André Vasconcelos</name>\n    </author>\n    <author>\n      <name>Miguel Correia</name>\n    </author>\n  </entry>"
}