Custodial vs non-custodial
Custodial bridge: You send your tokens to an address controlled by the bridge operator. They hold your tokens until the swap completes. If they exit-scam, get hacked, or freeze your account — your tokens are gone.
Non-custodial bridge: Your tokens go to an audited smart contract that escrows them ONLY for the duration of the swap (typically under a minute). No human controls those funds during the swap.
Why this matters
Bridges are the biggest single attack surface in crypto by dollar amount stolen historically. Major bridge hacks (Wormhole, Ronin, Nomad, Multichain) totaled billions in losses. In most cases, the losses came from custodial control points.
How TronBridge handles your tokens
- You sign a transaction sending tokens to the Symbiosis bridge contract
- The contract escrows them on the source chain
- The contract emits an event picked up by the relayer set
- The Tron-side contract mints/releases the destination token to your specified Tron address
- Total escrow time: typically under 60 seconds
If the bridge contracts are compromised, your funds during transit are at risk. If the relayer set colludes, ditto. These are the residual risks of any cross-chain system, and TronBridge mitigates them via:
- 13 audits across Symbiosis contracts (Hacken, PeckShield, Decurity, SlowMist, others)
- Two-layer staking (MPC/TSS + Symbiotic restaking)
- 4+ years operation with zero exploits