Summary: A real cross-chain bridge costs $120K to $400K to build properly. The cheap ones don’t exist – what looks cheap is missing the audit, the relayer infra, or the liability. Here’s the line-by-line math from inside a Web3 agency.
Every founder who walks in asking for a bridge has been quoted somewhere between $30K and “we’ll need to scope it.” Both numbers are wrong.
The $30K quote is missing half the build. The “we’ll need to scope it” is just code for “we have no idea what bridges actually cost and we’re hoping you’ll get bored and pay us hourly.”
Real talk. I’ve watched bridges get hacked for $600M. I’ve watched founders spend $80K and end up with a smart contract that “works” on a testnet and falls apart the second real money touches it. And I’ve watched agencies pad bridge quotes with fake “infrastructure setup” line items that are just a guy renaming a Hardhat config.
So let’s break down what a cross-chain bridge actually costs. Where the money goes. What’s worth paying for. And what’s just bridge theater.
What a bridge actually is…
Before the math, the basics. Skip this if you already know.
A cross-chain bridge moves value or messages between two blockchains that can’t talk to each other natively. Ethereum doesn’t know Solana exists. Solana doesn’t know Polygon exists. A bridge sits in the middle and does the translation.
There are three main flavors. Lock-and-mint (you lock tokens on chain A, the bridge mints a wrapped version on chain B). Burn-and-mint (you burn on A, mint on B). And liquidity network (you swap into a pool on A, get the equivalent out of a pool on B).
Each flavor has a different cost profile. Each has a different attack surface. And each comes with a different team of people who have to be very, very good at their jobs – because if they’re not, the bridge is the part of your stack that gets hacked.
Bridges have lost more money to hacks than any other Web3 category. Ronin, Wormhole, Nomad, Poly Network, Harmony – all bridge hacks, all in the hundreds of millions. That’s not a vibe. That’s a structural reality of bridge architecture. So when I tell you that audits and security reviews are 40% of a bridge budget, that’s why.
The 5 cost layers nobody breaks down for you…
A real bridge build has five cost layers. If your quote doesn’t have all five, your quote is wrong.
Layer 1: Smart contracts on both chains. $25K to $90K.
You need contracts on every chain the bridge touches. Lock vaults, mint contracts, message verifiers, fee logic, pause/upgrade controls. Not one set. Two sets. Sometimes three. Sometimes more.
The cost scales with how different the chains are. Two EVM chains? Easier. EVM to Solana? Harder. EVM to a Cosmos chain? Even harder, because you’re now writing CosmWasm or Rust and your team has to understand IBC. Each new chain isn’t a doubling – it’s almost a fresh project.
Layer 2: The relayer/validator network. $20K to $80K.
This is the part nobody quotes for. The bridge needs something to actually carry the message between chains. That’s the relayer. Sometimes it’s a multi-sig. Sometimes it’s a validator set with staking. Sometimes it’s a single off-chain service running on a server (please don’t do this).
You’re paying for infrastructure code, key management, monitoring, alerting, signature aggregation, and the deployment of however many validator nodes you need. If you skip this layer or do it cheap, congratulations – you’ve built the next bridge hack.
Layer 3: Audits and formal verification. $40K to $150K.
Bridges get audited harder than anything else in Web3. You want at minimum two independent audit firms. Ideally three. Plus a public bounty program before mainnet.
Audit cost depends on contract complexity, lines of code, and how many chains you touch. A simple lock-and-mint bridge between two EVM chains might audit at $40K. A multi-chain bridge with custom relayer logic and exotic chains? $150K, sometimes more. I broke down audit firm tiers in the smart contract audit cost post – same logic applies, just at the higher end of every range.
If your quote skips audits or has a $5K “audit budget” line item, walk away. That’s not a budget. That’s a placeholder for your future incident response.
Layer 4: Frontend, SDK, and integration tooling. $15K to $50K.
The bridge itself is a backend product. But people need to use it. You need a clean UI for users to deposit and withdraw. You need an SDK or API for other dApps to integrate the bridge. You need wallet connections, network switching, gas estimation, and error states that don’t make people panic when a tx is pending for 4 minutes (which is normal in bridges, by the way).
Frontend is also where most teams under-budget. They build the contracts beautifully, then ship a UI that makes the bridge feel like a tax form from 1998.
Layer 5: Deployment, monitoring, and incident response setup. $20K to $40K.
You need to deploy across all the chains. You need to fund the relayer network. You need monitoring on every contract, every validator node, and every transaction flow. You need on-call alerts for unusual volume, paused contracts, or suspicious withdrawals. You need a runbook for when something breaks.
Most teams treat this as “we’ll figure it out after launch.” Don’t. The bridges that survive are the ones with monitoring on day one. We covered the same logic for general ops in the web3 post-launch checklist.
Add it all up and you get $120K on the floor and $400K+ at the top of the range. Anything below that is missing something critical.
Pricing by bridge type…
Different bridge architectures have different cost profiles. Here’s the rough math.
Simple two-chain lock-and-mint bridge (e.g. ETH <> Polygon for one token). $80K to $160K. Two sets of contracts, simple multi-sig relayer, one audit, basic UI. Doable. Still risky if you skip the audit.
Multi-token bridge across 3-4 EVM chains. $150K to $280K. More contracts, more deployments, stronger relayer (validator set), two audits, fuller UI with chain switching.
EVM to non-EVM bridge (e.g. Ethereum <> Solana). $200K to $350K. Two completely different smart contract stacks. Two different audit specialists. Custom relayer logic. SDK that handles two wallet ecosystems. This is where most “we’ll save money” plans die.
General message-passing bridge (carries arbitrary data, not just tokens). $250K to $400K+. The most complex category. Used by dApps that need cross-chain function calls. Massive attack surface. Needs the heaviest audits. This is the kind of build where you don’t want to be the agency’s first attempt.
If you’re being quoted $40K for any of these, the agency is either lying, cutting layers, or planning to bill you twice.
The audit ratio that should scare you…
Here’s the math nobody shows founders. On a properly built bridge, audits are 30% to 40% of the total project budget.
Read that again.
If your $200K bridge quote has $10K for “security review,” that’s a 5% audit budget. That’s not a security review. That’s a vibes check. The reason real bridges are expensive is that their security stack is expensive, and the reason their security stack is expensive is that one missed bug equals “we just lost $100M of user funds and now we’re a Wikipedia page.”
A bridge that doesn’t take the audit budget seriously isn’t a bridge. It’s a rug pull waiting for a transaction.
Quote padding I see all the time…
Every week I read bridge quotes from competitor agencies that founders forward me. Same patterns over and over. Here’s what padding looks like:
“Custom blockchain integration framework” – $25K. Translation: we’ll use ethers.js and wagmi like everyone else.
“Proprietary cross-chain messaging protocol” – $40K. Translation: we’ll use LayerZero or Wormhole and rebrand it.
“Bridge optimization phase” – $15K. Translation: we’ll fix the bugs we shipped.
“Multi-chain consultancy” – $20K/month. Translation: we’ll get on a call once a week.
Real bridge cost is in the contracts, the relayer network, the audits, and the integration work. Anything else dressed up as a deliverable is filler.
When you read a quote, ask one question: “What’s the deliverable?” If the agency can’t show you a github repo, a contract address, a UI screen, or an audit report – it’s filler.
When you don’t need a custom bridge…
I’ll be fair. Most projects don’t actually need a custom bridge. There are existing bridge protocols you can integrate for a fraction of the cost.
LayerZero, Wormhole, Axelar, Hyperlane, Across, deBridge – these all let you tap into existing bridge infrastructure. Integration costs run $15K to $50K depending on complexity. You don’t own the bridge. But you also don’t carry the liability when one gets hacked.
You only need a custom bridge if:
– You need exotic chain support no protocol offers
– You need specific economic guarantees existing bridges don’t provide
– You’re a chain or rollup and the bridge IS your product
– You need custom message-passing logic a generic bridge can’t handle
Otherwise, integrate. Save the money. Spend it on the parts of your product that actually differentiate you. Same logic I covered in the outsourcing blockchain development post – don’t build what you can buy unless owning it is the moat.
Red flags in bridge quotes…
Quick checklist. If any of these show up in a bridge quote, push back hard.
- Total below $80K. Impossible for a real bridge. Something is missing.
- Audit line item under 20% of total. Someone’s about to get hacked.
- “Single signer” or “single relayer” architecture. That’s not a bridge. That’s a custodial service pretending to be one.
- No mention of monitoring or incident response. They’re shipping it and walking away.
- “We’ll use our internal framework.” Code smell. Means closed-source dependency you can’t audit.
- Frontend and SDK as a “phase 2.” You’ll never use the bridge without them.
- Timeline under 3 months. Bridge builds take 4 to 8 months realistically. Anything faster is corner-cutting.
- No formal verification mentioned for high-value bridges. For anything moving real TVL, you want this.
If three or more of these show up, you’re not buying a bridge. You’re buying a future incident.
Why we built BeAWhale around this kind of math…
When BeAWhale takes on a bridge project, the first thing we do is tell the founder how much it really costs. Not the cheap version. The version that doesn’t get hacked.
That math has lost us deals before. Founders go to a cheaper agency, get a $50K bridge quote, and disappear. Some come back six months later asking us to fix what got built. Some don’t come back because they don’t have a project anymore.
I built our pricing around founder protection, not founder seduction. We have a 2-week free trial, 2 months of free support after launch, and a 5-year warranty on every line of code we ship. If you don’t love what we deliver, you keep the money. If you love it and it breaks, we’re still on the hook for years.
That’s not a marketing line. That’s an actual offer. The reason we can make it is that we don’t ship bridges (or anything else) that we know will break. Read the agency vetting guide and the free guide on toxic agency practices if you want the full picture of what to avoid.
If you’re sitting on a bridge quote right now and it doesn’t add up, send it over. I’ll tell you what’s missing for free. Get in touch here.
The bottom line…
Real bridges cost $120K to $400K. The cheap ones don’t exist – they’re just incomplete builds with most of the security stripped out.
If you’re shopping bridge quotes, the question isn’t “who’s the cheapest.” The question is “who has the audit budget, the relayer infrastructure, and the warranty to back the build.”
Because here’s the part nobody tells you: a bridge isn’t a feature. It’s a target. The second it goes live, every adversarial actor in Web3 starts probing it. The only thing standing between your users and a nine-figure exit scam is the team that built it.
Pay for the team that’s done it before. Pay for the audits. Pay for the monitoring. Or don’t build a bridge at all.
