DeFi Bridge Verification

Hide the sender's keys and node-internal state

Prove the message originates from a legitimate source

Verify cross-chain message origin before the receiving side commits state — a second cryptographic layer that runs alongside the DVN.

Liquid staking / restaking protocols · Cross-chain bridges · Lending protocols · DEXs 5 min read

live in production since 2025 · Public-infrastructure PoC in production · ETHGlobal AI Agents 2026 Finalist

01 · THE PROBLEM

Three voices from the front line.

DeFi protocol developer

“We need to independently verify that a bridged tx wasn't tampered with”
Protocol operations

“We want to prove to external users that funds crossing the bridge are legitimate”
Security

“We need a cryptographic trail to detect bridge attacks”

02 · THE SHIFT

Hand over the source, or just the facts?

Change what reaches the AI, and the leakage risk goes with it.

Without Lemma

Hand over the original

tx_hash:: 0x1234…
from_chain:: ETH
to_chain:: ARB
amount:: 100 ETH
sender:: 0xabc…

↓ all of it goes to the AI / outside

With Lemma

Hand over just the facts

subject:: did:lemma:bridge-msg-eth-arb
issuer:: did:lemma:bridge-validators
sourceHash:: 0x7e2a…
lineageChain:: [source-finalized, relayed, verified]
integrity:: merkle-proof
ZK verified:: ✓ VALID

↓ only the necessary facts to the AI

Before the receiving side finalizes state, a layer independently verifies whether the message's origin is legitimate. Rather than replacing the existing verification network, it runs alongside as a second, independent check — defense in depth. If the origin can't be verified, finalization doesn't happen; it stops at the boundary. Even if logs are wiped after an attack, the fixed attestation record remains and the forensic evidence is not lost.

See the technical details ↗

03 · HOW TO CHOOSE

Choose on three criteria.

Only work that needs all three at once — pass without exposing, independent verification, tamper-proof — is Lemma's domain.

Method	Pass without exposing	Independent verification	Tamper-proof
Access control only	△	✗	✗
Masking / anonymization	△	✗	✗
Encryption only	✓	✗	✗
Lemma (ZK proof)the only one with all 3	✓	✓	✓

04 · HOW IT WORKS

What's next

We enter through threat-model framing and a PoC, and stay alongside you through to operations.

A 30-minute review — identify paths that execute an incoming message "as designed" but have no independent origin check.
Narrow to 1–2 decisions (results) to prove — e.g. "this message was emitted under verifiable conditions," "commit allowed" — the facts you want confirmed before the write. Not the implementation details.
Design the integration and parallel operation — where the verification gate fits across your existing verification path and receiving adapter, its connection method, and how attestations are anchored.
Prove one path via a (quote-based) PoC — confirm that on one receiving path, a commit cannot proceed unless the origin proof verifies.
Hands-on support from rollout through operations — existing plan tiers (Civic / Critical / Compliance) serve only as a cost reference; the setup and pricing are designed together.

Tell us one path where "the signatures all check out, but the origin is never confirmed" applies, in the first 30 minutes. No disclosure of sensitive implementation information required.

05 · RELATED

Related Use Cases

Still have questions? See the FAQ →

The bigger picture

The bigger picture this use case belongs to.

We map use scenarios across industries and workflows by the four axes.

See use scenarios for Verifiable Origin in Solutions →

TRY LEMMA

Run it yourself.

No sales call needed — start hands-on with Lemma's products.

Try Seal → Trust402 reference implementation →