ConneX: Automatically Resolving Transaction Opacity of Cross-Chain Bridges for Security Analysis

TL;DR

ConneX tackles cross-chain transaction opacity by automatically identifying matching source and destination transactions across bridges using a semantic quintuple framework and a two-stage pruning pipeline that combines LLM-based semantic inference with a rigorous examiner validation. It achieves high accuracy (average F1 around $0.9746$) and massive search-space reduction (from beyond $10^{10}$ to under $100$ candidates), with per-transaction processing near $0.4$ seconds, validated on real-world bridge data. The approach enables practical security analyses, including tracing money flows in high-profile hacks (e.g., Bybit, Upbit), and proves robust across LLM backends and hyperparameter settings. This work provides a generalized, automated foundation for cross-chain security research and fund tracing in a multi-chain Web3 ecosystem.

Abstract

As the Web3 ecosystem evolves toward a multi-chain architecture, cross-chain bridges have become critical infrastructure for enabling interoperability between diverse blockchain networks. However, while connecting isolated blockchains, the lack of cross-chain transaction pairing records introduces significant challenges for security analysis like cross-chain fund tracing, advanced vulnerability detection, and transaction graph-based analysis. To address this gap, we introduce ConneX, an automated and general-purpose system designed to accurately identify corresponding transaction pairs across both ends of cross-chain bridges. Our system leverages Large Language Models (LLMs) to efficiently prune the semantic search space by identifying semantically plausible key information candidates within complex transaction records. Further, it deploys a novel examiner module that refines these candidates by validating them against transaction values, effectively addressing semantic ambiguities and identifying the correct semantics. Extensive evaluations on a dataset of about 500,000 transactions from five major bridge platforms demonstrate that ConneX achieves an average F1 score of 0.9746, surpassing baselines by at least 20.05\%, with good efficiency that reduces the semantic search space by several orders of magnitude (1e10 to less than 100). Moreover, its successful application in tracing illicit funds (including a cross-chain transfer worth $1 million) in real-world hacking incidents underscores its practical utility for enhancing cross-chain security and transparency.

Figures (6)

• Figure 1: The cross-chain transaction opacity problem and our solution, ConneX. Top: Cross-chain bridges introduce transaction opacity by breaking the direct relationship between source and destination transactions, a vulnerability that attackers exploit to launder funds. Bottom: Re-establishing this pairing relationship is challenging due to the massive data volume and the difficulty of distinguishing authentic semantic keys from numerous possibilities and those misleading ones within transaction data. By overcoming these challenges, ConneX reconstructs the pairings, enabling crucial security analyses, such as tracing illicit funds (blue arrow) across different blockchains.
• Figure 2: The Cross-Chain Transaction Model.
• Figure 3: Technical Challenges
• Figure 4: The Workflow of ConneX.
• Figure 5: Illustration of Baselines.