Two-thirds of L2 assets have departed from Ethereum's security.
Author: Ishita
Translated by: Deep Tide TechFlow
The development of Ethereum over the past decade has revolved around a simple promise: to scale the network without sacrificing decentralization. According to its roadmap, the answer is a future centered around Rollups. In this architecture, Layer 2 networks (L2 or "Rollups") execute transactions off-chain, achieving lower costs and higher throughput while still deriving core security from Ethereum as the base layer (Layer 1).
Almost all major Rollup projects, including Arbitrum, Optimism, Base, zkSync, and Scroll, brand themselves with the core message of "secured by Ethereum." This slogan is powerful and central to their marketing narrative, but does it truly reflect reality? A deeper examination of how these Rollups operate and how assets flow within them reveals that this claim is somewhat ambiguous.
This article will analyze the gap between the slogan and reality, starting from the bridge (where user funds reside), to the sequencer (the role responsible for transaction ordering), and then to governance (the rule-makers), discussing each in turn.
The Reality of Rollup Bridges
Rollups claim to be "secured by Ethereum," but this assertion obscures how users actually interact with these systems.
To use a Rollup, whether for DeFi, payments, or applications, you first need to transfer assets to the Rollup. However, Ethereum does not have a built-in feature for direct deposits or withdrawals—you cannot simply "teleport" ETH to a Rollup. This necessitates a bridge. A bridge serves as the entry and exit point between Ethereum and the Rollup, determining the security that users actually experience.
How Bridges Work
Deposits
When you deposit ETH into a Rollup, you are essentially sending it to a bridge contract on Ethereum. This contract locks your ETH and instructs the Rollup to create an equivalent amount of ETH in your L2 wallet. For example, if you deposit 1 ETH, the bridge contract securely holds that 1 ETH on Ethereum, and your Rollup account will also show 1 ETH. Since the ETH is locked on Ethereum, this deposit achieves trust minimization.
Withdrawals
Withdrawals are much more complex. The exit process is the opposite of the deposit:
You burn (or lock) tokens on the Rollup.
You send a message to the bridge contract on Ethereum: I have burned tokens on L2, please release my locked ETH.
The issue is: Ethereum cannot see what happens inside the Rollup; it is blind to the computations on L2.
Therefore, Ethereum will only release your funds if the bridge provides proof that the withdrawal is legitimate. This proof may include:
Fraud Proofs (Optimistic schemes): The default assumption is that transactions are legitimate unless challenged within a dispute window.
Validity Proofs (Zero-knowledge schemes): Cryptographic proofs that demonstrate all transactions adhere to the rules in advance, allowing Ethereum to trust the results immediately.
Multisigs or Committees: Relying on trusted parties for verification.
The bridge is key to user access to the Rollup. It can be likened to a window into a house. Even if the window (Bridge) is broken, the house (Rollup) remains standing. But if the window shatters, you can no longer safely enter or exit. Similarly, a failure in the bridge will cut off user access, even if the core mechanisms of the Rollup continue to operate.
Thus, the bridge layer is the true perspective on Rollup security. Whether assets are truly "secured by Ethereum" depends on the bridge you use and its trust model, rather than the Rollup itself.
Bridge Models and Their Assumptions
Canonical Bridges: Official bridges are "the official bridge for each Rollup" directly tied to Ethereum. When users lock assets here, Ethereum validators ensure that even if L2 ceases to operate, users can ultimately withdraw back to Layer 1. This is the only bridge method that directly inherits Ethereum's security properties.
External Bridges: External bridges like Wormhole, LayerZero, and Axelar optimize user experience through fast chain-to-chain transfers but rely on their own validator committees or multisig mechanisms. These bridges are not enforced by Ethereum's consensus. If these off-chain operators are hacked or collude, users may still lose funds even if Ethereum itself is functioning well.
Native Issuance: Refers to tokens minted directly on the Rollup, such as USDC on Base or OP on Optimism. These assets have never passed through an official bridge and cannot be redeemed on Layer 1. Their security comes from the governance and infrastructure of the Rollup, not Ethereum.
Actual Distribution of Rollup Assets
As of August 29, 2025, Ethereum Rollups collectively protect approximately 43.96 billion dollars in assets, distributed as follows:
External Bridges: 16.95 billion dollars (39%) — the largest share
Canonical Bridges: 14.81 billion dollars (34%) — assets secured by Ethereum
Native Issuance: 12.20 billion dollars (27%) — Rollup native assets
Historical Trend Analysis
Looking back from 2019 to 2022, canonical bridges were the main driver of Rollup adoption. Almost all early growth was achieved through official bridges, maintaining Ethereum as the core.
However, starting from the end of 2023, the situation began to change:
Canonical bridges continued to grow, but their market share started to decline, peaking in 2024.
Native issuance gradually expanded, especially between 2024 and 2025.
External bridges began to grow sharply from late 2023, surpassing canonical bridges by early 2025, marking Ethereum's loss of the majority share of Rollup assets.
Today, two-thirds of Rollup assets (external + native) have departed from Ethereum's direct security.
Breakdown of the Rollup Ecosystem
Market concentration is extremely high: the top six Rollups account for 93.3% of the total locked value (TVL). The asset distribution across ecosystems is as follows:
Canonical Bridges: 32.0%
Native Issuance: 28.8%
External Bridges: 39.2%
Overall Pattern Analysis of the Pie Chart
External Bridges Dominate: In cases like Arbitrum and Unichain, users seek quick exits and liquidity, preferring third-party bridges.
Canonical Bridges Dominate: In cases like Linea (and the suboptimal OP Mainnet), more collateral from L1 sources flows through official bridges.
Native Issuance Dominates: In cases like zkSync Era and Base, assets are minted directly on L2 (such as native USDC on Base) and flow in through direct entry.
Key Point: The majority of assets in large Rollups are now beyond Ethereum's direct security. The actual security users receive depends on the trust mechanisms behind each bridge model, rather than the Rollup itself.
Beyond Bridges: What Other Risks Exist?
The bridge model determines asset ownership, but even if all assets are through canonical bridges, users still face other trust and security vulnerabilities. The following three areas are particularly important: transaction ordering mechanisms, governance structures, and the impact of composability on user experience.
1. Sequencers: Centralized Control Points
Sequencers are responsible for determining the order and packaging of transactions. Currently, the vast majority of Rollups use centralized sequencers, a design that is both efficient and profitable, but it also brings the following risks:
Transaction Censorship: Sequencers can refuse to include certain transactions, enabling censorship.
Blocking Withdrawals: Sequencers decide when to batch exit transactions and send them to Ethereum, thus they can indefinitely block withdrawals.
Complete Outage: A sequencer downtime can halt Rollup activity until it comes back online. (For example, Arbitrum once experienced a 78-minute downtime.)
Ethereum provides a "Force Inclusion" mechanism that allows users to submit transactions directly to Layer 1 to bypass the sequencer. However, this mechanism does not guarantee fairness, as the sequencer still controls the ordering of blocks, which is sufficient to disrupt user experience. For example:
Suppose you attempt to withdraw funds from Aave on L2.
You submit a forced inclusion withdrawal request through Ethereum, meaning the sequencer cannot ignore your transaction.
However, the sequencer can insert its own transactions before yours—for example, borrowing more funds from the same liquidity pool.
By the time your withdrawal transaction is executed, the liquidity pool may no longer have sufficient liquidity, resulting in a failed withdrawal.
Although your transaction was "included," the outcome is compromised.
Moreover, forced inclusion has practical issues: wait times can be as long as several hours (sometimes over 12 hours), throughput is limited, and even after submission, transactions may still be reordered. Therefore, this mechanism acts more like a slow safety valve rather than a guarantee of fair execution.
Decentralized sequencers are gradually gaining attention. For example, projects like Espresso and Astria are building shared sequencer networks to enhance resilience and interoperability.
One of the core ideas is "Pre-Confirmations": the sequencer or shared network can commit in advance that a transaction will be included, even before it is finally confirmed on Ethereum. This can reduce the latency issues brought about by decentralization, providing users with faster assurances while maintaining neutrality.
Nevertheless, centralized sequencers still dominate because they are simple, profitable, and more attractive to institutions—at least until competition or user demand forces a change.
2. Governance and Incentive Risks: Corporatized L2
Who operates the Rollup is crucial. Many leading Rollups are operated by teams supported by companies or venture capital, such as Coinbase's Base, Offchain Labs' Arbitrum, and OP Labs' Optimism.
The primary obligation of these teams is to their shareholders and investors, not to Ethereum's social contract.
Shareholder Responsibility → Profit Pressure: Initial fees are low to attract users, but as liquidity and applications lock in, fees begin to rise (a typical "platform tax" model). Higher sequencer fees, prioritized integrations, or rules favoring the overall business of the operators may emerge in the future.
Lock-in Effect → Leverage: With billions locked in and user accumulation, the cost of exit increases, allowing operators to change economics or policies with limited migration risk.
Cultural Misalignment: Ethereum relies on public development meetings, multi-client diversity, and open governance (like EIPs). Corporatized Rollups tend to favor top-down management, often possessing admin keys or multisig authority to pause, upgrade, or freeze systems—prioritizing compliance or profitability over neutrality. Over time, these Rollups may resemble "walled gardens" rather than Ethereum's open ecosystem.
The result is a growing gap between Ethereum's open spirit and the incentive mechanisms shaping corporate Rollups. This gap affects not only governance but also the way applications interact and the user experience of the system.
3. Composability and User Experience
The "magic" of Ethereum lies in atomic composability: smart contracts can read and write synchronously in a single transaction (for example: swapping assets through Uniswap while repaying Aave debt and triggering Maker operations). However, L2 breaks this composability:
Asynchronicity: There are delays in cross-Rollup messaging, with official withdrawals potentially taking days, and third-party bridges adding trust assumptions.
Isolation: Liquidity and state are dispersed across different L2s, weakening Ethereum's seamless DeFi user experience.
What is the solution?
Ethereum-native Rollups (designed and governed according to Layer-1 standards) can achieve synchronous reading from L2 to L1, synchronous writing from L1 to L2, and atomic cross-Rollup writing, thereby restoring much of Layer-1's composability while expanding block space. Without these features, the user experience (UX) will increasingly gravitate towards convenience layers that lack Ethereum's security.
The Future of Rollups
If "Ethereum security" is to transcend a mere slogan, its core security must rely on Layer 1, rather than depending on off-chain committees or a single company's sequencer. The following three design concepts illustrate the potential of this trend:
Native Rollup: Moving Validation Completely to Ethereum
Unlike requiring users to trust independent fraud proof systems, unverifiable zero-knowledge proofs (zk provers), or security committees, Rollups provide a transaction trace that Ethereum can re-execute independently.
In fact, this makes withdrawal and state correctness a right of Layer 1, rather than a promise: if a Rollup claims your balance is X, Ethereum can directly verify that claim.
This design reduces the attack surface of bridges, minimizes the need for pause keys, and aligns Rollups with Ethereum's future upgrades.
The trade-off of this design is higher costs on Layer 1, but the payoff is straightforward: when disputes arise, Layer 1 decides.
Currently, no native Rollups are live.
Sequencer Rollup Based on Ethereum Validators
Today, a single sequencer can reorder or delay transactions, which is sufficient to undermine the "forced inclusion" mechanism in practice.
Through a sequencer-based design, the normative order of transactions is determined by Layer 1 consensus, making censorship and last-minute reordering more difficult.
Forced inclusion becomes a normal path rather than a slow safety valve. Projects can incorporate "pre-confirmations" to maintain a smooth user experience while allowing Layer 1 to be the final arbiter of ordering.
This design requires sacrificing some Layer 2 revenue and flexibility but eliminates the biggest single point of control issues in the current architecture.
Core teams researching sequencer-based Rollup designs include Taiko, Spire, and Puffer.
Key Storage Rollup: Addressing Key and Upgrade Risks
Unlike each Rollup and application independently handling account recovery, session keys, and key rotation, a minimized "key storage" Rollup standardizes these logics and synchronizes them everywhere.
Users can rotate or recover keys in one place, and changes propagate to all Layer 2s. Operators need fewer emergency keys, and administrators require fewer "super permissions" (god-mode) switches.
The end result is fewer compromised wallets, fewer emergency upgrades after incidents, and a clearer separation between account security and application logic.
The design of key storage Rollups is currently only theoretical and has not yet gone live.
In summary, these design concepts collectively address the real issues users face: trust-dependent withdrawal mechanisms, transaction ordering controlled by a single company, and fragile key and upgrade paths.
Incorporating validation, ordering, and account security into Ethereum's framework is the way for Rollups to achieve "security provided by Ethereum," rather than merely a marketing slogan.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
