Cross-chain bridges, owing to inherent design flaws and high asset value, have become prime targets for attackers; however, existing detection methods are limited to single-chain behavior analysis and fail to model cross-chain semantics effectively. To address this, we propose a heterogeneous graph-based cross-chain attack detection framework: (1) we construct a unified heterogeneous graph that explicitly models multi-hop interactions among source chains, off-chain relays, and destination chains; (2) we design a dual-level attention mechanism—operating both within and across meta-paths—to precisely capture fine-grained dependencies and discriminative cross-chain behavioral patterns. Evaluated on 51 real-world cross-chain attacks, our approach achieves an average F1-score of 92.58%, outperforming the state-of-the-art by 24.39%. To the best of our knowledge, this is the first method enabling interpretable, high-accuracy attack identification grounded in explicit cross-chain semantic modeling.

Cross-chain bridges play a vital role in enabling blockchain interoperability. However, due to the inherent design flaws and the enormous value they hold, they have become prime targets for hacker attacks. Existing detection methods show progress yet remain limited, as they mainly address single-chain behaviors and fail to capture cross-chain semantics. To address this gap, we leverage heterogeneous graph attention networks, which are well-suited for modeling multi-typed entities and relations, to capture the complex execution semantics of cross-chain behaviors. We propose BridgeShield, a detection framework that jointly models the source chain, off-chain coordination, and destination chain within a unified heterogeneous graph representation. BridgeShield incorporates intra-meta-path attention to learn fine-grained dependencies within cross-chain paths and inter-meta-path attention to highlight discriminative cross-chain patterns, thereby enabling precise identification of attack behaviors. Extensive experiments on 51 real-world cross-chain attack events demonstrate that BridgeShield achieves an average F1-score of 92.58%, representing a 24.39% improvement over state-of-the-art baselines. These results validate the effectiveness of BridgeShield as a practical solution for securing cross-chain bridges and enhancing the resilience of multi-chain ecosystems.