Cross-chain bridge vulnerabilities have caused over $3.2 billion in losses since May 2021, yet existing research lacks quantitative analysis, real-time defense mechanisms, and systematic investigation of high-risk operational practices. This paper introduces the first real-time attack monitoring system for cross-chain bridges, built upon a pluggable Datalog-driven behavioral model that dynamically parses and models cross-chain transaction flows. Our contributions are threefold: (1) We achieve millisecond-scale attack detection—the first such capability for cross-chain bridges—and successfully reproduce the Ronin ($611M) and Nomad ($190M) exploits; (2) We identify 37 illicit cross-chain transactions (cctxs), $7.8M in locked funds, and $200K in operational losses attributable to non-malicious anomalies; (3) We release the first open-source cross-chain transaction dataset, comprising 81,000 transactions totaling $420M.

Cross-chain bridges are widely used blockchain interoperability mechanisms. However, several of these bridges have vulnerabilities that have caused 3.2 billion dollars in losses since May 2021. Some studies have revealed the existence of these vulnerabilities, but little quantitative research is available, and there are no safeguard mechanisms to protect bridges from such attacks. We propose XChainWatcher(Cross-Chain Watcher), the first mechanism for monitoring bridges and detecting attacks against them in real time. XChainWatcher relies on a cross-chain model powered by a Datalog engine, designed to be pluggable into any cross-chain bridge. Analyzing data from the Ronin and Nomad bridges, we successfully identified the attacks that led to losses of $611M and $190M (USD), respectively. XChainWatcher uncovers not only successful attacks but also reveals unintended behavior, such as 37 cross-chain transactions (cctx) that these bridges should not have accepted, failed attempts to exploit Nomad, over $7.8M locked on one chain but never released on Ethereum, and $200K lost due to inadequate interaction with bridges. We provide the first open-source dataset of 81,000 cctxs across three blockchains, capturing more than $4.2B in token transfers.