Thanks to L2Beat team for the valuable data; all figures and insights referenced in this blog post are sourced from their platform.

Ethereum’s growth over the past decade has been shaped by a simple promise: scale the network without compromising decentralization. The answer, according to its roadmap, is a rollup-centric future, where Layer 2 networks (L2s or “rollups”) execute transactions off-chain to achieve lower costs and higher throughput, while still deriving core security guarantees from Ethereum as the base layer (Layer 1).

Nearly every major rollup, Arbitrum, Optimism, Base, zkSync, and Scroll, brands itself as “secured by Ethereum.” The phrase is powerful and the centerpiece of their marketing narrative, but does it match reality? Once you look closely at how rollups actually work and how assets flow into them, the claim becomes blurry.

This article unpacks the gap between slogan and reality, beginning with bridges (where users’ money sits), moving to sequencers (who orders transactions), and ending with governance (who sets the rules).

The Rollup Bridge Reality

The claim that rollups are “secured by Ethereum” glosses over how users actually interact with these systems.

To use a rollup, whether for DeFi, payments, or apps, you first need your assets to exist on it. Ethereum has no built-in way to move assets directly in or out; you cannot simply teleport ETH into a rollup. That requires a bridge. Bridges are the entry and exit points between Ethereum and rollups, and they define the security users actually experience.

How Bridges Work

Deposits

When you deposit ETH into a rollup, you send it to a bridge contract on Ethereum. That contract locks your ETH and tells the rollup to create the same amount in your L2 wallet. For example, if you deposit 1 ETH, the bridge holds your 1 ETH safely on Ethereum, and your rollup account shows 1 ETH. Because Ethereum keeps the locked ETH, the deposit is trust-minimized.

Withdrawals

Withdrawals are where things get complicated. To exit, the process reverses:

1. You burn (or lock) tokens on the rollup.

2. You send a message to the Ethereum bridge contract: I burned tokens on L2, release my locked ETH.

3. Here’s the catch: Ethereum cannot see what happened inside the rollup. It is blind to L2 computation.

So Ethereum will only release your funds if the bridge provides proof that the withdrawal is legitimate. That proof could be:

• Fraud proofs (optimistic): Assume valid unless challenged within a dispute window.

• Validity proofs (zk): A cryptographic proof shows up front that all transactions followed the rules, so Ethereum can trust the result immediately.

• Multisigs or committees: Rely on trusted parties to attest.

The bridge defines how you access the rollup. Think of it like a window into a house. The house (the rollup) keeps standing even if the window (the bridge) breaks. But if the window shatters, you can’t safely get in or out anymore. In the same way, a broken bridge cuts users off, even though the rollup machine itself continues running.

This is why the bridge layer is the true lens of rollup security. Whether assets are really “secured by Ethereum” comes down not to the rollup itself, but to which bridge you use and what trust model it relies on.

Bridge Models and Their Assumptions

• Canonical bridges (the “official” per-rollup bridges). These are tied into Ethereum. When you lock assets here, Ethereum validators guarantee you can eventually withdraw back to L1, even if the L2 halts. Canonical bridges are the only bridges that directly inherit Ethereum’s security properties.

• External bridges (e.g., Wormhole, LayerZero, Axelar). These accelerate UX with fast, chain-to-chain transfers, but depend on their own validator committees or multisigs. They are not enforced by Ethereum consensus. If those off-chain operators are hacked or collude, users can lose funds even while Ethereum works perfectly.

• Native issuance (tokens minted directly on the rollup). Examples include USDC on Base or OP on Optimism. These assets never pass through a canonical bridge and cannot be redeemed on L1. Their guarantees come from the rollup’s governance and infrastructure, not from Ethereum.

Where Do Rollup Assets Actually Live?

As of August 29, 2025, Ethereum rollups collectively secure about $43.96 billion in assets. The breakdown is:

• Externally bridged: $16.95B (39%) - Largest category

• Canonically bridged: $14.81B (34%) - Ethereum-secured assets

• Natively minted: $12.20B (27%) - Rollup-native assets

Trends Over Time

Looking back to 2019–2022, canonical bridging was the overwhelming driver of rollup adoption. Almost all early growth came through official bridges that kept Ethereum at the center.

From late 2023 onward, however, the picture began to change:

• Canonical continued to grow in absolute terms, peaking during 2024, but its share started to shrink.

• Native issuance expanded steadily, especially in 2024–2025.

• External bridges accelerated the most sharply from late 2023 onward, and by early 2025, they overtook canonical bridges, the crossover point when Ethereum lost the majority share of rollup assets.

• Today, two-thirds of rollup assets (external + native) sit outside Ethereum’s direct security perimeter.

Rollup-Level Breakdown

The market is highly concentrated: the top six rollups account for 93.3% of total rollup TVL. Within these ecosystems, the split looks like this:

• Canonical bridges: 32.0%

• Native issuance: 28.8%

• External bridges: 39.2%

Pie-Chart Aggregate Patterns

• External-heavy: Arbitrum and Unichain, users chase fast exits/liquidity via third-party bridges.

• Canonical-leaning: Linea (and to a lesser extent OP Mainnet), more L1-sourced collateral routed through the official bridge.

• Native-leaning: zkSync Era and Base, lots of on-L2 issuance (e.g., native USDC on Base) and direct on-ramps.

Why it matters: Most value in the biggest rollups sits outside Ethereum’s direct guarantees. The security users actually get depends on the bridge model behind each slice.

Beyond Bridges: Other Risks

Bridges explain where assets reside, but even if every asset were canonical, users would still face other trust and safety gaps. Three areas matter most: how transactions are sequenced, who governs the stack, and how composability affects user experience.

1. Sequencers: The Central Point of Control

Sequencing is the process of deciding the order in which transactions are included. Almost the vast majority of the rollups use centralized sequencers. This setup is fast and profitable.

But a centralized sequencer can:

• Censor transactions by simply refusing to include them.

• Block withdrawals indefinitely, since it decides when exits are batched to Ethereum.

• Go offline entirely, halting activity until it returns. (e.g., Arbitrum’s 78-minute downtime)

Ethereum includes “force inclusion” mechanisms that let users submit transactions directly to L1 to bypass the sequencer. But these don’t guarantee fairness. The sequencer still controls block ordering, which is often enough to undermine users.

Here is an example of how a transaction can be included but still fail:

• Imagine you try to withdraw funds from Aave on an L2.

• You submit a force-inclusion withdrawal request on Ethereum, meaning the sequencer cannot ignore it.

• But the sequencer can slip in its own transaction just before yours—for instance, borrowing additional funds from the same pool.

• By the time your withdrawal runs, the pool no longer has enough liquidity, and your withdrawal fails.

• Your transaction was “included,” but its outcome was sabotaged.

Force inclusion also comes with practical nuisances: waiting periods that can stretch for many hours (sometimes 12+), limited throughput, and the risk of reordering even after submission. It acts more like a slow safety valve than a guarantee of fair execution.

Meanwhile, momentum is building for decentralization. Projects like Espresso and Astria are building shared sequencer networks to improve resilience and interoperability.

A key idea here is pre-confirmations: early promises from a sequencer or shared network that a transaction will be included, even before it is finalized on Ethereum. This helps reduce the latency penalties of decentralization, giving users faster assurance without sacrificing neutrality.

Still, centralized sequencers remain dominant because they are simple, profitable, and attractive to institutions—at least until competition or user demand forces change.

2. Governance & Incentive Risks (Corporate L2s)

Who runs the L2 does really matter. Many leading rollups are operated by companies or VC-backed teams (e.g. Base by Coinbase, Arbitrum by Offchain Labs, Optimism by OP Labs).

Their obligations are to shareholders/investors first, not to Ethereum’s social contract.

• Shareholder duty → monetization pressure: Fees start low to attract users, then rise once liquidity and apps are locked in (the classic “platform tax” arc). Expect higher sequencer fees, preferential integrations, or rules that advantage the operator’s broader business.

• Lock-in → leverage: After billions in TVL and users accumulate, switching costs make exit hard. Operators can change economics or policy with limited fear of mass migration.

• Culture mismatch: Ethereum relies on public dev calls, multi-client diversity, and open governance (EIPs). Corporate rollups are more top-down, often with admin keys/multisigs that can pause, upgrade, or freeze—prioritizing compliance or profitability over neutrality. Over time, a rollup can look less like Ethereum and more like a walled garden.

The result is a growing gap between Ethereum’s open ethos and the incentives shaping corporate rollups. And that gap doesn’t just affect governance, it spills over into how applications interact and how users experience the system.

3. Composability & UX

Ethereum’s “magic” is atomic composability: contracts can synchronously read/write in a single transaction (think: a Uniswap swap repaying Aave and triggering a Maker action atomically). L2s fracture this:

• Asynchrony: Cross-rollup messages are delayed, canonical exits can take days, third-party bridges add trust assumptions.

• Silos: Liquidity and state fragment across L2s, degrading the seamless DeFi UX that made Ethereum compelling.

What would fix it?

Ethereum-native rollups (designed and governed to L1 standards) could enable sync reads L2→L1, sync writes L1→L2, and atomic cross-rollup writes, recovering much of L1’s composability while scaling blockspace. Without this, UX keeps drifting toward convenience layers that aren’t Ethereum-secured.

The Future of Rollups

If “secured by Ethereum” is going to mean more than a slogan, the core guarantees need to live on L1, not in off-chain committees or one-company sequencers. Three designs point in that direction.

Native rollups move validity all the way onto Ethereum.

• Instead of asking users to trust a separate fraud-proof system, a zk prover they can’t audit, or a security council, the rollup provides a transaction trace that Ethereum itself can re-execute.

• In practice, this turns withdrawals and state correctness into L1 rights rather than promises: if the rollup says your balance is X, Ethereum can check that claim directly.

• That shrinks the attack surface at the bridge, reduces the need for pause keys, and keeps the rollup aligned with future Ethereum upgrades.

• The trade-off is higher cost on L1, but the payoff is simple: when there’s a dispute, L1 decides.

• There are no native rollups live today.

Based rollups anchor transaction ordering to Ethereum’s validator set.

• Today, a single sequencer can reorder or delay transactions, which is enough to sabotage “force inclusion” in practice.

• With based sequencing, the canonical order comes from L1 consensus, so censorship and last-second reordering get much harder.

• Force inclusion becomes a normal pathway, not a slow safety valve. Projects add “pre-confirmations” to keep UX snappy while still letting L1 be the final arbiter of order.

• You give up some L2 revenue and flexibility, but you remove the biggest single point of control in the current stack.

• Core teams working on based rollup design include Taiko, Spire, and Puffer.

Keystore rollups tackle a quieter but constant source of risk: keys and upgrades.

• Instead of each rollup (and app) handling account recovery, session keys, and rotations on its own, a minimal “keystore” rollup standardizes that logic once and syncs it everywhere.

• Users rotate or recover keys in one place; the change propagates across L2s. Operators need fewer emergency keys; admins need fewer “god-mode” switches.

• The result is fewer compromised wallets, fewer rushed upgrades after an incident, and a much cleaner separation between account security and application logic.

• Keystore rollup design is only theoretical and isn’t live yet.

Together, these approaches line up with the problems users actually face: exits that depend on trust, ordering controlled by one company, and fragile key/upgrade paths.

Moving validity, ordering, and account security under Ethereum’s umbrella is how rollups will earn the phrase “secured by Ethereum,” not just advertise it.

• Hazeflow is a blockchain research firm with experience in research, analytics, and the creation of technical, product, and educational materials.

• We work with blockchain teams (especially complex-tech ones) who struggle to clearly and meaningfully explain their complex product.