The year 2024 can rightly be seen as the inaugural year of BTCFi. While Bitcoin’s market cap surpassed the trillion-dollar mark back in 2021, the development of DeFi within the Bitcoin ecosystem lagged behind other blockchains. For much of its history, Bitcoin was primarily regarded as a store of value, often left dormant in cold wallets.
However, early 2024 marked a turning point. BRC20, ARC20, and Rune assets sparked significant interest, and Bitcoin Layer-2 solutions experienced explosive growth. By May, the rise of Bitcoin staking led to the emergence of a growing number of BTC-wrapped assets, unlocking Bitcoin's liquidity. This shift expanded opportunities for Bitcoin holders, enabling greater liquidity, enhanced utility, and access to higher yields—all of which quietly laid the foundation for BTCFi.
The use of BTC-wrapped assets in staking, lending, and cross-chain arbitrage presents the potential for substantial returns. However, these opportunities also bring risks. The question arises: what are the security risks associated with BTC-wrapped assets?
1 Depegging Risk
BTC-wrapped assets must maintain a 1:1 or greater BTC reserve ratio to ensure user confidence, making transparency in reserve assets crucial. Many projects now publish proof of reserves (PoR) on their official websites, which is a positive step. However, some only disclose total reserves without sharing the addresses list, while others may not update their PoR timely, making it harder for users to verify the data.
Projects like WBTC and FBTC enhance transparency by publishing their PoR through Chainlink, a relative more objective way that involves independent third-party verification of reserve data.
➡️ BlockSec Solution: Address Ownership Verification API
BlockSec provides an Address Ownership Verification API that enables projects to conduct PoR on third-party platforms. This solution has been adopted by various projects. For example, FBTC leverages the API as its data source to publish PoR on the Chainlink platform in a transparent, automated, and real-time manner.
🔗 https://data.chain.link/feeds/ethereum/mainnet/fbtc-por#operator-galaxy
➡️ BlockSec Solution: Reserve Ratio Monitoring
Thanks to the monitoring capabilities of BlockSec Phalcon, we are able to offer the PoR API. Phalcon facilitates real-time monitoring of asset movements and constructs an address relationship network for precise verification. It allows for accurate tracking of both the quantities of underlying assets and BTC-wrapped assets across various networks.
Furthermore, Phalcon not only verifies the quantities of assets but also sends immediate alerts and triggers automated responses when the amount of locked BTC falls below the combined total of wrapped assets across different blockchains. This proactive approach effectively mitigates the risk of de-pegging.
2 Cross-chain Risks
In the mapping and creation process of cross-chain assets, vulnerabilities are often exploited. For example, after a user initiates a deposit transaction on the Bitcoin network, the amount of locked BTC does not change, yet BTC-wrapped assets are successfully minted on the target chain. How can cross-chain transactions be monitored in real-time to preemptively address such risks?
➡️ BlockSec Solution: Cross-Chain Monitoring
BlockSec Phalcon supports real-time monitoring and automatic reconciliation of all cross-chain transactions. Beyond the fake deposit issue mentioned above, it also manages scenarios including arbitrary minting, double-spending, inconsistencies in deposit amounts, and delays in cross-chain minting/withdrawal, etc. Upon detecting any anomalies, alerts are promptly sent through selected channels to the relevant personnel, and simultaneous automated response measures are triggered to prevent potential losses.
In traditional cross-chain monitoring solutions, losses may have already occurred by the time a depegging event is detected. However, Phalcon offers more granular monitoring configurations, backed by a team with the expertise to address all risk points and execute the necessary customized developments. This capability enables real-time monitoring of cross-chain processes, ensuring immediate detection of Burn/Lock transactions on the source chain or Mint transactions on the target chain.
In our collaborations with FBTC, the Phalcon team has consistently showcased our ability to swiftly identify risks, offer monitoring recommendations, and develop cross-chain monitoring solutions that precisely meet their requirements.
3 Contract Risks
The security of contracts on other chains that utilize BTC-wrapped assets for cross-chain and wrapping operations is crucial. Although these contracts typically undergo code audits, they may still harbor zero-day vulnerabilities, along with risks introduced during dynamic processes such as bug fixes, contract upgrades, and configuration modifications.
➡️ BlockSec Solution: Contract Monitoring
BlockSec Phalcon conducts real-time monitoring of transactions as early as the Mempool stage. By analyzing over 200 clearly defined attack characteristics, it detects attack transactions and promptly generates countermeasures. It implements a front-running strategy to ensure that the system-generated response transactions are prioritized on the blockchain over the attack transactions, effectively blocking attacks and achieving zero losses.
Beyond attack risks, Phalcon also covers operational risks, interaction risks, and financial risks, providing comprehensive security protection for protocols.
4 Contact Us
BlockSec Phalcon is an invitation-only SaaS platform, accessible only to invited users. Interested users can schedule a demo to learn more about the product's features, and have the opportunity to discuss customized security solutions with our security experts.
-
Book Demo: https://calendly.com/blocksec/phalcon-demo
-
Learn More: https://blocksec.com/phalcon
