tBTC – Decentralized Enough?

NOTE: Threshold Network is a financial supporter of my work on Blec Report and is an organization that is committed to transparency in DeFi. The DAO knew that funding my work would subject tBTC to an unbiased and honest review but chose to fund anyway. This report would have been much more difficult to put together if not for the full transparency and support of the tBTC team. This type of commitment to transparency is all too rare in the DeFi space.

☝️ If you have the time, listen to this chat I had with tBTC team member Matt Luongo. This conversation informed many of the conclusions I came to in this post.

Updated 22 Feb 2023 – review updates

tBTC is a new “tokenized Bitcoin” application on the Ethereum blockchain aiming to fill the gap left by the collapse of renBTC. It is developed and secured by Threshold Network, a system of nodes offering threshold security services backed by Threshold’s own token, T.

After the calamity caused by FTX’s collapse, WBTC became the last “tokenized Bitcoin” project standing. WBTC is custodial by nature, with all of its Bitcoin collateral being held by the highly-regulated BitGo. If you check out my previous report on WBTC, you will see that while it is custodial and subject to federal regulation, its token is not blacklistable and cannot be taken from your wallet once you have it. Therefore, WBTC is an interesting hybrid of centralized custody and a decentralized token.

This report aims to determine whether tBTC, which promotes itself as non-custodial and decentralized, is able to serve as a stronger alternative to the regulatory-friendly yet un-blacklistable WBTC.

It’s useful to look at tBTC (and any tokenized Bitcoin project) as two distinct mechanisms that work hand-in-hand:

  1. minting/burning of tokens on the Ethereum blockchain
  2. custody of Bitcoin on the Bitcoin blockchain

Decentralized Custodial Model on Bitcoin

Rather than having a single custodian like WBTC, the Bitcoin backing tBTC tokens is secured by Threshold Network node operators who are required to stake the T token.

  • Each tBTC token on the Ethereum blockchain is collateralized by 1 BTC on Bitcoin’s native chain.
  • At launch, 40 nodes that are whitelisted by the Threshold Network Council multisig are allowed to participate. It’s possible for 1 person to run multiple nodes. Threshold aims to remove the whitelist requirement and increase this number to over 1000 nodes in the long-term.
  • Every week, a new Bitcoin wallet is generated to receive BTC deposits and the private key is sharded among 100 “seats”. Each of these “seats” is randomly assigned to a Threshold Network node. The chances of a node gaining a seat depends on how much T they have staked. 51 of these 100 seats need to reach consensus to be able to transfer the BTC. Since there are only 40 nodes running at launch, some nodes must have multiple seats to reach the 100 mark for each wallet, while small stakers likely have no seats at all.
  • Each Threshold Network node must stake at least 40,000 T tokens (worth $1,700 USD at the time of this post) to participate. However, staking the minimum amount of T means that the chances of that full node ever getting a “seat” are very, very low. Staked tokens are slashed if the rules of the system aren’t followed.

Now that you know the basics, here’s an example provided to me by Threshold Network that should give you a better idea of how much trust you need to have and in how many people:

Say that of the 40 node operators, one person (Alice) owned 20% of the staked T, and the rest of the 39 node operators each owned ~2%

Say that due to the random seat allocation, Alice controlled 22 seats on a specific Bitcoin wallet, and everyone else controlled 2 seats each.

If Alice was part of the adversary, she would need 15 friends to collude to steal the BTC. If Alice wasn't involved, the group would need to number at least 26 to steal.

As you can see above, the number of individual people that you need to trust in this early stage may vary slightly. But it’s likely to range only between 15-30 people who are able to collude at any time to steal, freeze or otherwise manipulate the BTC in custody.

Threshold aims to increase the total number node operators in the future into the hundreds or thousands. But, as of today, a tBTC user is left to grapple with the question of whether millions of dollars worth of BTC in the custody of just 15-30 people is sufficiently decentralized for them.

Minting & Burning tBTC on Ethereum

Let’s get this out of the way first – in its current state, tBTC cannot be redeemed for native BTC. It’s a one-way street from BTC to tBTC until the team chooses to enable tBTC redemptions. This requires putting a large amount of trust in the dev team that it ever will enable redemptions. If it doesn’t, then the value of tBTC will likely slip considerably lower than BTC as time wears on.

tBTC’s long-term goal is to have an automated, permissionless system that would mint tBTC for BTC without human intervention. However, to enable a quicker launch for the project, the team decided to settle for a manual system called “optimistic minting”. This system uses human-controlled (although typically these are bots that those humans deploy) “minters” to mint tBTC, and human-controlled “guardians” to make sure the minters don’t overmint.

Currently, this is what happens when you deposit BTC into Threshold custody via the tBTC minting web3 app (or a reliable 3rd party alternative):

  • A minter sees your deposit and mints a commensurate amount of tBTC
  • Guardians see the mint and have three hours to veto it

Minters are handpicked representatives of DeFi projects that you’d probably recognize including Curve, Synthetix and Connext. There are seven total minters. The exact people who hold this minting capability haven’t been named, however it’s important to remember that these seven people have the ability to mint unlimited amounts of tBTC and can only be stopped from doing so by the guardians.

Guardians are handpicked members of the Threshold community who applied for the role via a forum post. It just takes one guardian to veto any mint.

The list of minters and guardians is controlled by the “Threshold Council” 6-of-9 multisig. This multisig can make unlimited changes to these lists, going as far as being able to remove all minters or all guardians. If this multisig were to remove all minters, then BTC could still be deposited into Threshold’s custody but no tBTC would be able to be minted. In Threshold’s existing state, this multisig should be considered as a major liability.

In its current state, it is possible for the seven minters to collude to block any mint. If your deposited BTC is not used for a tBTC mint, it will remain locked for 9 months before you can get it back via tBTC’s refund script (or until the sweeping feature is enabled – more on that below). In the current state of the project, minters could potentially collude to block addresses at the government’s request, which would lock up the depositor’s BTC for that time period. This is a considerable risk for depositors of all kinds, especially with such few minters.

A rogue guardian could try blocking every mint, but would be quickly removed by the multisig. Regardless, you’d have to trust that humans would take swift action to prevent this kind of problem from causing network disruption.

Once tBTC is in your wallet, the token itself is uncensorable and unblacklistable. However, WBTC also has these traits.

HELP ME STAY INDEPENDENT!

Enjoying this post?

tBTC vs WBTC

Custody

WBTC’s Bitcoin collateral is in the well-regulated hands of BitGo. BitGo, which operates with exchange-level security and has an established reputation for securing crypto assets. It’s main vulnerability is its centralized state and its commitment to following new and existing laws. If a government declares that BitGo is doing something illegal, then BitGo will likely respond in potentially unpredictable ways.

tBTC’s Bitcoin collateral is in the hands of 40 Threshold node operators and can be manipulated with a consensus of around 15-30 nodes. These node operators are allowlisted by Threshold, potentially known to one another, but are unknown to tBTC holders. They are likely all together in a Discord chat room and could collude to do just about anything they want. If a government declares Threshold to be doing something illegal, it’s possible for these node operators to collude to get themselves out of hot water. If they did collude to lock up or steal the Bitcoin, their T stake would be slashed, however the net effect of this punishment is totally dependent on the value of T.

Today there is no way to create a tokenized Bitcoin solution for Ethereum that is completely trustless. Every solution (aside from synthetic options with no BTC collateral) requires the BTC to sit in custody somewhere. Threshold is attempting to reduce that trust with tBTC, but in its current alpha state and with the unknown nature (and intentions) of its node operators, tBTC’s custody model is not decentralized enough for me to feel comfortable holding meaningful amounts of tBTC tokens. If the number of nodes reaches well into the hundreds or thousands, the staked T further diversifies and incentives remain aligned, my view on this may change.

Token Minting

The WBTC token is minted when approved and fully KYC’d entities deposit BTC with BitGo. These entities must apply for this privilege in advance and be approved by BitGo. BitGo reserves the right to refuse to mint or redeem WBTC for any entity. It recently refused to release a large amount of BTC to Alameda even though Alameda had already burned its WBTC. You, as a solo user, probably will not engage in minting or burning of WBTC.

tBTC aims to give users like you a way to mint tokenized Bitcoin without KYC or doxxing. However, with only 7 minters and 40 nodes currently participating, it is already playing a game of cat and mouse with regulators. When you deposit your BTC for tBTC, you are hoping that minters will honor the deposit and that node operators will act with integrity. The day may come when minters are asked to block certain addresses or stop minting entirely by a state actor. You just need to hope that you’re not caught in the middle of it. If you are, you may not see your BTC again for 9 months.

tBTC plans to fix this vulnerability as the product matures with a feature called “sweeping”. This feature will automatically and trustlessly mint tBTC for any deposit if a minter has not acted upon it within 8 hours. Until then, your minting is at the mercy of the human minters. However, it’s important to keep in mind that if Threshold faces regulatory pushback before sweeping is enabled, then sweeping may never be enabled. Thinking adversarially requires that we contemplate these kinds of potential issues and complications.

Blacklisting

Neither WBTC or tBTC can be blacklisted or frozen once they are in your wallet. This puts both tokens on an even playing field with regard to the transferability and saleability of the token itself.

In Conclusion

If you want to tokenize your Bitcoin on the Ethereum blockchain, then tBTC is providing the only bridge that doesn’t require KYC. However, in its early stages, this bridge doesn’t come without some serious trust requirements.

I will consider bridging BTC to tBTC once the sweeping functionality is enabled, but not before that, as I do not want to have to trust minters to act with integrity.

The security of tBTC custody residing with 15-30 node operators creates a difficult trust requirement. WBTC custody sits with BitGo, which is a fully centralized and custodial solution, however the token not being blacklistable eliminates a tremendous amount of censorship concern that would otherwise come with with such a highly regulated entity.

I will only consider holding significant amounts of tBTC once there is more diversity and depth in the pool of node operators, but not before that, as I don’t want to have to trust the integrity of just a few unknown entities.

I applaud Threshold for trying to find a way to offer a decentralized bridge, however in its current state and with WBTC being un-blacklistable, it has a higher bar that it needs to reach. The framework is there for something great, and the long-term goals look great, but the project needs to become more mature before users who are looking for real decentralization, censorship-resistance and trust-minimization can get totally comfortable with it. Perhaps it just launched a bit too soon.

Once Threshold increases its node operator diversity and adds trustless sweeping, I will take another look at the project to determine whether it reaches my own personal bar for a sufficiently decentralized protocol that is also as trust-minimized as it can possibly be. Until then, it just feels too early.

Updates & Corrections

  • The “Decentralized Custodial Model on Bitcoin” section of this post was updated after feedback from the Threshold team regarding some inaccuracies and over-simplifications of the trust requirements. Previously, I had mistakenly said that 21 of the 40 node operators could collude to steal Bitcoin. This ignored the fact that seats on Bitcoin wallets are randomly assigned to node operators based on their T stake. Instead of a hard “21”, the correct number based on this random probability is anywhere from 15 (worse) to 30 (better) nodes that would be able to collude to steal the custodied Bitcoin.
  • I made a small update on the “Minting & Burning” section to reflect the fact that while the minters are humans, and those humans do have full control over their smart contract abilities, those humans typically deploy bots to complete these minting tasks and are not sitting at their computer hitting a button to process every mint.

Additional tBTC Resources