Bitcoin is complicated, which is why we have released a suite of new technologies to protect the many millions of dollars of staked Bitcoin flowing into the DeFi ecosystem. Today, we are excited to officially launch Bascule, a new bridge security system built on top of the CubeSigner key management platform to prevent cross-chain bridge hacks in real-time.
<br>
Since the August 22 mainnet launch of Babylon, there’s been growing demand from BTC holders who want to put their idle coins to work. A popular way to earn yield on Bitcoin is to stake the BTC directly or by depositing it into liquid staking protocols in return for liquid tokens that can be used in DeFi protocols on other blockchains. Most of these protocols pool user deposits and stake them with Babylon and bridge the user deposits to chains like Ethereum.
<br>
If we’ve learned anything over the past couple years, it’s that bridges are notoriously hard to secure—and Bitcoin's complexity and lack of smart contracts makes this harder.
<br>
## Even trusted teams have gotten hacked
<br>
As one example: On September 26, Bedrock, an institutional-focused liquid restaking protocol run by the team at RockX, suffered a critical exploit which resulted in theft of $2M—mitigated when other projects paused their operations to limit losses. The exploit allowed an attacker to infinitely mint 1 uniBTC (Bedrock’s Bitcoin LRT) by depositing just 1 WETH (which has a significantly lower monetary value than 1 uniBTC). It was a simple mistake that underscores the need for additional layers of monitoring and protection in cross-chain systems, which have repeatedly been targets of high-profile hacks.
<br>
Furthermore, many developer teams are introducing custodial risk to their Bitcoin-based protocols by relying on centralized third-party custodians to hold the keys to user deposits.
<br>
To reduce these risks, we built the Bascule Drawbridge using CubeSigner—our _non-custodial_ key management platform—to cross-check that every minting/withdrawal request is backed by a real deposit of the appropriate collateral.
<br>
## How the Bascule Drawbridge works
<br>
At a high level, Bascule consists of an off-chain system that monitors one chain for user deposits (in this example, Bitcoin) and then reports them to a smart contract on a second chain (for now, Ethereum). The Bascule contract, then, serves as an oracle that provides protocols an additional layer of defense—to ensure that each minting or withdrawal request is backed by a legitimate deposit. In almost every major bridge hack, attackers ended up withdrawing funds without a corresponding deposit collateral.
<br>
Akin to a drawbridge, Bascule is designed to let legitimate withdrawals pass by unencumbered and to automatically stop malicious ones—including withdrawals originating from forged signatures (e.g., in the case of compromised bridge nodes, as in the Ronin hack), bridge contract exploits (e.g., that allowed minting funds out of thin air), and other vulnerabilities.
<br>
<img src="https://cdn.prod.website-files.com/638a2693daaf8527290065a3/6718fac63197d5d8308e026c_cubist-bascule-drawbridge-bitcoin-bridge-security.png" alt="Protecting Bitcoin LST/LRTs with Bascule Drawbridge">
<br>
## Lombard uses Bascule to enforce that mints are backed by deposits
<br>
<a href="https://www.lombard.finance/" target="_blank">Lombard</a>, which recently launched into Public Beta on September 3, is the first Bitcoin-based protocol to use Bascule for bridge security. Lombard allows users to stake their BTC on Bitcoin in exchange for liquid staking token LBTC on (for now) Ethereum.
<br>
<blockquote>“We’re proud to have Cubist’s Bascule enabling our vision of LBTC as a security-first Bitcoin primitive. Bascule provides additional security to LBTC by providing independent attestation on the state of the Bitcoin network and enforcing that LBTC is minted on Ethereum only if it is backed by a real BTC deposit on Bitcoin. Having Bascule’s extra protection on top of the Security Consortium helps us rest assured knowing that the protocol is guarded against the most common types of cross-chain bridge hacks.”
<footer>- Jacob Phillips, Co-Founder of Lombard</footer>
</blockquote>
<br>
Here’s how Bascule works on Lombard: When someone deposits BTC into Lombard, they do so to a particular deposit address that encodes their withdrawal details—namely, on which chain they intend to withdraw their LBTC and what their wallet address is on that chain. For each deposit, Lombard provides the user with a receipt—a message signed by the decentralized Lombard consortium—that allows them to withdraw LBTC on their chosen chain (e.g., Ethereum). Bascule independently monitors the Bitcoin chain for Lombard's deposit addresses and reports every deposit to the Bascule smart contract on Ethereum.
<br>
This adds another layer of defense: when the user tries to withdraw their LBTC—by providing the signed receipt—the Lombard contract cross-checks that request with Bascule. If Bascule reports that there is no deposit record matching the receipt, the system blocks the withdrawal.
<br>
## Bascule is inspired by new research analysis conducted at UCSD
<br>
Why is this additional layer of defense necessary? In the case of bridge hacks, we’ve seen attackers successfully submit signed receipts that had no corresponding collateral deposits, reuse receipts, etc. New research at UCSD (see the <a href="https://arxiv.org/abs/2410.01107" target="_blank">pre-print here</a>), led by PhD student Enze Alex Liu, studied the major bridge hacks and found that all of them fundamentally come down to a lack of reconciliation between deposits and withdrawals.
<br>
Unfortunately, it’s not currently standard practice for bridges to cross-check that each withdrawal request has a corresponding deposit—and this is why we’ve seen attackers successfully walk away with funds that don’t belong to them.
<br>
<a href="https://cubist.dev/contact-form-cubesigner-hardware-backed-key-management" target="_blank">Reach out here</a> to learn more about Bascule. We'd love to chat!