BTC.b, an established BTC asset, is transitioning to Lombard’s architecture and product suite, enabling multi-chain expansion and deeper DeFi integration. Tokens, balances, and integrations remain unchanged. No action is required from the owner. Optional actions for protocols.
overview
BTC.b has been the cornerstone of Avalanche DeFi since 2022, with approximately $550 million in circulation and tight integration with Aave, GMX, BENQI, and LFJ. Lombard is acquiring BTC.b’s infrastructure and related assets, and Lombard Protocol will be responsible for BTC.b’s bridge operations and security architecture, while maintaining full continuity of existing users and integrations. BTC.b will first migrate to the same trusted architecture as LBTC, after which Lombard will orchestrate decentralization and integration across select chains and major DeFi protocols.
Powered exclusively by Lombard’s transparent and verifiable protocol architecture, BTC.b will be the next generation Bitcoin asset built for the decentralized economy. Permit-free, non-custodial, and secure. BTC.b brings institutional-level security to on-chain Bitcoin without institutional gatekeepers.
This migration accomplishes three goals:
Enhanced security: Multi-tier architecture with decentralized verification by a consortium of leading institutions
Multichain extension: In the initial stage, native deployment to Ethereum, Katana, Mega ETH, Solana
Improved access: You will be able to create permissionless mints directly from native BTC through the Lombard app and access them alongside your LBTC.
things that don’t change
For users and protocols, the immediate reality is simple. BTC.b will remain the same token, balances, addresses, and integrations will not change. What changes is the growth opportunity for BTC.b. New chains, deeper liquidity, expanded DeFi integrations and opportunities, and a cleaner path for builders to integrate native BTC into their apps through Lombard’s SDK.
For users:
Same token: Contract address, symbol and name remain the same
Same backing: 1:1 native BTC reserve without rehypothecation or staking
Same balance: All holdings, addresses and wallet integrations remain unchanged
Same integration: Aave, GMX, BENQI, LFJ, and all DeFi protocols continue to work fine
For protocols:
Contract address remains unchanged
The protocol no longer needs to call the BTC.b smart contract’s “unwrap” function to withdraw to native Bitcoin. Since the BTC.b contract is immutable, you should use the new Lombard contract for this purpose.
The previous “unwrap” function expected BTC to be withdrawn to a specific address generated by the core wallet from the same seed as the Avalanche address.
In Lombard, a newly deployed “AssetRouter” smart contract must be explicitly provided with a recipient in the “redeemForBTC” function.
Standard price feed will continue to work
Proof of Reserve feed must be updated to Lombard-based feed if available from Chainlink
Existing liquidity pools and lending markets remain unaffected
The BTC.b you currently hold is the BTC.b you will hold after the transition is completed in Q4. This is an infrastructure upgrade, not a token migration.
what’s new
Multi-chain expansion
In the initial stages, BTC.b will expand beyond Avalanche to Ethereum mainnet, Katana, MegaETH, and Solana.
direct casting
Anyone can mint BTC.b directly from native Bitcoin through the Lombard app. No intermediaries, no KYC, no geographic restrictions (except in licensed jurisdictions).
SDK integration
BTC.b joins Lombard’s SDK to enable developers to provide users with the following features:
Native BTC deposits and one-click Bitcoin earnings access within partner applications
Native wallet integration (already works with Binance and Bybit)
Streamlined developer implementation
Integrated vault product across BTC.b and LBTC
Enhanced security architecture
This migration implements a multi-layered security model with minimal trust, which is detailed in the next section.
Technology architecture: What’s changing?
The current Avalanche bridge uses Intel SGX enclaves and the Warden network to index Bitcoin and coordinate transactions. The new architecture implements multiple independent security layers with decentralized verification and is designed to scale BTC.b across multiple chains while maintaining verifiability and operational discipline.
Architecture comparison
Current model (avalanche bridge):
SGX enclave-based key separation
Observer Network for Multi-Party Approval
Centralized bridge operations
New model (Lombard protocol):
Key management with hardware security modules (HSMs)
15-member security consortium with BFT consensus
Dual layer validation with Cubist Bascule and Lombard Consortium
Byzantine fault-tolerant Lombard Ledger for traceability and transparency
current status
new state
Why this architecture matters
The new security model provides:
No single point of failure: Requires majority agreement among 15 independent validators
Defense in depth: Four independent security layers that require verification of all operations
Transparent verification: Real-time proof of reserve via Chainlink feed
Hardware-based security: Key security is rooted in Cubist’s vHSM (FIPS 140 HSM + Nitro Enclave).
Cross-chain consistency: Independent collateral verification on all chains
Independent third party audit: The security architecture and smart contracts have been audited by OpenZeppelin, Veridise, and Halborn. All audits are public.
Security model details
Layer 1: Distributed verification
The security consortium will replace the Warden network with 15 independent digital asset institutions, including OKX, Galaxy, DCG, Wintermute, Figment, Kiln, Antpool, F2Pool, and Kraken. This Proof-of-Authority network operates the Lombard Ledger, a Byzantine fault-tolerant consensus layer that transparently records all protocol operations on-chain.
All transactions require majority agreement among validators, eliminating single points of failure.
Layer 2: Key management with HSM
In the new security model, security consortium members use Cubist’s CubeSigner platform to manage keys and sign transactions. Unlike previous models that used SGX enclaves to reconstruct keys and coordinate Warden approval, consortium members sign transactions but do not have access to the private key material. Instead, the keys remain in Cubist’s secure hardware, which uses a combination of FIPS 140 HSM and Nitro Enclave for added security. Additionally, these keys are further locked down by multiple security policies, restricting consortium members from only signing certain types of transactions approved by a majority of the parties (e.g., deposit-backed mints).
Layer 3: Governance policy
Multiple security policies govern key usage.
Time lock: Enforcing delays for sensitive operations
Multi-party authorization (MPA): Multiple consortium members must approve all transactions and policy changes
Trading restrictions: Keys can only sign certain pre-approved transaction types
Layer 4: Independent Bridge Verification
Two independent systems verify all operations.
Cubist drawbridge: Verify collateral consistency across Bitcoin and destination chains (Avalanche C chain, Ethereum, etc.).
Chainlink CCIP: BTC.b validates collateral across the chains being bridged by providing secure cross-chain messaging and real-time proof-of-reserve validation.
This double-verification approach ensures one-to-one backing by an independent audit layer.
Deposit flow
Verified deposit: Users deposit BTC to a deterministic address that encodes the destination EVM address on the Avalanche C-chain. This allows address validation and protects against phishing.
Validating consensus: The Security Consortium validates and notarizes deposit transactions through BFT consensus on the Lombard Ledger.
Double verification: Both Bascule and CCIP have independently verified corroboration.
casting: BTC.b tokens will be minted to the user-specified address after passing all validations.
Withdrawals (burns) follow the same multi-layered verification process in reverse.
For builders: Integration updates
avalanche developer
The contract address remains the same, but the BTC redemption flow has changed. The previous “unwrap” functionality has been deprecated and developers must redeem it using the new Lombard adapter.
Optional updates:
core wallet user
The Lombard SDK will be embedded natively within the core wallet on day 1, allowing users to acquire BTC.b in the core wallet.
new integration
Lombard SDK provides simple integration of protocols, wallets, and platforms.
timeline
Current status: Migration underway, testing and security audit underway
Expected release: Q4 2024
Migration process:
Completion of final security audit
Mainnet deployment and verification period
Seamless cutover with minimal downtime for users
Post-launch monitoring and support
Both the Lombard and Avalanche teams will provide regular updates through their official channels as milestones are completed. Please subscribe to our official channel for detailed progress updates.
BTC.b will continue to serve as Avalanche’s primary Bitcoin bridge while expanding to become a true multi-chain Bitcoin asset with institutional-grade security and permissionless access.
FAQ
Do I need to do anything about my BTC.b? no. The token will not change, so you don’t need to do anything.
Will there be downtime? This migration is designed to provide a seamless cutover with minimal transfer or integration disruption. Minting and redemption of BTC.b is expected to be unavailable for up to two hours. Users will experience a slight delay if transactions are submitted during the cutover, but they will not have to worry about losing their funds.
What if my lending protocol has BTC.b? Your position will continue as normal. Protocol integration is not affected.
Where can I get technical support? Speak with a Lombard representative via Discord or the website’s intercom feature.
Please contact Lombard with any questions regarding this migration. Via Discord or via the website’s Intercom feature. For partnership inquiries, please visit lombard.finance.
