Risks
Lombard is committed to transparent risk disclosure. While the protocol implements multiple layers of security and mitigation, users should understand the inherent risks of participating in Bitcoin staking, DeFi, and cross-chain operations.
Smart Contract RiskMEDIUM
Despite rigorous audits from OpenZeppelin, Halborn, Veridise, Sherlock, and ABDK, no smart contract code can be guaranteed to be free of vulnerabilities. Bugs in Lombard’s contracts could potentially affect minting, burning, bridging, or exchange rate calculations. Lombard mitigates this through multiple independent audits, an Immunefi bug bounty program with rewards up to $250,000, Hexagate real-time monitoring, pausable contract functions, and two-step upgrades with timelocks.
Bridge RiskMEDIUM
Cross-chain transfers rely on external bridge infrastructure (Chainlink CCIP, LayerZero, IBC). A vulnerability or failure in bridge validators could delay or disrupt transfers. Lombard’s dual-verification model (requiring both bridge and Consortium approval) reduces the impact of a single bridge compromise, but users should be aware that cross-chain operations carry additional risk compared to single-chain transactions.
Depeg RiskMEDIUM
LBTC’s market price on secondary markets (DEXs, lending protocols) may temporarily diverge from its fundamental value (the exchange rate with BTC). This can occur due to large sell pressure, low liquidity, market panic, or technical issues. The protocol’s Proof of Reserve oracle feeds and fundamental price feeds help anchor LBTC’s value, but short-term market deviations are possible and may trigger liquidations for users with leveraged positions.
Liquidity RiskMEDIUM
LBTC and BTC.b liquidity on secondary markets depends on market makers, DEX liquidity providers, and overall market conditions. During periods of stress, available liquidity may decrease, leading to higher slippage on trades or difficulty exiting large positions. Redemption of LBTC to native BTC involves a Babylon unbonding period, during which your BTC is not accessible.
Regulatory RiskMEDIUM
The legal and regulatory landscape for cryptocurrency, staking, and DeFi continues to evolve across jurisdictions. Changes in regulation could affect the legality of LBTC, BTC.b, or BARD in certain jurisdictions, require changes to protocol operations or governance, impact the ability of consortium members to participate, or create restrictions on DeFi protocol integrations.
DeFi Integration RiskMEDIUM
When you deploy LBTC or BTC.b into third-party DeFi protocols (lending markets, DEXs, vaults), you take on the smart contract risk of those protocols in addition to Lombard’s own risk. Vulnerabilities in integrated protocols could result in loss of deposited assets. Lombard reviews integration partners but cannot guarantee the security of external protocols.
Slashing RiskLOW
LBTC is backed by BTC staked through the Babylon protocol. If a Finality Provider operated by Lombard violates the protocol’s consensus rules (such as double-signing), a portion of the staked BTC may be slashed. Lombard mitigates this through CubeSigner’s anti-slashing cryptographic policies, which prevent the signing of conflicting messages at the hardware level. The maximum slashing exposure is capped at 0.1% of staked BTC per slashing event.
Consortium RiskLOW
The Security Consortium operates as a permissioned network of 15 institutional members. While the two-thirds supermajority requirement provides strong protection, the consortium model requires trust in the collective integrity of its members. Risks include coordinated compromise of 10 or more members, regulatory pressure on consortium members to censor or freeze operations, or operational failures that reduce the number of active signers below the required threshold.
Oracle RiskLOW
Lombard relies on oracle infrastructure (Chainlink, RedStone) for Proof of Reserve verification and price feed data. Oracle failures, manipulation, or delayed updates could result in incorrect reserve attestations, mispriced collateral in lending markets, or delayed detection of reserve imbalances. Lombard mitigates this through multiple oracle providers and 10-minute update intervals.
Incident History
As of the date of this documentation, Lombard has not experienced any security incidents resulting in loss of user funds. The protocol has maintained full reserve backing since launch.
Mitigation Partners
Lombard works with multiple partners to mitigate risks across the protocol:
Cubist
CubeSigner HSM-based key management and anti-slashing policies
OpenZeppelin
Independent smart contract audits
Halborn
Independent smart contract audits
Veridise
Independent smart contract audits
Sherlock
Independent smart contract audits
ABDK
Independent smart contract audits
Immunefi
Bug bounty platform for responsible vulnerability disclosure
Hexagate
Real-time smart contract behavioral monitoring
Chainlink
Proof of Reserve feeds and CCIP bridge security
RedStone
Additional oracle price feed provider
Next Steps
- Security Model — Lombard’s full defense-in-depth security architecture
- Audits — Complete audit history from five independent firms
- Bug Bounty — Report vulnerabilities and earn rewards
- Oracles — How Proof of Reserve and price feeds work
Last updated on