search

Risks

Using Lombard involves risks. We believe you should understand these risks before depositing funds. This page provides honest documentation of what can go wrong.

No protocol is risk-free. Understanding risks helps you make informed decisions about how much to deposit and which products to use.

hashtag
Slashing Risk

Applies to LBTC only. BTC.b is not staked through Babylon.

What it is: BTC staked through Babylon is subject to slashing if Finality Providers misbehave. Specifically, if a Finality Provider signs two conflicting blocks at the same height (double-signing), the protocol slashes 0.1% of delegated stake.

How Lombard mitigates it:

  • Delegates only to institutional Finality Providers (Figment, Galaxy, Kiln, P2P.org) with professional operations

  • Uses CubeSigner anti-slashing policies that make it cryptographically impossible to sign conflicting messages

  • Diversifies across multiple Finality Providers so a single FP's slashing doesn't affect all funds

hashtag
Smart Contract Risk

What it is: LBTC and BTC.b rely on smart contracts deployed across multiple chains. If these contracts contain vulnerabilities, funds could be stolen or frozen.

How Lombard mitigates it:

  • Multiple independent audits (OpenZeppelin, Veridise, Halborn)

  • $250,000 bug bounty program on Immunefi

  • Hexagate runtime monitoring for anomalous behavior

  • Pausable functions for emergency response

  • Two-step upgrades with timelocks

hashtag
Bridge Risk

What it is: Cross-chain transfers rely on bridge infrastructure (Chainlink CCIP, LayerZero). Bridge protocols have historically been targets for exploits.

How Lombard mitigates it:

  • Uses established, audited bridge protocols (not custom infrastructure)

  • Dual verification requires both bridge validators AND Security Consortium approval

  • Rate limiting on unusual transfer patterns

  • Emergency pause capability

hashtag
Depeg Risk

What it is: LBTC and BTC.b may trade at prices different from their underlying BTC value on secondary markets.

For LBTC: The token may trade at a discount during market stress (when many users want to redeem and are willing to sell at a discount rather than wait 9 days) or at a premium during high demand.

For BTC.b: Despite the 1:1 backing, market prices can temporarily diverge during volatility or low liquidity.

How Lombard mitigates it:

  • Full backing verified by Proof of Reserve

  • Redemption always available at true value (though with time delay)

  • Deep liquidity across major DeFi protocols

hashtag
Liquidity Risk

What it is: Redeeming LBTC for native BTC takes approximately 9 days (2 days for Lombard processing + 7 days for Babylon unbonding). During this period, you're exposed to BTC price volatility and cannot access your funds.

For BTC.b: Redemptions are faster but still not instant.

How Lombard mitigates it:

  • Secondary market liquidity allows faster exits (at potential discount)

  • Transparent redemption tracking

  • Reliable redemption execution

Residual risk: If you need immediate liquidity during a market crash, you cannot access your BTC quickly. You'd need to sell on secondary markets at whatever price is available.

hashtag
Consortium Risk

What it is: The Security Consortium is a permissioned set of 15 members. While distributed, it's not fully decentralized. A coordinated attack or collusion among 10+ members could compromise the protocol.

How Lombard mitigates it:

  • Members are established institutions with public reputations

  • Geographic and organizational diversity

  • CubeSigner prevents direct key access

  • Bascule provides independent verification

hashtag
Regulatory Risk

What it is: Future regulations could affect Lombard's operations, Consortium members, or your ability to use the protocol.

Potential scenarios:

  • Consortium members in certain jurisdictions forced to stop participating

  • Regulations restricting staking services

  • Requirements affecting how LBTC is treated in DeFi

How Lombard mitigates it:

  • Consortium member diversity across jurisdictions

  • No single jurisdiction represents a majority

  • Ongoing legal monitoring

hashtag
DeFi Integration Risk

What it is: Using LBTC in DeFi protocols (lending, LPing, vaults) exposes you to risks from those protocols in addition to Lombard's risks.

Examples:

  • Lending protocol hack could lose your deposited LBTC

  • DEX exploit could drain pools containing your LBTC

  • Vault strategy failure could result in losses

How Lombard mitigates it:

  • Partners with established, audited protocols

  • Lombard DeFi Vault uses conservative strategies

  • Does not control or guarantee third-party protocols

hashtag
Oracle Risk

What it is: LBTC's exchange rate and Proof of Reserve data are provided by oracles. Oracle failures could affect DeFi integrations.

Potential issues:

  • Stale price data causing incorrect liquidations

  • Oracle manipulation affecting protocol behavior

  • Proof of Reserve delays masking issues

How Lombard mitigates it:

  • Uses Chainlink, the industry-leading oracle provider

  • Multiple data sources and validation

  • Fallback mechanisms

hashtag
Incident History

Lombard maintains a public record of any security incidents or near-misses.

[As of this writing, no significant security incidents have occurred.]

PreviousBridging ArchitectureNextToken Economics

Last updated