Skip to Content
ResourcesRisk Disclosures

Global Risk Disclosures

Updated and effective: 25 June 2026

I. Introduction

Purpose: This Risk Disclosure document is designed to inform users of the products, services, and related information and materials offered by or made available through LF Operations Inc. (the “Company”), which includes: (a) the lombard.finance website (the “Website”), the app.lombard.finance application (the “App”), and the interfaces, tools, and related services that facilitate interaction with the Lombard Protocol (the “Protocol”) (collectively, the “Platform Products”); (b) the digital assets, tokens, and other offerings created, facilitated, or made available through or in connection with the Protocol, including without limitation LBTC, BTC.b, and any future digital asset or token offerings (the “Token Products”); and (c) any products created by third parties using or incorporating any aspects of the Protocol, and derivative and ancillary products related thereto (the Platform Products and Token Products, together with any such third-party products, collectively, the “Products”), of the potential risks associated with using the Protocol, the App, the Products, and associated services (collectively, the “Services”). Token Products may be offered by or through separate legal entities and may be governed by separate product-specific terms of use with those entities.

These disclosures aim to provide clarity on the inherent uncertainties and responsibilities involved in interacting with the Services, and specifically with Bitcoin staking, restaking, liquid staking tokens, and related activities.

Scope: The disclosures outlined herein apply to all interactions with the Services, including but not limited to: accessing the Website or the App; using or interacting with the Protocol and its smart contracts; participation in staking and restaking activities; interaction with tokens (including LBTC and BTC.b); participation in governance; and engagement with any associated products, tools, or services, including those deployed, designed, or utilised by any third party.

General: The Protocol is a decentralised finance (DeFi) application designed to facilitate the staking, restaking, and liquid representation of digital assets, including Bitcoin (BTC), on a decentralised basis. The Protocol’s governance structure, degree of decentralisation, and operational characteristics may evolve over time, and certain administrative, operational, or governance functions may currently be performed or influenced by the Company, the Consortium, or other designated parties. The App and the Website provide interfaces through which users may access and interact with the Protocol and the Products. By engaging with any of the Services, you acknowledge and accept that you are participating in a highly experimental and rapidly evolving space.

The risks associated with the Services are significant, and you should only use the Services if you fully understand these risks and can bear full losses.

Under no circumstances will the Company be liable for any loss or damage resulting from your use of the Services.

II. Experimental Nature

The Services — including the Protocol, the App, the Website, the Products, and all related software, blockchain technology, smart contracts, staking mechanisms, liquid staking tokens, bridges, and digital asset wallets — are experimental and in continuous development. The Services are provided “As Is,” “Where Is,” and “As Available” without any warranties, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose, or non-infringement. Users should be aware that the experimental nature of the Services could lead to unexpected outcomes, including the total loss of assets that interact with the Services.

Bitcoin staking and restaking via decentralised protocols is a nascent activity with limited operational history. The mechanisms by which BTC is staked (including through the Babylon Protocol), the manner in which liquid staking tokens (such as LBTC) represent staked positions, and the bridges and infrastructure that facilitate cross-chain operations are all experimental technologies with no guarantee of continued operation, accuracy, or security.

III. Market and Financial Risks

Volatility: The cryptocurrency and digital asset markets are highly volatile, with prices fluctuating widely and unpredictably in short periods. This volatility can significantly affect the value of assets held within or interacting with the Services, including BTC, LBTC, BTC.b, BARD, and any other digital assets. You may experience substantial losses, including the total loss of the value of your digital assets. Past performance of any digital asset is not indicative of future results.

No Expectation of Returns: The Company makes no representations, warranties, guarantees, or promises regarding any returns, yield, profit, income, or financial benefit from using the Services. Staking, restaking, holding liquid staking tokens, and participating in any yield generation or capital deployment activity do not guarantee any return. Any yield or rewards you may receive are determined by the Protocols, third-party systems, market conditions, and other factors outside the Company’s control, are variable and unpredictable, and may be zero. The existence of active yield generation strategies, capital Redeployment, or discretionary allocation of Digital Assets does not create an expectation of profit, a promise of returns, or an obligation by the Company to generate any particular outcome. You should not use the Services with any expectation of profit or financial return derived from the efforts, skill, or management of the Company, the Consortium, or any other party.

Correlation with Risky Assets: Digital assets, including BTC and tokens derived from BTC (such as LBTC and BTC.b), may exhibit high correlation with other risky asset classes, including equities, commodities, and other cryptocurrencies. During periods of market stress, digital asset prices may decline simultaneously with other asset classes, potentially amplifying portfolio losses. Diversification across digital assets may not reduce risk as effectively as diversification across uncorrelated traditional asset classes.

Liquidity Risks: There is no guarantee that liquid markets will exist for any digital asset, including LBTC, BTC.b, BARD, or any other token associated with the Protocol. Markets for digital assets may be thin, fragmented, or subject to sudden illiquidity. You may be unable to sell, exchange, or dispose of digital assets at a fair price, or at all, particularly during periods of market stress, high volatility, or technical disruption. Liquidity in secondary markets for liquid staking tokens depends on third-party market makers, decentralised exchanges, and other participants over whom the Company has no control.

Depegging and Pricing Dislocation: Liquid staking tokens (such as LBTC and BTC.b) are intended to represent staked positions, but their market price may diverge significantly from the value of the underlying asset. Such depegging events may be temporary or prolonged, and there is no guarantee that price parity will be restored. Depegging can be caused by, among other things, market sentiment, liquidity conditions, smart contract risk perceptions, regulatory developments, bridge failures, or cascading liquidations in external DeFi protocols. The Company does not guarantee, support, or maintain any price peg.

Impermanent Loss and DeFi Composability Risks: If you use liquid staking tokens in external DeFi protocols (such as lending platforms, automated market makers, or liquidity pools), you may be exposed to additional financial risks, including impermanent loss, cascading liquidations, and losses arising from the design or failure of those external protocols. The Company has no control over and disclaims all liability for losses incurred in external protocols.

Concentration Risk: Staking a significant portion of your digital asset holdings in a single protocol, validator, or liquid staking token concentrates risk. A single adverse event — such as a slashing event, smart contract exploit, or governance decision — could result in substantial or total loss. Users should consider their overall portfolio composition and risk tolerance.

Opportunity Cost: Assets staked, locked, or otherwise committed through the Services, including during unbonding periods or Restricted Actions, cannot be deployed elsewhere. Market conditions may change during these periods, and you may miss opportunities to sell, trade, or reallocate your assets. The Company has no liability for any opportunity cost.

No Insurance or Guarantee: Digital assets held in or interacting with the Services are not insured by any government deposit insurance scheme, investor protection fund, or similar program. There is no guarantee of recovery in the event of loss. The Company does not guarantee the value, availability, or recoverability of any digital asset.

IV. General Risks

Regulatory Risks and Legal Uncertainty: The legal landscape for DeFi, Bitcoin staking, liquid staking tokens, and digital assets generally is evolving rapidly. Changes in regulations, positions of regulators, legislative enactments, or enforcement actions could impact your ability to use the Services, affect the classification or legality of tokens such as LBTC or BARD, or result in adverse legal consequences. Regulatory authorities in various jurisdictions may classify staking activities, liquid staking tokens, or governance tokens as securities, financial instruments, or regulated products, which could restrict access, impose compliance requirements, or result in enforcement actions. Users should stay informed about the legal environment that may affect their use of digital assets and the Services and should comply with all applicable laws.

Securities Reclassification Risk: Regulatory authorities — including the United States Securities and Exchange Commission, the United States Commodity Futures Trading Commission, and comparable authorities in other jurisdictions — may, at any time, determine that any Token Product (including LBTC, BTC.b, or BARD), the Protocol, or any aspect of the Services constitutes a security, investment contract, commodity interest, financial instrument, or other regulated product or activity. In particular, to the extent that the Services involve active yield generation strategies, capital Redeployment, or discretionary allocation of staked assets, regulatory authorities may characterise such activities as constituting an actively managed pooled investment vehicle, collective investment scheme, commodity pool, or similar arrangement — which could result in the classification of associated Token Products as securities under the Howey test or equivalent frameworks in other jurisdictions. Such a determination could restrict the availability, transferability, or use of Token Products; require the Company to register, obtain licences, or cease operations; result in enforcement actions, fines, or penalties; expose users to regulatory consequences; or materially impair the value, liquidity, or redeemability of Token Products. No representation is made regarding the current or future regulatory classification of any Token Product, the Protocol, or the Services.

MiCA and European Regulatory Risk: The Services have not been authorised under Regulation (EU) 2023/1114 (the Markets in Crypto-Assets Regulation, “MiCA”) or any national implementing legislation thereof. Regulatory authorities in European Union member states may determine that the Services — particularly to the extent they involve active yield generation, capital Redeployment, or discretionary allocation of crypto-assets — constitute portfolio management of crypto-assets, reception and transmission of orders for crypto-assets, or another regulated crypto-asset service under MiCA, which would require authorisation as a crypto-asset service provider. Such a determination could restrict the availability of the Services in the European Union, require compliance with MiCA’s prudential, conduct, and governance requirements, or result in enforcement actions.

CPO, Investment Company, and Related Classification Risks: Regulatory authorities may determine that the Company, the Protocol, or any associated entity operates as a commodity pool operator, commodity trading advisor, investment company, investment adviser, broker-dealer, money transmitter, money services business, or similar regulated entity. Any such determination could require registration, licensing, or compliance with regulatory frameworks for which the Company is not currently registered or authorised, and could result in enforcement actions, restrictions on the Services, or other adverse consequences.

Transfer Restriction Risk: Token Products (including LBTC and BTC.b) may trade on secondary markets, including markets accessible to users in jurisdictions where such tokens may be classified as securities or regulated products. If any Token Product is determined to be a security, its free transferability may be restricted, and prior transfers may have been conducted in violation of applicable securities laws (including Regulation S or Regulation D under the U.S. Securities Act of 1933). Users who acquired or transferred Token Products in contravention of applicable transfer restrictions may face regulatory consequences, and the value or liquidity of such tokens may be materially impaired.

Tax Uncertainty: The tax treatment of staking, restaking, liquid staking tokens, token distributions, yield, rewards, and governance tokens varies by jurisdiction and is subject to change. You are solely responsible for determining and fulfilling your tax obligations. The Company makes no representations regarding the tax treatment of any activity on or through the Services.

V. Security Risks

Cyberattacks and Hacking: The Services, including the Protocol, the App, and the Website, are susceptible to cyberattacks, hacking, and other security breaches. While rigorous security measures are implemented, no system is entirely immune to threats. Risks include, but are not limited to, phishing, malware, distributed denial-of-service (DDoS) attacks, DNS hijacking, front-end compromises, social engineering, “zero day” exploits, and other malicious activities.

Smart Contract Vulnerabilities: Despite rigorous testing and auditing, smart contracts may still contain vulnerabilities, such as reentrancy attacks, front-running, timestamp manipulation, logic errors, inherited vulnerabilities from third-party libraries, and other potential exploits. Users should be aware that exploiting these vulnerabilities could lead to a loss of access to, control of, or use of assets, and significant financial losses. The Protocol involves multiple smart contract systems (including the Babylon Protocol, the Lombard Protocol, and various bridge contracts), each of which may contain independent vulnerabilities.

Nation-State and Black Hat Attacks: The Services, like other blockchain and web-based systems, may be targeted by highly sophisticated cyberattacks from nation-state actors or malicious hackers. These attackers may exploit known or unknown vulnerabilities in the Protocol, the App, or underlying infrastructure, resulting in severe disruptions or loss of assets.

Unknown Vulnerabilities: As technology evolves, new vulnerabilities may be discovered that could affect the security of the Services, including the Protocol, the App, and the Website. These include potential risks from advances in cryptography, such as quantum computing, which could undermine current blockchain security measures. Although the Company has undertaken reasonable, market-standard practices to identify vulnerabilities in the Services, the Company does not guarantee that the Services are free of any defect, flaw, or vulnerability.

Risk of Theft: There is no assurance against the theft of digital assets due to sophisticated cyber-attacks or exploitation of vulnerabilities in the Services, the underlying infrastructure relied upon by the Services, or users of the Services, including digital asset wallets, blockchains, bridges, or associated third-party services, service providers, or functions not within the Company’s control. Such incidents could lead to the partial or complete loss of access to, control of, or use of your assets.

Service Availability: The Services — including the Protocol, the App, the Website, and the Products — may experience downtime or become inaccessible due to maintenance, third-party service disruptions, attacks or compromises of third-party services or products, front-end outages, hosting failures, or blockchain network congestion, attacks, or related issues. The Company does not guarantee continuous availability or functionality of any of the Services, and users should be prepared for potential interruptions to access, or to functionalities provided by the Services.

VI. Technical Risks

Software Bugs and Technical Failures: The Services operate on complex software — including smart contracts, back-end infrastructure, and front-end applications — that may contain bugs or experience failures, potentially leading to loss of assets, loss of access to assets, or interruption of services. These risks may be increased by the rapid pace of technological change, which may introduce new unforeseen vulnerabilities or attack vectors that may impact the function, availability, and security of the Services.

Impact of Advances in Technology: Emerging technologies, such as quantum computing, may pose future risks to the security of blockchain-based systems and systems built upon and that rely on encryption of underlying systems, including the Services. Users should be aware that such advances could undermine the cryptographic security relied upon by the Services.

Flawed Logic and Design: The underlying logic and design of the Services — including the Protocol, the App, and related software — may be flawed, defective, or impaired. This could result in the Services operating incorrectly or not as intended, leading to unintended transactions, incorrect token minting or burning, improper staking or unstaking, or a loss of access to, control of, or use of assets, and significant financial losses.

Cross-Chain and Bridge Risks: The Services may involve the transfer of assets or data across multiple blockchain networks via bridges or cross-chain messaging protocols. These bridges are complex systems that introduce additional risks, including but not limited to: bridge smart contract vulnerabilities, message relay failures, cross-chain finality assumptions that may be violated, validator or relayer misconduct in bridge systems, and the risk that assets locked on one chain may become inaccessible if a bridge is compromised. Bridge failures have historically resulted in some of the largest losses in DeFi, and users should be aware that bridge-related risks may be among the most significant risks of using the Services.

VII. Protocol and Product-Specific Risks

Smart Contract Risks: The Protocol’s and the Products’ smart contracts are designed to be secure but are not infallible. The Services involve multiple interconnected smart contract systems, including contracts for staking, minting liquid staking tokens, managing validator sets, and facilitating cross-chain operations. Vulnerabilities in any of these contracts, or in the interactions between them, could lead to a loss of access to, control of, or use of assets, and significant financial losses.

Staking and Slashing Risks: The Protocol facilitates the staking and restaking of Bitcoin and other digital assets through underlying staking protocols such as the Babylon Protocol. Staking involves locking digital assets in smart contracts or with validators. Staked assets may be subject to “slashing” — a penalty mechanism where a portion of staked assets is destroyed or forfeited as a consequence of validator misconduct, downtime, double-signing, or other protocol-defined infractions. Users are expected to understand the slashing conditions applicable to their staked assets. Slashing events are irreversible, and the Company has no ability to prevent, reverse, or compensate for slashing losses. The risk of slashing may be influenced by factors entirely outside the user’s control, including the conduct of validators selected by the Protocol or by governance.

Validator Risks: The Protocol may delegate staked assets to validators or validator sets. Validator performance, honesty, and availability directly affect the safety and yield of staked assets. Risks include: validator downtime resulting in missed rewards or penalties, validator misconduct resulting in slashing, validator key compromise, validator collusion, and changes to the validator set through governance that may affect existing staking positions. The Company does not guarantee the performance, honesty, or availability of any validator.

Capital Deployment, Redeployment, and Reallocation Risks: The Company, the Consortium, the applicable product entity, or any other designated party may, at its discretion, deploy, redeploy, reallocate, delegate, re-delegate, or otherwise move Digital Assets — including Digital Assets you have staked, deposited, or otherwise committed through the Services — between and within Products, validators, validator sets, staking protocols, restaking protocols, blockchain networks, bridges, liquidity venues, or other infrastructure or service providers (each, a “Redeployment”). Redeployments may occur without prior notice to you and for any reason, including but not limited to: responding to changes in protocol parameters, validator health, uptime, or slashing risk; rebalancing across staking protocols or blockchain networks; adjusting to changes in infrastructure availability or performance; launching, modifying, or discontinuing Products; responding to governance decisions; complying with applicable law or regulatory requirements; or mitigating security risks. Users acknowledge and accept the following risks relating to Redeployments:

  • Changed risk profile: A Redeployment may expose your Digital Assets to different validators, different slashing conditions, different smart contracts, different blockchain networks, different bridge infrastructure, different counterparties, or different regulatory environments — each of which may carry different or additional risks compared to the prior deployment.
  • Yield and reward variability: A Redeployment may change the yield, rewards, staking performance, or economic characteristics associated with your Digital Assets, including a reduction to zero.
  • Unbonding and liquidity disruption: A Redeployment may trigger unbonding periods, temporarily reduce the liquidity or redeemability of your Digital Assets, or alter the timeframe in which you can access, transfer, or withdraw your assets.
  • Slashing exposure: Digital Assets redeployed to a new validator or staking protocol may be subject to slashing conditions that differ from those previously applicable. The Company has no liability for slashing events that occur following a Redeployment.
  • Smart contract and bridge risks: Redeployment to different infrastructure may expose your Digital Assets to different smart contracts or bridge systems, each of which may contain independent vulnerabilities.
  • No fiduciary duty: The exercise of any Redeployment discretion does not create a fiduciary, advisory, or trust-based duty to you. No Redeployment decision shall be construed as investment advice, portfolio management, or a recommendation of any kind.

The Company expressly disclaims all liability for any losses, damages, or adverse consequences arising from or related to any Redeployment. The applicable Product Terms, if any, shall govern the specific parameters and limitations of any Redeployment rights in respect of a particular Token Product.

Unbonding and Withdrawal Risks: Unstaking or withdrawing assets from the Protocol or any Product may be subject to unbonding periods, during which assets are locked and cannot be transferred, traded, or used. During unbonding periods, the value of the underlying assets may change significantly. Users should understand the applicable unbonding periods and the risks of value fluctuation during those periods before initiating any unstaking or withdrawal.

Liquid Staking Token Risks (LBTC, BTC.b, etc.): Liquid staking tokens such as LBTC and BTC.b are representations of staked positions. These tokens carry specific risks, including but not limited to:

  • Depegging risk: The market price of a liquid staking token may diverge from the value of the underlying staked asset. There is no guarantee that LBTC or BTC.b will trade at or near the value of the underlying BTC.
  • Liquidity risk: There may be insufficient liquidity in secondary markets to sell or exchange liquid staking tokens at a fair price or in a timely manner.
  • Redemption risk: The ability to redeem a liquid staking token for the underlying staked asset depends on the continued operation of the Protocol, the availability of the underlying assets, and the absence of any Compliance Event or Restricted Action. Redemption may be delayed, restricted, or unavailable.
  • Smart contract risk: Liquid staking tokens are created and managed by smart contracts that may contain vulnerabilities.
  • Composability risk: Liquid staking tokens may be used in other DeFi protocols (lending, borrowing, liquidity provision, etc.). Losses in those external protocols are not the responsibility of the Company, and cascading liquidations or depegging events in external protocols may affect the value or redeemability of liquid staking tokens.

Administrative and Upgrade Key Risks: The Protocol or certain of its components may be subject to administrative controls, including multisig wallets, upgrade mechanisms, timelocks, or other privileged functions that allow designated parties to modify smart contract parameters, pause operations, upgrade contract logic, or take other administrative actions. These administrative controls introduce risks, including but not limited to: the risk that administrative key holders may act negligently, maliciously, or under coercion; the risk that an upgrade introduces bugs or vulnerabilities; the risk that administrative actions are taken that adversely affect users or their assets; and the risk that administrative keys are compromised by external attackers. Users should understand that the existence of administrative controls means the Protocol may not be fully autonomous or immutable, and that changes to the Protocol may be made without your consent or advance notice.

Governance Risks: Certain aspects of the Protocol and the Products may be governed by a decentralised community or by holders of governance tokens (including BARD). Proposals made and accepted through governance processes could alter the Protocol, the Products, or the Services in ways that may affect users, its features, products, services, functionalities, staking parameters, validator sets, fee structures, and the transactions which may or may not be conducted using various aspects of the Services. These changes may be outside the control of the Company or may be influenced by the Company, the Consortium, or other parties, and the Company expressly disclaims any and all liability for any negative impacts resulting from governance decisions, regardless of whether the Company or any Lombard Finance Party participated in or influenced such decisions. Governance participation does not create any fiduciary, advisory, or agency relationship between governance participants and the Company.

Lombard Security Consortium Risks: The Protocol relies on the Lombard Security Consortium (the “Consortium”), a decentralised consensus mechanism composed of digital asset institutions that may be engaged by, contracted with, or otherwise retained by the Company or its affiliates — including market makers, mining pools, institutional validators, technology providers, and security and research partners — that collectively validate transactions, authorise the minting and redemption of liquid staking tokens (including LBTC), facilitate staking and unstaking operations, oversee protocol upgrades, and enable cross-chain bridging of assets. The Consortium’s operations are recorded on the Lombard Ledger, a Byzantine fault-tolerant blockchain. Users acknowledge and accept the following risks relating to the Consortium:

  • Consensus and Availability Risks: The Consortium requires a majority of its members to reach consensus on each transaction. If a sufficient number of Consortium members become unavailable, compromised, or fail to participate, transaction processing may be delayed or halted, and users may be unable to mint, redeem, stake, unstake, bridge, or otherwise interact with their assets for an indeterminate period.
  • Member Conduct Risks: Consortium members are third-party institutions that operate their own infrastructure and make their own operational decisions, notwithstanding any contractual or service relationship with the Company. Individual members may act negligently, experience security breaches, suffer operational failures, become subject to regulatory actions, or cease operations entirely. The Company does not control, and is not responsible for, the conduct, performance, security practices, or continued participation of any Consortium member.
  • Collusion and Coordination Risks: Although the Consortium is designed to eliminate single points of failure through decentralised consensus, there is a risk that a sufficient number of Consortium members could collude, be compromised simultaneously, or be coerced by governmental or other actors, potentially resulting in unauthorised transactions, improper minting or burning of tokens, misappropriation of assets, or other adverse outcomes.
  • Governance and Upgrade Risks: The Consortium oversees protocol upgrades and security standards. Decisions made by the Consortium regarding upgrades, parameter changes, or supported blockchains may adversely affect users, their assets, or the functionality of the Services. Such decisions are made by the Consortium members in their discretion and are not subject to user approval.
  • Key Management Risks: Consortium members hold and manage cryptographic keys necessary for transaction validation and consensus operations. Compromise, loss, or misuse of these keys — whether through external attack, internal misconduct, or operational failure — could result in unauthorised transactions or loss of assets.
  • Concentration and Composition Risks: The composition of the Consortium may change over time as members join, leave, or are removed. A reduction in the number or diversity of Consortium members could increase concentration risk and reduce the security guarantees of the consensus mechanism. The Company does not guarantee any minimum number or composition of Consortium members.
  • Lombard Ledger Risks: The Lombard Ledger, as a Byzantine fault-tolerant blockchain, is itself an experimental technology that may contain vulnerabilities, suffer from consensus failures, or experience data integrity issues. Users should not assume that the Lombard Ledger provides an infallible or permanent record of operations.

The Company expressly disclaims all liability for any losses, damages, or adverse consequences arising from the acts, omissions, failures, compromises, or decisions of the Consortium, its members, or the Lombard Ledger, whether individually or collectively. No Consortium member owes any fiduciary, advisory, or trust-based duty to any user. Users should not rely on the existence or composition of the Consortium as a guarantee of security, and should understand that the Consortium’s role does not eliminate the risk of loss.

Active Yield Generation and Managed Strategy Risks: The Services may involve active yield generation strategies, including the deployment, redeployment, or reallocation of staked or deposited Digital Assets across validators, staking protocols, restaking protocols, liquidity venues, or other infrastructure. Users acknowledge that these activities introduce risks distinct from passive staking, including: the risk that discretionary yield strategies may underperform, generate lower returns than anticipated, or result in losses; the risk that strategy-level decisions — including the selection of validators, protocols, or counterparties — may introduce counterparty, smart contract, oracle, or operational risks that would not be present under a passive staking model; the risk that actively managed strategies may increase the frequency and magnitude of Redeployments, each of which carries the risks described herein; and the risk that the characterisation of the Services as involving active management may attract regulatory scrutiny or result in reclassification as described in §IV above. The Company makes no representations regarding the expected performance, risk-adjusted returns, or suitability of any yield generation strategy.

Omnibus Wallet and Asset Commingling Risks: Digital Assets staked, deposited, bridged, or otherwise committed through the Services may be held, processed, or routed through omnibus wallets, shared smart contracts, pooled staking positions, shared validator slots, or other aggregated infrastructure in which users’ Digital Assets are not individually segregated. Users’ Digital Assets may not be separately identifiable on-chain from those of other users, including users in different jurisdictions with different legal, regulatory, or sanctions frameworks. In the event of a loss, exploit, slashing event, regulatory seizure, or insolvency event affecting any omnibus wallet or shared infrastructure, losses may be distributed across all users whose assets were commingled, and users may not recover the full amount of their Digital Assets regardless of whether the loss was attributable to their activity. Regulatory actions targeting other users’ assets in the same omnibus infrastructure may affect users’ own assets. The Company does not guarantee individual segregation of assets.

Functionality and Performance: The Company does not guarantee continuous, uninterrupted, error-free, timely, or expected operation of the Services, including the Protocol, the App, or any Product. Users should be aware of potential issues that may impact the functionality and performance of any of the Services.

User Interface: Certain user interface elements or design decisions within the Products may be complex, confusing, or unclear to some users, which may result in a user executing a different action or transaction than intended. Users are advised to proceed with caution and verify their actions before finalising any transactions.

VIII. Third-Party Risks

Reliance on Third-Party Services and Data: The Services may rely on third-party services, including smart contracts, oracles, data feeds, validators, bridges, relayers, hosting providers, and blockchain infrastructure providers. Failures, flaws, delays, compromises, attacks on, manipulations of, and defects or inaccuracies in these third-party services could negatively impact the operation of the Services or lead to incorrect or unexpected transaction executions and outputs, and could lead to a loss of access to, control of, or use of assets, and significant financial losses.

Babylon Protocol Risks: The Protocol relies on the Babylon Protocol for Bitcoin staking functionality. The Babylon Protocol is a separate, independent protocol not operated or controlled by the Company. Risks specific to the Babylon Protocol include but are not limited to: changes to Babylon’s staking parameters or slashing conditions, Babylon smart contract vulnerabilities, Babylon governance decisions that adversely affect stakers, and the risk that the Babylon Protocol is discontinued, modified, or becomes unavailable. The Company disclaims all liability for any losses arising from the operation, failure, or modification of the Babylon Protocol.

Third-Party Related Risks: Certain functions within the Services, including the Protocol, the Products, and the App, may depend on timely actions by third parties, including validators, bridge operators, oracle providers, and relayers. Delays or failures by those third parties could result in inaccessibility of Service functionality, missed rewards, slashing, or loss of assets.

IX. Compliance and Freeze Risks

Compliance-Related Restrictions: The Company may, at any time and in its sole discretion, freeze, suspend, restrict, or delay any transaction, transfer, withdrawal, or other operation involving your wallet, digital assets, or use of the Products in connection with compliance monitoring, anti-money laundering investigations, sanctions screening, or other legal and regulatory requirements (each, a “Restricted Action”). During a Restricted Action:

  • You may be unable to access, transfer, stake, unstake, redeem, or otherwise interact with your digital assets.
  • The value of your digital assets may fluctuate, and you may incur losses due to price movements during the restriction period.
  • Protocol-level events (including slashing, governance changes, or validator misconduct) may occur that affect your assets while you are unable to respond.
  • You may miss time-sensitive opportunities or be unable to participate in Protocol activities.

The Company has no obligation to provide prior notice of, or disclose the basis for, any Restricted Action, and has no obligation to resolve any Restricted Action within any particular timeframe. The Company shall have no liability whatsoever for any losses arising from or related to any Restricted Action, including losses from price movements, opportunity costs, slashing, liquidation, or any other Protocol-level consequence.

Government Orders and Asset Seizure: The Company may be compelled by applicable law, court order, or governmental directive to freeze, seize, transfer, or otherwise dispose of digital assets or restrict access to the Services. The Company shall have no liability for compliance with any such order or directive.

X. Open-Source and Experimental Technology

The Services rely on open-source and experimental technology, and there are inherent risks associated with using DeFi services, products, applications, and protocols built on this technology. These risks include, but are not limited to, smart contract vulnerabilities, potential loss of digital assets, unforeseen interactions with other blockchain protocols or events, lack of warranties or other performance guarantees, lack of maintenance obligations, cyberattack vulnerabilities, and potential intellectual property infringement claims.

The Protocol interacts with multiple blockchain networks (including Bitcoin and Ethereum) and multiple third-party protocols (including the Babylon Protocol). The interaction between these independent systems introduces composability risks — the risk that unexpected behavior in one system may cascade to others, potentially amplifying losses.

XI. User Responsibility

Legal Compliance: Users are solely responsible for ensuring that their use of the Services complies with all applicable civil, criminal, and regulatory laws, regulations, and duties, including tax obligations, anti-money laundering (AML) regulations, sanctions compliance, and other relevant legal requirements applicable in their jurisdiction. Users must not use the Services in a manner that violates any duties, laws, or regulations.

Self-Custody: Users are fully responsible for the security of their private keys and other credentials required to interact with their own assets and with the Services. Any loss of access to private keys or other access credentials due to negligence or malicious activity is solely the user’s responsibility, and the Company cannot recover lost keys or reverse transactions.

Transaction Accountability: All transactions performed using the Services are final, irrevocable, and irreversible. Users must understand the implications of their transactions and should conduct thorough due diligence before interacting with the Services. Users should conduct test transactions prior to conducting material transactions.

Securing Digital Assets: Users are responsible for securing their digital assets, including the use of secure digital asset wallets, and should conduct appropriate information security practices to protect against unauthorised access. Loss or compromise of private keys or other access credentials can result in irreversible and complete loss of access to, control of, or use of assets.

Position Monitoring: Users are responsible for monitoring the status of their staked positions, including validator health, slashing risk, unbonding periods, and the value and redeemability of any liquid staking tokens. The Company has no obligation to notify users of adverse events affecting their positions.

Due Diligence and Professional Advice: Users should conduct thorough research and consider seeking professional financial, legal, tax, and technological advice before engaging with the Services. This includes understanding the specific risks of Bitcoin staking, liquid staking tokens, cross-chain bridging, and the specific Products and validators involved.

Impact of Legal Changes: The DeFi space is subject to potential legal changes that could affect the legality and functionality of the Services, including the Protocol, the App, and the Products. Users should be prepared for such changes and ensure compliance with all relevant legal obligations related to the ownership and control of digital assets, staking activities, and the use of the Services.

Legal Risks and Compliance: The Company’s activities are subject to various laws and regulations in the jurisdictions where it operates. Regulatory actions, orders, or inquiries may adversely affect the Services and their availability. Additionally, changes in applicable laws or evolving interpretations of existing laws could increase compliance costs, impact the functionality of the Services, result in the reclassification of tokens or staking activities, or necessitate the acquisition of specific licences. The classification of LBTC, BTC.b, BARD, or other tokens as securities, financial instruments, or regulated products in any jurisdiction could restrict their availability, transferability, or use.

XIII. Data Privacy and KYC/AML Risks

Data Collection Risks: The Company may implement or be required to implement know-your-customer (“KYC”), anti-money laundering (“AML”), combating the financing of terrorism (“CFT”), sanctions screening, or other identity verification and compliance procedures. The collection and processing of personal data for these purposes introduces risks, including but not limited to:

  • Data protection compliance risk: Personal data collected for KYC/AML purposes may be subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the UK Data Protection Act 2018, the California Consumer Privacy Act (“CCPA”), and other applicable data protection legislation. The cross-jurisdictional nature of the Services means that data may be processed in, or transferred to, jurisdictions with different or less protective data privacy regimes, and that applicable data protection obligations may change over time.

  • Third-party data sharing risk: Personal data submitted for compliance purposes may be shared with third-party compliance screening providers, analytics services, regulatory authorities, and law enforcement agencies as required by applicable law. Users may have limited control over, or visibility into, the subsequent processing of their data by such third parties.

  • Data breach risk: Notwithstanding reasonable security measures, data incidents — including unauthorised access, disclosure, or loss of personal data — may occur. The Company does not guarantee that personal data will be free from security breaches, and any such incident may expose users to identity theft, financial loss, or other adverse consequences.

  • Evolving regulatory requirements risk: The regulatory landscape for data privacy, KYC/AML, and digital asset compliance is evolving rapidly. Changes in applicable law may require the Company to collect additional personal data, retain data for longer periods, or disclose data to additional parties, which may affect users’ privacy interests.

Users are solely responsible for understanding the data privacy implications of providing personal data in connection with the Services and should consult the Company’s Privacy Policy and their own professional advisors before submitting personal data.

XIV. No Professional Advice or Fiduciary Duties

Information Disclaimer: All information provided by the Company and its affiliates, whether on its websites, platforms, documentation, or communications, is intended for informational purposes only. It does not constitute financial, legal, or professional advice, and should not be relied upon as such. Users are encouraged to seek independent professional advice tailored to their specific circumstances before making any financial decisions related to the use of the Services.

No Fiduciary Relationship: The Company does not act as an advisor or fiduciary to any user. Neither the Company, nor the Protocol, nor the App, nor any Product entity, nor any governance participant owes any fiduciary duties to users, and by using the Services, users agree that they alone are responsible for their financial decisions and actions.

No Fiduciary Duties Across the Chain of Custody: Users acknowledge and agree that no party involved in the operation, maintenance, or facilitation of any of the Services — including the Protocol, the App, the Website, and any Product — and including, without limitation, the following, owes any fiduciary, advisory, or trust-based duty to users:

  • Validators and Node Operators: Entities that validate transactions, produce blocks, or operate staking infrastructure do not owe fiduciary duties to users whose assets are staked, delegated, or otherwise processed through their operations. Validators act pursuant to the rules of the applicable blockchain protocol and not as agents, trustees, or fiduciaries of any user.

  • Bridge Operators and Cross-Chain Infrastructure Providers: Operators of cross-chain bridges, relayers, message-passing protocols, and related infrastructure through which assets are transferred between blockchains do not act as fiduciaries, custodians, or agents of users. Their role is limited to facilitating the technical transfer of data and value between networks.

  • Oracle Providers: Third-party data providers (including price oracles, data feeds, and attestation services) that supply information to the Protocol, the Products, or their smart contracts do not owe fiduciary duties to users. Oracle-provided data may be inaccurate, delayed, or manipulated, and users bear full responsibility for any reliance on such data.

  • Governance Participants: Holders of governance tokens (including BARD), delegates, forum participants, multisig signers, and any other participants in Protocol governance do not owe fiduciary duties to other token holders or users. Governance participants may vote or act in their own interests, and no governance action or inaction gives rise to any fiduciary claim.

  • Lombard Security Consortium and its Members: The Consortium and its individual members — including market makers, mining pools, institutional validators, technology providers, and security and research partners — do not owe fiduciary, advisory, or trust-based duties to users. Consortium members act in their capacity as independent infrastructure operators and validators, not as agents, trustees, or fiduciaries of any user. Decisions made by the Consortium regarding transaction validation, protocol upgrades, or operational matters do not give rise to any fiduciary claim.

  • Product Entities and Counterparties: The separate legal entities that serve as counterparties for specific Products (including entities associated with LBTC, BTC.b, and any future Products) do not owe fiduciary duties to users of other Products or of the Protocol generally. Each Product entity’s obligations are strictly limited to those set forth in the applicable Product Terms.

  • Custodial and Key Management Intermediaries: Any third-party custodians, key management service providers, multi-party computation (MPC) operators, or similar intermediaries involved in the safekeeping, generation, or management of cryptographic keys or digital assets in connection with the Services do not act as fiduciaries to users unless expressly provided in a separate written agreement between such intermediary and the user.

  • Auditors and Security Researchers: Third-party security auditors, bug bounty participants, and security researchers who review, test, or assess the code, operations, or infrastructure of the Services do not owe fiduciary duties to users and bear no liability for undetected vulnerabilities or security flaws.

  • Other Third-Party Service Providers: Any other third-party service providers, contractors, or infrastructure operators whose services are utilised by the Services — including, without limitation, cloud hosting providers, analytics services, compliance screening providers, and communication platforms — do not owe fiduciary duties to users.

Arm’s-Length Relationship: All interactions between users and the parties identified above are conducted on an arm’s-length, non-fiduciary basis. No communication, marketing material, documentation, user interface element, or course of dealing by any such party shall be construed as creating a fiduciary relationship, advisory relationship, trust, agency, partnership, or joint venture with any user. Users waive, to the fullest extent permitted by applicable law, any claim that a fiduciary, trust-based, or advisory relationship exists with any party in the chain of custody.

XV. Assumption of Risks and Limitation of Liability

User Assumption of Risk: By using the Services, users acknowledge and accept all associated risks, including those related to the security, functionality, and regulatory environment of the Services. Users acknowledge that participating in DeFi, Bitcoin staking, restaking, and liquid staking involves significant risks, and they should only engage with the Services if they are fully aware of and willing to accept these risks, including the risk of total loss of all assets.

Limitation of Liability: To the fullest extent permitted by law, the Company and its representatives are not liable for any losses, damages, or claims arising from the use of the Services. This includes, but is not limited to, losses resulting from security breaches, smart contract vulnerabilities, slashing events, validator misconduct, bridge failures, governance decisions, regulatory actions, compliance-related restrictions, service interruptions, price fluctuations, App or Website outages, front-end errors, or any other risks described in this risk disclosure. Users agree to hold the Company harmless from any claims or liabilities related to their use of the Services.

XVI. Incident Reporting and Transparency

Incident Disclosures: The Company is committed to transparency. Any significant incidents, such as security breaches, manipulation attempts, slashing events, bridge compromises, App or Website compromises, or major failures affecting any of the Services, will be disclosed to the community as promptly as is reasonably practicable. However, the Company cannot guarantee the prevention of such incidents and disclaims all liability for any losses arising from them. The timing and detail of any disclosure may be limited by the requirements of ongoing investigations, legal obligations, or compliance considerations.

XVII. Mitigation Strategies

Audits and Security Measures: The Protocol and certain Products have undergone security audits by third-party firms. Additionally, the Company may operate a bug bounty program to encourage the identification and reporting of vulnerabilities. While these measures are in place to enhance security, they do not eliminate all risks, and it is imperative that users remain vigilant.

No Guarantee of Audit Effectiveness: Security audits are point-in-time assessments and do not guarantee the absence of vulnerabilities. The Services may be modified after an audit, and new vulnerabilities may be introduced through upgrades, governance changes, new Products, or interactions with other protocols. Users should not rely on the existence of audits as assurance of security.

Acknowledgment of Risks

By using any of the Services — including the Protocol, the App, the Website, and any Products — you acknowledge that you have read, understood, and agree to this risk disclosure. You accept all risks associated with using the Services and agree that the Company is not liable for any losses or damages, whether direct or indirect, arising from your use of the Services.

Governing Terms: These Risk Disclosures are incorporated by reference into, and form part of, the Protocol Terms of Service (the “Terms”). The governing law, dispute resolution, arbitration, class action waiver, limitation of liability, and indemnification provisions of the Terms apply in full to these Risk Disclosures. In the event of any conflict between these Risk Disclosures and the Terms, the Terms shall prevail. Capitalised terms used but not defined in these Risk Disclosures have the meanings given to them in the Terms.

Contact

LF Operations Inc. PH The Century Tower, Office 317, Vía Ricardo J. Alfaro, Betania, Panamá District, Panamá Province, Panama; Email: legal@lombard.finance

Last updated on
Terms of ServicePrivacy Policy