DeepSafe Research: The Importance of Trustless Custody from the Unibtc Freezing Incident

On April 23, 2025, a netizen named Brain borrowed the hand of a friend to ask for help on Twitter, saying that when he was arbitraging on a Bitcoin Layer2 chain, more than $100,000 of unibtc assets were trapped by Bedrock officials and could not exit. This article originated from an article by DeepSafe Research and was reorganized by PANews. (Synopsis: Bitcoin Foundation veteran: Trying to restart free BTC faucets, 21million.com live) (Background supplement: Cambridge report: Bitcoin mining "clean energy" usage has reached 52.4%, Tesla will restart BTC payments? According to the disclosure of the party W, on April 17, he found that the unibtc issued by Bedrock had a price anomaly on a certain Bitcoin L2 chain and decoupled from BTC, W believed that the decoupling was temporary and would soon return to anchor, and there was a good arbitrage opportunity, so he stepped part of the BTC into the Bitcoin L2, exchanged it for unibtc and sold the Bitcoin L2 after its anchor. Only 24 hours after decoupling, unibtc was back anchored, but when W tried to sell its unibtc, he found that the unibtc-BTC liquidity pool on the chain was officially removed by Bedrock, and the token exited the only unibtc secondary market on the chain. W couldn't get rid of the unibtc in his hand, so he tried to cross the unibtc to other chains. When he found the only cross-chain bridge (named Free) on the chain that supports unibtc, he received a prompt - "The transaction requires the signature authorization of the project party". W found the customer service of the Free cross-chain bridge and explained it as follows: "The multi-signature key of unibtc cross-chain is hosted by Bedrock, and users cannot mention unibtc to other chains without their permission." There is no way, W can only find Bedrock related personnel to ask about this, the other party's initial reply is: "We can allow you to withdraw the principal, but whether the profits generated by your arbitrage can be withdrawn must be temporarily reviewed." At this point, W realized that the exit path of unibtc on this chain was completely cut off, and his unibtc worth about 200,000 U was "temporarily frozen" - there was no way to sell it on this chain or cross it to other chains. At this time, he felt very helpless and only wanted to withdraw his principal smoothly. However, the attitude of the BedRock related personnel became ambiguous - neither clearly stated when W could withdraw the principal, nor provided any written commitment, and delayed on the grounds of "risk review" and "technical investigation". After a period of delay, BedRock claimed that the unibtc decoupling stemmed from someone on the LayerBank platform who borrowed unibtc assets on a large scale and smashed them, and then BedRock suggested that W "hold LayerBank accountable." W found LayerBank and didn't get a response for a long time. In desperation, W had to find friends on Twitter for help, and after more than two weeks of maneuvering, he finally got a positive response from LayerBank and BedRock officials and successfully recovered his assets. What happened to W is not an isolated case. According to feedback from other parties, BedRock also used similar means to cut off users' unibtc exit paths last year, resulting in these unibtc being "substantially frozen". Of course, this article does not intend to speculate on the reasons behind the above incidents, but only explains how to avoid and eliminate similar central evil behaviors from a technical level. First of all, reviewing the aforementioned events, we can see that BedRock, as the issuer of unibtc and the initial LP of the secondary market liquidity pool, naturally has the right to exit the channel of the secondary market of unibtc, and if its power is to be restricted, it must be more through governance than technical means; However, the aforementioned Free cross-chain bridge conspired with BedRock to refuse user requests, but it exposed that unibtc has obvious technical flaws in the "distribution-single-chain circulation-multi-chain circulation" link: the Free cross-chain bridge, which is a partner of BedRock, is obviously highly centralized. The real trustless bridge should ensure that the bridge official cannot prevent users from exiting, and the unibtc freezing case, whether it is BedRock or the Free cross-chain bridge, has strong centralized permissions and does not provide an exit channel to resist censorship. Of course, cases like UNIBTC are not uncommon, cutting off user exit paths is not uncommon on major exchanges, and for cross-chain bridges or other types of project parties, this use of centralized permissions is not rare. In June 2022, Harmony Horizon Bridge suspended the withdrawal channel for 57 assets due to a hack, and although there were "legitimate reasons" for this behavior, it still made some people feel very scared; In the 2021 StableMagnet incident, the project team stole US$24 million through pre-reserved procedural vulnerabilities, and finally Hong Kong and the United Kingdom mobilized a large number of police forces to recover 91% of the stolen goods with community assistance. Various cases fully show that if the asset custody platform cannot provide trustless services, it will inevitably lead to bad consequences. However, Trustless is not readily available, from payment channels and DLC to BitVM and ZK Rollup, people have tried various implementations, although it can largely guarantee user autonomy and provide reliable asset exit exits, but there are still inevitable flaws behind this. For example, payment channels require parties to monitor potential malicious behavior of counterparties, and DLC needs to rely on oracles; BitVM is expensive to use, and there are other trust assumptions in practice; The ZK Rollup's escape pod has a lengthy window to trigger and requires the Rollup to be shut down, which is costly. Judging from the current implementation of major technical solutions, there is no perfect asset custody and exit plan, and the market still needs to innovate. In the following, DeepSafe Research will take the asset custody scheme officially launched by DeepSafe as an example to explain a trustless message verification scheme that combines TEE, ZK, and MPC, which balances cost, security, user experience and other incompatible indicators, and can provide reliable underlying services for trading platforms, cross-chain bridges or arbitrary asset custody scenarios. CRVA: Encrypted Random Authentication Network At present, most of the most widely used asset management solutions on the market use multi-signature or MPC/TSS to determine whether the asset transfer request is valid, the advantages of this solution are simple landing, low cost, fast message verification speed, and the disadvantages are self-evident - not secure enough, often tend to be centralized. In the Multichain case in 2023, the 21 nodes involved in MPC computing are controlled by one person, which is a typical sybil attack. This incident is enough to prove that dozens of nodes on the surface alone do not provide high decentralization guarantees. In view of the shortcomings of traditional MPC/TSS asset management solutions, DeepSafe...