The PowPeg is Rootstock’s Bitcoin-native bridge. It is proof-of-work secured, allowing users to convert BTC to rBTC and vice versa. Your BTC stays on Bitcoin L1, while you mint 1:1 rBTC to use in DeFi.
Bridge nowThe Bitcoin Aligned Bridge
The majority of Bitcoin bridges rely, in some form, on a multisig that holds locked BTC. What really matters is who controls those keys, how they’re protected, and what enforces withdrawals. With PowPeg you get:
On-chain Bitcoin Custody
Your BTC is locked on the Bitcoin blockchain, not in an off-chain custodian. Transparent and auditable 1:1 BTC–rBTC relationship.
Tamper-proof Security
Keys are secured inside tamper-proof Ledger hardware devices (HSMs), the same technology protecting billions in digital assets worldwide. Signers can’t access or misuse the keys; they’re only responsible for keeping the hardware operational under the bridge’s enforced signing rules.
Operational Neutrality
Withdrawals are authorized not by policies or governance votes, but by Bitcoin’s own proof-of-work. Over 80% of Bitcoin’s hashrate secures Rootstock through merge-mining, making the validation practically impossible to subvert.
Proven Resilience
PowPeg has been live since early 2018, with no security breaches or loss of funds. It is open source, audited by top security firms, and covered by a public bug bounty.
How It Works
To dive deeper into the Rootstock PowPeg and gain a comprehensive understanding, please refer to the Rootstock PowPeg Architecture , powHSM , and RskJ Powpeg Node .
Defense in Depth
PowPeg’s security relies on multiple independent layers:
Bitcoin PoW
Bitcoin releases can only be commanded by enough accumulated proof-of-work.
Hardware-level security
Ledger-certified hardware devices (HSMs) protect the private keys.
Protocol-level enforcement
Firmware validates peg rules automatically.
Monitoring
Armadillo detects forks and suspicious miner behavior.
Transparency
All movements are visible on both chains.
How PowPeg Stands Apart
Custodial wraps
e.g. WBTC
Federations
e.g. Liquid
PowPeg
Rootstock
Who Operates the PowPeg
Operated by independent, global entities using secure PowHSM hardware.
Each member holds a tamper-proof hardware device that secures the key.
Currently a 5-of-9 members (five signatures required).
Expanding to 20 members after the Reed upgrade, with plans for up to 60 total.
PowPeg Members
Currently 9 members operate PowHSMs. These members are independent, geographically distributed, diverse entities across mining, custody, DeFi and infrastructure.
Attestation Hardware Verification
- Each PowHSM can cryptographically prove it runs official, audited and open-source firmware.
- Attestation ensures devices are genuine Ledger hardware and untampered.
- Public proofs allow anyone to verify firmware hashes published by Rootstock.
- Attestation continues evolving — future versions will include periodic on-chain proofs.
Questions?
The keys are protected by battle-tested Ledger Hardware Security Modules (HSMs), the same devices trusted to secure billions of dollars in crypto worldwide. Nine public, reputable institutions, including Xapo, Luxor, Sovryn, and RootstockLabs, each operate one of these hardware devices, ensuring it remains properly maintained and up to date. These entities cannot access or move the locked BTC directly; their responsibility is to keep the hardware running securely under the bridge’s enforced signing rules. Expanding to 20 signers in the next network upgrade, with a roadmap to 60.
No. Private keys never leave Ledger HSMs. Signers cannot extract them or sign arbitrary transactions.
Only for valid peg-out requests, and only after Bitcoin’s blockchain shows enough proof-of-work confirmations.
They cannot steal funds. The worst outcome is a temporary halt in peg-outs.
Rootstock provides attestation features so anyone can confirm signers are running approved firmware inside genuine Ledger HSMs.
The Emergency Recovery Protocol (ERP) activates after a time-lock, enabling a separate, public recovery multisig (MoneyOnChain, RootstockLabs, Jameson Lopp).
Ledger HSMs, the same technology used to secure billions in institutional crypto custody.
Yes. PowPeg is open source, audited by top-tier security firms, and covered by a public bug bounty.
Temporary liveness (withdrawal delay). Theft risk is eliminated by design.
The BTC escrow address controlled by the PowPeg federation is public and fully auditable on the Bitcoin blockchain. Anyone can view the UTXOs locked there and reconcile them against the circulating RBTC supply. Rootstock publishes this address so users and auditors can verify balances transparently.
Unlike “optimistic” bridges, PowPeg doesn’t rely on a challenge window. Instead:
- Hardware signers (Ledger HSMs) refuse to sign unless the withdrawal request comes from Rootstock’s consensus chain and is backed by sufficient Bitcoin proof-of-work confirmations.
- If for some reason the majority of the PowPeg signers stop functioning, the Emergency Recovery Protocol (ERP) activates after a time-locked delay, allowing a separate public recovery multisig (with known participants like MoneyOnChain, RootstockLabs, Jameson Lopp) to release funds.
The PowPeg members do not have control over the locked bitcoins. However, in the event the majority of pegnatories decide or are forced to turn off their PowHSM devices, the bitcoins can become permanently locked. This lack of access can potentially impact the system’s functionality, which is a concern.
Moreover, in the unlikely event that all PowHSM devices experience simultaneous hardware or firmware issues, the funds within the peg face the risk of becoming permanently inaccessible. This situation would leave no means for recovery.
To address these risks, the Rootstock Powpeg has implemented a time-locked emergency multi-signature as a fallback mechanism. This valuable feature was introduced as part of the Iris network upgrade and offers a reliable solution in the face of simultaneous PowHSM failures.
The time-locked emergency multi-signature operates on a 3-out-of-4 multisig scheme. It allows for the recovery and use of locked funds but only after one year of complete inactivity of the UTXOs. By requiring the cooperation of at least three designated parties, this mechanism adds an extra layer of security and resilience to the system
For a more detailed understanding of this feature, you can find comprehensive information in the RSK Improvement Proposals (RSKIPs) related to this topic. We encourage readers to refer to RSKIP-201 and RSKIP-225 for a deeper insight into the technical implementation and considerations.
Emergency Multisig Signatories
Following the requirements established in RSKIP225-Emergency Multisig public keys, the signatories for the emergency multi-signature are listed below:
- RootstockLabs (link to message)
- MoneyOnChain (link to message)
- Jameson Lopp – CasaHodl Co-founder & CTO (link to message)
Adrian Eidelman – Rootstock Co-founder (link to message)