Original Authors: Nubit and Nebra

In the Bitcoin ecosystem, Total Value Locked (TVL) is a core metric for measuring the scale and security of BTCFi (Bitcoin Finance) projects. However, as BTCFi expands, controversies surrounding the authenticity of TVL data have intensified. False statistics, double counting, and fabricated locks are eroding user trust, posing a severe challenge to the transparency and credibility of the Bitcoin ecosystem.

In response to this phenomenon, Nubit, along with leading Bitcoin ecosystem projects such as Nebra, Bitcoin Layers, and Alpen Labs, released the “Proof of TVL” report on January 5, 2025, directly addressing the opaque state of the BTCFi field, calling for the establishment of higher standards for asset transparency verification mechanisms, and proposing open-source TVL verification tools to provide strong support for the transparency of the Bitcoin ecosystem.

The following is the original text of the report:

Special thanks to Bitcoin Layers and Alpen Labs for their review and valuable feedback on this article.

The Evolution of BTCFi and Liquid Staking Tokens (LSTs)

Bitcoin has long been the cornerstone of the digital asset ecosystem.

However, for many years, its use was primarily limited to being a store of value and a medium of exchange. It wasn't until 2023 that protocols like Babylon introduced the concept of Bitcoin staking, allowing users to lock their BTC in a self-custodial manner and participate in the Proof-of-Stake consensus mechanism to earn rewards.

This innovation opened a new era for Bitcoin, now commonly referred to as BTCFi. This movement endowed Bitcoin with unprecedented capabilities. From then on, Bitcoin was no longer just a passive asset but could actively participate in the decentralized finance (DeFi) ecosystem.

To enhance the usability and liquidity of staked Bitcoin, a wave of Liquid Staking Tokens (LSTs) emerged. These protocols act as custodians, allowing users to stake their BTC and receive tokenized certificates in return. These LSTs can be freely used in DeFi applications, including lending, trading, yield farming, and more. This model allows Bitcoin stakers to "have their cake and eat it too": earning staking rewards while participating in a wide range of DeFi opportunities.

These LST protocols quickly gained user recognition, with the total locked value (TVL) reported by related protocols reaching billions of dollars. TVL is often seen as an important metric for measuring user activity and protocol success.

However, we want to pose a critical question to the industry: How trustworthy is the TVL data reported by Bitcoin LST protocols?

More specifically, should BTC that the protocol cannot actually control or slash be counted in the TVL?

If the TVL data is inflated, it could give users and investors a false sense of security. Inflated TVL data may obscure the true liquidity and risk status of the protocol, leading all parties involved to make erroneous decisions and potentially suffer losses.

Why is it difficult to track the TVL of Bitcoin liquid staking protocols?

In the context of Bitcoin staking, the unique UTXO model of Bitcoin adds complexity, making it difficult to accurately interpret the TVL (Total Value Locked) data. This complexity undermines trust in Bitcoin liquid staking protocols (LSTs) and raises concerns about the sustainability of the entire BTCFi ecosystem.

Let’s analyze the reasons closely.

Bitcoin uses the UTXO model (Unspent Transaction Output), where each transaction creates independent "Bitcoin units" with specific usage conditions. For example:

A certain UTXO may require a private key signature to be used.

More complex UTXOs may include multisig requirements or timelocks.

Unlike Ethereum's account model, Bitcoin's UTXO model does not aggregate balances, making it more complex to track and lock funds—though not entirely impossible. Therefore, the TVL data of LST protocols is often reported by the protocols themselves. To verify this reported data, we need to start from a simple question:

How should the TVL of Bitcoin liquid staking protocols be calculated?

The goal of Bitcoin staking protocols is to provide economic security for application layer protocols (such as Rollups, Data Availability Layers (DAs), etc.). From this perspective, economic security is only effective when the staked Bitcoin is under the custody of the staking protocol and can be slashed. Therefore, one thing is clear:

BTC that is not under the custody of the staking protocol or cannot be slashed should not be counted in the TVL.

How is the TVL of Bitcoin double staking fabricated?

Many Bitcoin liquid staking protocols, in pursuit of high TVL (Total Value Locked), go to great lengths to reach agreements with large holders (whales), attempting to artificially inflate their TVL numbers through "data brushing."

Here’s how they operate:

1. Whale Staking: Large Bitcoin holders (i.e., whales) are incentivized to transfer their BTC to an address jointly controlled by the whales and the protocol, participating in the name of "staking."

2. Control of Whales Remains Unchanged: After staking, the whales still retain ultimate control over the UTXOs (Unspent Transaction Outputs). The protocol cannot enforce redemption or impose penalties (including slashing penalties), meaning these funds are never truly at risk.

3. False Inclusion in TVL: The protocol counts these UTXOs in its TVL, even though these funds are not genuinely locked, and the whales can withdraw or reuse these funds at any time.

The reality is:

Users (whales) retain complete control over the funds: whales can spend these BTC at any time or stake them in other protocols.

Pseudo-staking without slashing penalties: This "staking" process has no mandatory slashing conditions and is essentially meaningless.

The core significance of staking lies in ensuring network security through incentivizing good behavior and punishing malicious actions. Slashing penalties ensure that participants bear the actual risk of financial loss when they do not comply with protocol rules or engage in dishonest behavior. Without this mechanism, staking devolves into a farce of "staking for the sake of staking," serving no real purpose.

Ask yourself: What is the meaning of staking? It is not to exaggerate TVL data or make symbolic gestures, but to ensure the security of the protocol through slashing mechanisms.

This brings to mind the painful lessons of FTX. In the collapse of FTX, the gap between the reported numbers (receipt tokens) and the actual reserves (redeemable assets) ultimately led to a complete collapse of user trust. If a protocol inflates its TVL data, can you really trust that it won't misuse your reserves behind the scenes? A protocol that distorts facts on such a fundamental issue as reserves has likely deviated from the trustless principles that Bitcoin represents.

This inflated TVL data raises larger questions: Are the reported "staked" Bitcoins really locked? Or is this merely a false metric to attract attention and inflate numbers?

Risks of False TVL

In theory, Liquid Staking Tokens (LSTs) are designed to represent Bitcoins staked in protocols like Babylon, allowing holders to earn staking rewards while maintaining asset liquidity. The premise of this mechanism is that each LST is fully backed by real Bitcoin reserves at a 1:1 ratio.

However, some staking arrangements that pursue high TVL data may undermine these commitments. If part of the staked BTC is still fully controlled by the original holders while the protocol simultaneously reports it as fully locked, this directly threatens the fundamental assumption upon which LSTs exist. The potential outcomes could be:

Actual locked collateral is less than reported amounts.

The staking model fails to provide the expected security guarantees.

There is a significant gap between the reported TVL and the actual amount of BTC truly participating in staking.

Ultimately, these actions call into question whether LSTs are genuinely fully backed by verifiable reserves and raise doubts about the economic security these tokens can provide, such as:

1. Lack of 1:1 backing guarantee

Since the protocol counts Bitcoins that are not truly locked or staked as "staked," it cannot guarantee that the assets supporting LSTs actually exist or are under the control of the protocol. Users holding these tokens can only rely on the protocol's unilateral statements. Moreover, if these assets do not exist, users will face real financial loss risks when redeeming the underlying assets.

2. Unverifiable staking rewards

Staking rewards should come from genuine contributions to network security or Proof-of-Stake consensus. However, when the underlying Bitcoins are not genuinely participating in staking, where do these rewards come from? Are they sustainable?

This poses a systemic risk to the entire BTCFi ecosystem. As trust diminishes, liquidity may quickly evaporate, potentially destabilizing not just a single protocol but the entire BTCFi ecosystem based on Bitcoin staking.

What happens when Bitcoin staking protocols become indistinguishable from centralized entities? In this case, users cannot audit reserves and can only choose to trust the operator's statements. This situation severely threatens the credibility of BTCFi.

The current situation poses an existential threat to the credibility of BTCFi. To avoid repeating the mistakes of centralized systems and false TVL, we must address the root of the problem: the lack of a trustless and verifiable mechanism for proving reserves and staking activities.

This is precisely where Proof of TVL (PoTVL) comes into play. Only by establishing a scientific, transparent, and cryptographically-based reserve verification standard can we rebuild trust in Bitcoin LSTs and ensure the long-term sustainability of the ecosystem.

Fundamental Solution: Transparent Calculation of TVL

In the context of Bitcoin staking, Taproot addresses play a crucial role in implementing staking lock scripts (e.g., Babylon). These lock scripts define clear rules for staking, tracking, and ultimately withdrawing BTC. Babylon is a typical example as it directly links staking actions to verifiable protocol-level rules on the Bitcoin UTXO model.

When stakers participate in the staking protocol, they construct special transactions to send BTC to the Taproot address specified by the protocol. These transactions typically include the following:

1. Staking Output: A UTXO used to send BTC to the Taproot address for staking.

2. Ownership Verification Output: A second UTXO containing the public keys of the staker and the protocol. These public keys prove ownership of the staked BTC.

Taking the Babylon staking protocol specification as an example:

The specification requires the staker (or LST protocol) to construct transactions as follows:

• The first UTXO sends BTC to a Taproot address bound to Babylon's staking lock script.

• The second UTXO contains the public keys of the staker and Babylon to ensure ownership verification.

This design ensures that staking actions can be fully tracked on-chain, with clear proof of ownership and transparent rules.

Case Study: Lombard Finance

To demonstrate the application of this method in practice, we used the open-source tool Proof of TVL to verify Lombard Finance.

Here is the complete verification process:

1. Identify User Deposit Wallets

Starting from the wallets where users deposit BTC to Lombard. These wallets represent the initial capital inflow into the system.

2. Track Transactions to Staking Wallets

Track the flow of BTC from the deposit wallets to the staking wallets controlled by Lombard. Identify all staking transactions according to Babylon's staking specifications.

3. Verify Ownership

Use Babylon's protocol rules to confirm whether the required public keys for ownership verification are included in the staking transactions. Ensure that the transactions comply with the staking lock script.

4. Calculate Real TVL

Summarize the amount of BTC outputs in the verified staking transactions to calculate the on-chain collateral. Compare the collateral with the total supply of LBTC to calculate the collateralization ratio.

Through the above steps, we calculated Lombard's LST TVL as follows:

• On-chain collateral: 16,580.9220 (15,028.3565 BTC / 90.64% staked)

• Total supply of LBTC: 16,386.4157 (101.19% over-collateralized)

• Latest verification time: January 4, 2025, 7:30 PM Pacific Time

• Status: Secure (101.19% over-collateralized)

Verification details:

• 90.64% Staked

Of the 16,580.9220 BTC in on-chain collateral, 15,028.3565 BTC is actively staked according to Babylon's specifications.

• 101.19% Over-Collateralized

The total supply of LBTC is 16,386.41, while the on-chain collateral is 16,599 BTC.

• Complete On-Chain Transparency

Each staking transaction can be directly traced back to the deposit address of the Lombard protocol, and ownership verification complies with the staking rules.

The verification process was completed on January 4, 2025, at 7:30 PM Pacific Time (at the time of writing this article), and the data is fully reproducible without manual intervention. Through our open-source tool Proof of TVL, anyone can independently verify the TVL data of LBTC in real-time.

This is true transparency.

While this solution provides a high level of transparency, it has a critical flaw: it relies on the trust that the protocol can accurately calculate and report TVL.

So, is there a way to eliminate this dependency and allow anyone to confidently verify the results independently? Zero-Knowledge Proofs (ZKPs) offer a potential solution path.

Using Zero-Knowledge Proofs for TVL Verification

One major advantage of Zero-Knowledge Proofs (ZKPs) is their cryptographic trust mechanism, while the verification cost is extremely low, allowing users to verify ZKPs directly on client devices such as smartphones or browsers. This significantly reduces the friction and trust assumptions in TVL verification. Now, users do not even need to trust a third party running the TVL verification protocol.

The Zero-Knowledge Proofs used to verify LST TVL are expressed as follows:

BTC from LST on Babylon + Reserve proof from LST wallet ≥ Total supply of LST

BTC from LST on Babylon

According to Babylon's transaction specifications: For a transaction to be considered a valid staking transaction, it must meet the following conditions:

• The transaction must have a Taproot output, with the key spending path disabled, and submitted to a script tree consisting of the following three scripts: timelock script, unbonding script, and slashing script. This output is referred to as stakingoutput, and its value is called stakingamount.

• The transaction must include an OPRETURN output containing the following: globalparameters.tag, version, stakerpk (staker public key), finalityproviderpk (finality provider public key), stakingtime (staking time).

To verify the BTC of LST on Babylon, we first need to check the validity of the staking transaction. For example, verify that the Taproot output and OP_RETURN contain the same public key.

Reserve Proof of LST Wallet

We can adopt standard reserve proof protocols, such as the reserve proof protocol proposed by Vitalik Buterin: https://vitalik.eth.limo/general/2022/11/19/proofofsolvency.html.

Additionally, Shumo et al. have proposed a slightly improved version.

Further reading: SNARKed Merkle Sum Tree: A Practical Proof of Solvency Protocol Based on Vitalik's Proposal.

The only technical detail is that we need to replace the signature algorithm used in Ethereum with the one used in Bitcoin. For example, while both Bitcoin and Ethereum use ECDSA, Bitcoin chose SHA instead of Keccak as the secure hash algorithm.

Total Supply of LST

This is a public input provided by the user.

By using Zero-Knowledge Proofs for TVL verification, we can effectively minimize counterparty risk while lowering the threshold for any user to verify the results.

The Future Path of BTCFi

Bitcoin has always represented trust, decentralization, and transparency. However, with the proliferation of false TVL data in the Bitcoin staking space, these core principles are at risk of being eroded.

The solution is very clear: TVL verification achieved through Zero-Knowledge Proofs provides a clear path to true accountability.

By eliminating the reliance on trust and allowing reserves to be verifiable by anyone, we can rebuild user confidence in Bitcoin LSTs and ensure that BTCFi thrives on a "real" basis.

Continuous Participation

We believe in the power of collective progress. Here are ways you can help drive this process forward:

• Provide more TVL verification analysis: Help expand the tool's applicability and contribute transparent analyses for other BTCFi protocols. Transparency is a collective effort for the entire ecosystem.

• Contribute PR: Improve the tool or suggest new features (e.g., implementation of zk-proofs).

• Establish industry standards: Collaborate with us to create publicly verifiable BTCFi transparency standards.

• Spread the word: Share this article to raise awareness of the need for trustless TVL verification.

Appendix: Full report and open-source verification tool address

Proof of TVL GitHub link

Original report link

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。