Intent-based architecture separates the user's desired outcome from its execution. This is the core innovation that distinguishes Across from atomic swap bridges like THORChain. Users broadcast a signed intent, and a competitive network of fillers executes it, removing the need for locked capital on the source chain.
bitcoins-evolution-defi-ordinals-and-l2s
Blog
Across Bridge Design for Bitcoin Transfers
A technical analysis of how Across Bridge's intent-based architecture, leveraging UMA's optimistic oracle and a unified liquidity pool, creates a superior user experience for moving Bitcoin into Ethereum DeFi, compared to traditional lock-and-mint bridges.
introduction
THE INTENT-BASED APPROACH
Introduction
Across Protocol redefines Bitcoin bridging by applying an intent-based architecture, decoupling liquidity from security for superior capital efficiency.
Optimistic verification secures the system. A single, permissionless Watcher network on Ethereum monitors all transfers and can challenge invalid ones during a dispute window. This model, inspired by optimistic rollups like Arbitrum, provides security without the latency of traditional validator consensus.
Capital efficiency is the primary advantage. Unlike Stargate or Multichain, which require deep, dual-sided liquidity pools, Across uses relayers as liquidity routers who source funds on the destination chain. This reduces capital requirements by over 90% and enables faster, cheaper transfers.
Evidence: Across processed over $10B in volume with less than $50M in liquidity, achieving a capital efficiency ratio exceeding 200:1, an order of magnitude better than lock-and-mint bridges.
thesis-statement
THE ARCHITECTURE
Thesis Statement
Across Protocol's design for Bitcoin transfers leverages a novel intent-based architecture and a unified liquidity pool to solve the core problems of speed, cost, and security in cross-chain bridging.
Intent-based architecture separates transaction declaration from execution. Users sign an intent, and a network of fillers competes to fulfill it, creating a competitive marketplace that drives down costs and latency compared to traditional lock-and-mint bridges like WBTC.
Unified liquidity pool is the core innovation. A single pool of capital on Ethereum services transfers across all supported chains, including Bitcoin via tBTC or WBTC. This capital efficiency contrasts with peer-to-peer models like Stargate, which fragment liquidity per chain-pair.
Optimistic verification secures transfers. A single off-chain Relayer submits proofs, which are optimistically assumed valid unless challenged within a fraud-proof window. This light-client security model reduces on-chain costs versus ZK-proof systems while maintaining strong security guarantees.
Evidence: Across has settled over $12B in volume with a 99.9% successful fill rate, demonstrating the production-grade reliability of its architecture for high-value Bitcoin transfers.
key-trends
BRIDGE ARCHITECTURE TRADEOFFS
The Bitcoin Bridge Problem Space
Moving Bitcoin off-chain requires navigating a fundamental trilemma between security, speed, and capital efficiency.
01
The Problem: The Custodial Quicksand
Centralized bridges like Wrapped Bitcoin (WBTC) dominate with $10B+ TVL but introduce a single point of failure. Users trade Bitcoin's core security for convenience, relying on a legal promise rather than cryptographic proof. This model is antithetical to crypto's ethos and has led to catastrophic losses in other ecosystems (e.g., Multichain).\n- Counterparty Risk: You trust an entity, not code.\n- Censorship Vector: The custodian can freeze or blacklist assets.\n- Regulatory Attack Surface: The custodian is a legal entity.
>99%
Market Share
1
Failure Point
02
The Solution: The Light Client Frontier
Projects like Babylon and Nomic are pioneering non-custodial security by bringing Bitcoin's consensus to other chains. They run Bitcoin light clients as smart contracts, enabling cryptographic verification of state and transactions without trusted intermediaries. This is the holy grail for purists but faces significant technical hurdles.\n- Trust Minimization: Security approaches Bitcoin's own.\n- High Latency: Finality is tied to Bitcoin's ~10-minute block times.\n- High Cost: On-chain verification of Bitcoin headers is computationally expensive.
~10 min
Finality Latency
Native
Security
03
The Pragmatic Hybrid: Optimistic & MPC
Bridges like Across (using UMA's optimistic oracle) and Threshold Network (using tBTC v2) employ hybrid models to balance security and speed. They use cryptoeconomic security (bonded operators, fraud proofs) or Multi-Party Computation (MPC) to reduce custodial risk while maintaining practical UX. This is the dominant design for performant DeFi bridges.\n- Faster Finality: Minutes, not hours.\n- Reduced Trust: Security through slashing and fraud proofs.\n- Capital Intensive: Requires substantial bonded collateral (over-collateralization).
~3-5 min
Transfer Time
150%+
Collateral Ratio
04
The Liquidity Problem: Fragmentation Silos
Every new bridge mints its own synthetic Bitcoin (e.g., WBTC, tBTC, renBTC), creating liquidity silos. This fragments the very liquidity DeFi needs, leading to poor pricing and slippage. Solutions like LayerZero's OFT standard or Chainlink's CCIP aim for canonical, cross-chain tokens, but Bitcoin's lack of a smart contract layer makes this exceptionally hard.\n- Inefficient Capital: Liquidity is trapped per bridge.\n- Slippage & Premiums: Arbitrage is slow and costly.\n- Protocol Risk: Each wrapped asset carries its bridge's specific risk profile.
10+
Wrapped Variants
>5%
Common Premium
05
The UX Problem: The Multi-Step Gauntlet
A user must: 1) Bridge to an L2/EVM, 2) Swap to a wrapped asset, 3) Interact with a dApp. This is a UX nightmare. Intent-based architectures (pioneered by UniswapX and CowSwap) and solver networks abstract this away. The user signs an intent ("I want X BTC on Arbitrum"), and a network of solvers competes to fulfill it via the most efficient route across bridges and DEXs.\n- Abstracted Complexity: User sees one transaction.\n- Optimal Routing: Solvers find best price/bridge combo.\n- New Trust Layer: Relies on solver honesty and liveness.
1
User Signature
~30 sec
Perceived Speed
06
The Sovereign Future: Rollups & Sidechains
The endgame may bypass bridges entirely. Bitcoin Layer 2s like Merlin Chain and BitVM-based rollups aim to keep Bitcoin native within their ecosystem, using Bitcoin as the data availability and settlement layer. This changes the paradigm from "bridging out" to "scaling up." However, these are nascent and unproven at scale.\n- No Wrapped Asset: Use BTC directly in smart contracts.\n- Inherited Security: Leverages Bitcoin's consensus.\n- Early Stage: BitVM is a theoretical framework, not production-ready.
L2
Paradigm
Theoretical
Maturity
deep-dive
THE INTENT-BASED PIPELINE
Architectural Deep Dive: How Across Routes Bitcoin
Across executes Bitcoin transfers by decoupling user intent from settlement, using a competitive relay network and optimistic verification.
Intent-Based Architecture separates the user's transfer request from its execution. A user signs a message specifying the destination, creating a transfer intent that any third-party filler can fulfill. This design is shared by UniswapX and CowSwap, enabling gasless transactions and optimal route discovery without locking funds in a canonical bridge.
Optimistic Verification secures the system by assuming relay honesty. A single honest watcher can dispute invalid transfers during a 30-minute challenge window, slashing the malicious filler's bond. This model, pioneered by Optimism, reduces latency and cost versus zero-knowledge proofs, making it viable for high-frequency, lower-value transfers.
Competitive Relay Network creates a liquid market for fillers. Relays like Bware Labs and Blockdaemon compete to fulfill intents fastest and cheapest, driving down costs for users. This is a core differentiator from order-book bridges like Stargate, which rely on predefined liquidity pools and can suffer from fragmentation.
Evidence: Across processed over $10B in volume with zero loss of user funds, demonstrating the security-efficiency trade-off of its optimistic model. Its average fill time for Bitcoin transfers is under 3 minutes, a key metric for user experience versus canonical bridges.
BITCOIN TRANSFERS
Bridge Design Matrix: A CTO's Comparison
A first-principles comparison of core architectural approaches for bridging Bitcoin to EVM chains, focusing on security, cost, and user experience trade-offs.
| Architectural Feature / Metric | Wrapped Asset (WBTC) | Light Client / ZK (tBTC v2) | Liquidity Network (Across) |
|---|---|---|---|
Custody Model | Centralized (Multi-sig Federation) | Decentralized (Threshold ECDSA) | Optimistic (Bonded Liquidity) |
Native BTC Security | ❌ | ✅ | ✅ |
Finality to Destination | ~1 hour (Custodian batch) | ~3 hours (BTC finality + proof gen) | < 5 minutes (Optimistic challenge window) |
Typical Transfer Fee | $50-150 (mint/burn + gas) | $10-30 (gas + relayer) | $5-15 (gas + LP fee ~0.1%) |
Capital Efficiency | Low (1:1 vault collateral) | Medium (Over-collateralized staking) | High (Reusable liquidity pools) |
Trust Assumptions | Trust in 15-of-21 signers | Trust in DKG & MPC ceremony | Trust in bonded relayers & fraud proofs |
Ecosystem Composability | ✅ (Standard ERC-20) | ✅ (Standard ERC-20) | ✅ (Standard ERC-20) |
Primary Risk Vector | Custodial seizure | Cryptographic compromise | Liquidity insolvency |
risk-analysis
BITCOIN BRIDGE VULNERABILITIES
Risk Analysis: Where Could Across Fail?
Across's optimistic design for Bitcoin introduces unique attack vectors and systemic dependencies that could undermine its security model.
01
The Watcher's Dilemma
The system's liveness depends on a single, centralized Watcher to detect fraud within a ~2 hour challenge window. A malicious or compromised Watcher could censor fraud proofs, enabling theft of the entire relayer bond pool.
- Single Point of Failure: No decentralized fallback for fraud detection.
- Economic Inversion: A bribe exceeding the relayer bond could incentivize collusion.
- Censorship Vector: Watcher can selectively ignore attacks, breaking the optimistic security model.
1
Central Watcher
~2h
Vulnerability Window
02
Bitcoin Finality vs. Optimistic Windows
Across's security inherits Bitcoin's ~1 hour probabilistic finality, but its challenge period is only ~2 hours. This creates a narrow, risky overlap where a Bitcoin reorg could invalidate a deposit after funds are released on the destination chain.
- Temporal Mismatch: Challenge period may be insufficient for deep reorgs.
- Chain-Specific Risk: A >2 hour Bitcoin reorg, while improbable, is a catastrophic black swan.
- No Native Slashing: Fraud proofs punish relayers, but cannot recover Bitcoin from a reorg.
1h
BTC Finality
2h
Challenge Period
03
Liquidity Fragmentation & Relayer Economics
The model depends on professional relayers competing on speed and fee discounts, backed by bonded capital. In a bear market or high volatility, liquidity can fragment or vanish, causing failed transfers and breaking UX.
- Capital Efficiency Pressure: Relayer bonds must cover in-flight transfers; scaling requires O(n) capital.
- Adversarial Pricing: Relay auctions can be gamed during network congestion.
- Dependency Risk: Contrast with native Lightning or Liquid which don't rely on third-party liquidity pools.
O(n)
Capital Scaling
Low
Relayer Moats
04
Canonical Bridge Monopoly Risk
As a canonical bridge (e.g., for rollups like Arbitrum), Across becomes a systemically critical piece of infrastructure. This attracts regulatory scrutiny and creates a high-value target, contrasting with the permissionless, competitive design of intent-based bridges like UniswapX and CowSwap.
- Regulatory Attack Surface: A single entity (UMA) controls key governance and watcher roles.
- Too Big to Fail Dynamics: A failure could freeze billions in bridged assets across multiple chains.
- Innovation Stifling: Canonical status reduces competitive pressure to improve security and costs.
High
Systemic Risk
1
Gov. Controller
05
Interoperability Stack Dependencies
Across's Bitcoin bridge relies on additional layers like Bitcoin light clients (e.g., Babylon) or multi-sig federations for proof verification. A failure or exploit in these underlying layers cascades to Across.
- Weakest Link Security: Inherits risks of the chosen Bitcoin light client implementation.
- Complexity Attack Surface: Each additional contract (e.g., Bitcoin SPV verifier) expands the audit surface.
- Contrast with LayerZero: Which uses an Oracle/Relayer separation, but faces similar dependency risks.
N+1
Attack Surfaces
06
The MEV Extraction Endgame
The slow Bitcoin confirmation (10+ mins) versus fast destination chain execution creates a massive MEV opportunity. Front-running and sandwich attacks on the release transaction could extract value from users, making the bridge economically hostile for large transfers.
- Time Bandit Attacks: Relayers or searchers can exploit the latency arbitrage.
- UX Degradation: Users receive worse effective exchange rates.
- Economic Leakage: Contrasts with Across's Ethereum flows where MEV is mitigated by faster settlement.
10+ min
MEV Window
future-outlook
THE BRIDGE IMPERATIVE
Future Outlook: Bitcoin as a Native Yield Asset
Bitcoin's evolution into a yield-bearing asset necessitates a fundamental redesign of cross-chain infrastructure, moving beyond simple asset transfers to programmable intent.
Bitcoin's yield requires composability. Simple token bridges like Multichain or Stargate are insufficient; they create inert wrapped assets. A yield-bearing Bitcoin must move as a dynamic, interest-accruing position, requiring bridges that understand and preserve state.
The design shifts to intent-based architectures. Protocols like Across and UniswapX solve for user outcomes, not just asset movement. For Bitcoin, this means a bridge that automatically routes to the highest-yielding vault on the destination chain, abstracting liquidity fragmentation.
LayerZero's omnichain fungible token (OFT) standard provides a template. It enables native cross-chain transfers with preserved contract state, a prerequisite for yield-bearing positions. This is a more complex primitive than a basic mint-and-burn bridge.
Evidence: The $1.5B in Bitcoin now on Ethereum via WBTC demonstrates latent demand for utility, but its static nature highlights the gap. The next wave requires bridges that transfer yield, not just coins.
takeaways
ACROSS BRIDGE DESIGN
Key Takeaways for Builders
Architecting for Bitcoin's unique constraints requires a modular, intent-based approach to unlock DeFi liquidity.
01
The Problem: Bitcoin's Script is Not EVM-Compatible
Bitcoin's UTXO model and non-Turing complete scripting language prevent direct smart contract integration. This creates a hard wall for native DeFi composability.\n- No Native Smart Contracts: Can't execute arbitrary logic on-chain like an L2.\n- Custodial Risk: Most bridges lock BTC in a multi-sig, creating a central point of failure.
0
Native EVM Slots
02
The Solution: Decouple Validation from Execution
Adopt an intent-based architecture like Across or UniswapX. Users express a desired outcome (e.g., 'swap BTC for ETH on Arbitrum'), and a network of fillers competes to fulfill it.\n- Modular Security: Leverage Ethereum for settlement and dispute resolution via UMA's Optimistic Oracle.\n- Capital Efficiency: Fillers provide liquidity off-chain, reducing locked capital versus canonical bridges.
~3 min
Typical Fulfillment
-90%
Capital Locked
03
The Mechanism: Optimistic Verification for Speed
Use an optimistic security model to bypass slow Bitcoin finality. Assume transfers are valid unless challenged, settling disputes on a faster chain like Ethereum.\n- Fast Exit: Users receive funds on the destination chain in ~3 minutes, not hours.\n- Cryptoeconomic Security: Challengers are incentivized with bonds to catch fraud, backed by UMA's oracle.
10x
Faster than L1 Finality
04
The Trade-off: Trust in the Filler Network
Speed and capital efficiency come from introducing a layer of professional relayers. This shifts risk from custodial vaults to economic competition.\n- Relayer Risk: Users trust a filler's ability to front capital and settle correctly.\n- Mitigation: Reputation systems, slashing, and bond requirements align filler incentives.
$1M+
Typical Filler Bond
05
The Integration: Treat Bitcoin as a Data Availability Layer
For maximal security, use Bitcoin L1 solely for publishing cryptographic proofs of state changes. All complex logic executes elsewhere.\n- Proof Publication: Commit hashed transfer data to Bitcoin via OP_RETURN or Taproot.\n- Settlement on Ethereum: Use these immutable proofs to trigger payouts via smart contracts, inheriting Ethereum's security.
~40 bytes
OP_RETURN Data
06
The Competitor: LayerZero's Omnichain Fungible Token (OFT)
Contrast with message-passing architectures. LayerZero's OFT standard enables native cross-chain transfers but requires a lightweight on-chain endpoint (like a Ordinals-style protocol).\n- Native Burns/Mints: Burns BTC on source, mints wrapped asset on destination via authenticated messages.\n- Different Trust Assumption: Relies on Oracle and Relayer set, not an optimistic challenge period.
2/3
Oracle/Relayer Set
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall