CBTC brings Bitcoin's liquidity into Canton's privacy-enabled environment for trading, collateral, lending, and structured products. The infrastructure that secures every satoshi backing every CBTC in circulation is the CBTC Attestor Network: a group of independent institutional operators who together control custody, signing, and governance through FROST threshold signatures. Decentralization is a security property, and the Attestor Network is where that property becomes concrete.
If you are evaluating CBTC for trading, lending, or collateral, this is the piece that walks through how your Bitcoin is secured, why no single party can move it, and what the architecture means in practice.
Why Bridge Security Matters More Than You Think
Bridge exploits are not edge cases. They are the single largest category of loss in crypto.
Ronin Bridge: $625M. Wormhole: $320M. Harmony Horizon: $100M. In each case, the root cause was the same. A small number of keys controlled by a small number of parties, with insufficient distribution of trust.
For institutional participants, this is not an acceptable risk profile. If you are going to bridge Bitcoin onto another network, you need to know exactly who controls the keys, how many parties must agree to move funds, and what happens when one of them goes offline or is compromised.
CBTC was designed from the ground up to answer those questions.
The Attestor Network: Who Secures Your Bitcoin
The CBTC Attestor Network is a decentralized group of institutional-grade node operators. Each Attestor independently runs infrastructure on both the Bitcoin and Canton networks. They are not passive observers. They are active participants in every mint, burn, and withdrawal.
The network is composed of independent, institutional-grade operators selected for technical capability, financial stake, and operational credibility. Each runs infrastructure on both chains, and the operator set is designed to grow as additional institutional operators meet the onboarding bar.
Every critical action requires a threshold of Attestors to independently verify and approve. No single operator, and no single entity (including BitSafe), can unilaterally mint CBTC, redeem BTC, or withdraw Bitcoin.
FROST: Threshold Signatures Without the Tradeoffs
On the Bitcoin side, the Attestor Network uses FROST (Flexible Round-Optimized Schnorr Threshold Signatures), a cryptographic protocol that distributes signing authority across multiple parties.
Here is what makes FROST different from traditional approaches:
The signing key is never reconstructed. Each Attestor holds only a share. There is no moment where a complete private key exists in memory, on disk, or in transit.
Taproot-native. FROST signatures are standard Schnorr signatures, fully compatible with Bitcoin's Taproot upgrade. Any wallet that can send to a P2TR address can interact with CBTC. No special tooling required.
Indistinguishable on-chain. A FROST threshold signature looks identical to a regular single-signer Bitcoin transaction. Nobody can determine from the blockchain that a threshold scheme was used. This enhances both privacy and security.
Smaller and cheaper. One aggregated signature regardless of how many Attestors participated, versus N separate signatures in traditional on-chain multisig. Lower fees, smaller transactions.
The protocol operates in two rounds:
Commitment: The Coordinator selects the participating Attestors. Each generates fresh nonces and public commitments.
Signature share: Each Attestor verifies all commitments, computes an individual signature share, and returns it. The Coordinator aggregates the shares into a single valid Schnorr signature.
The result is a Bitcoin transaction that is cryptographically secure, economically efficient, and architecturally resilient. For a deeper technical dive, see the original FROST paper by Komlo and Goldberg.
How a Mint Actually Works
Walking through a CBTC mint end to end:
Generate a deposit address. The minter uses the CBTC software to generate a unique Taproot deposit address, derived via the FROST protocol. This address cryptographically commits to the Canton PartyID where the CBTC will be minted, ensuring that any BTC sent to it can only result in CBTC being issued to that specific Canton party.
Send Bitcoin. The minter sends BTC to this address from any Taproot-compatible wallet (Sparrow, Ledger Live, BlueWallet, or similar).
Wait for confirmations. The system requires 6 Bitcoin block confirmations before proceeding.
Independent Attestor verification. Each Attestor independently monitors the Bitcoin network and verifies the deposit has landed and been confirmed. This is automated.
Canton governance confirmation. Each Attestor submits a
ConfirmDepositActionto the Canton governance module. These confirmations are recorded as Canton contracts.Threshold met, CBTC minted. Once the required number of confirmations has been reached, the Coordinator executes the mint. CBTC is issued to the minter's Canton node.
The withdrawal process mirrors this flow in reverse, with Attestors co-signing the Bitcoin transaction via FROST before any BTC leaves the custody address.
Dual-Network Security: One Network, Two Chains
This is a detail that often gets overlooked. The same Attestor nodes that co-sign Bitcoin transactions via FROST also operate on Canton, where they participate in the governance module that controls minting and burning.
This means CBTC's security is not split across two separate trust models. It is a single, unified trust model that spans both networks:
Layer | Network | Security mechanism |
|---|---|---|
Bitcoin custody | Bitcoin L1 | FROST threshold signatures (Taproot) |
Governance and coordination | Canton | Daml contracts with threshold confirmation |
Token operations | Canton | CIP-56 compliant Daml contracts |
Compromising the Bitcoin side is not enough. An attacker would also need to compromise the Canton governance layer, and vice versa. The dual-network model creates defense in depth that single-chain bridges simply do not have.
What Cannot Happen
It is worth being explicit about the guarantees:
No single party (including BitSafe) can mint CBTC without a genuine Bitcoin deposit. The threshold requirement makes this structurally impossible.
No single party can withdraw Bitcoin without threshold approval. The FROST signing process requires cooperation from multiple independent Attestors.
No front-running or MEV. Canton has no public mempool. Transactions are processed through Canton's privacy-preserving consensus, eliminating the extraction risks that plague public chains.
No rollback risk. Canton provides deterministic finality. Once a mint or burn is executed, the state transition is irrevocably committed.
The DecParty Connection
If you have read our whitepaper on DecParty, you will recognize the architecture. The CBTC Attestor Network is, in fact, a DecParty: a programmable multi-party governance system where independent nodes must reach quorum before any on-ledger action can proceed.
DecParty solves the governance problem (clean tooling for onboarding attestors, offboarding them, managing rewards, and governing funds held by the pool). The Attestor Network solves the security problem (no single point of failure means no single point of compromise). They are two faces of the same design principle: distribute trust across independent parties, enforce it cryptographically, and let the architecture do the work.
Audits and Verification
CBTC smart contracts have been audited by Quantstamp. A Chainlink Proof of Reserve feed publishes on-chain attestations in real time, so any counterparty, auditor, or integrator can verify directly on Canton that every CBTC in circulation is backed 1:1 by the Bitcoin held by the Attestor Network.
What Comes Next
The Attestor Network is designed to grow. New operators are added through technical, operational, and background due diligence, and the threshold required for critical actions scales with the operator set. Each addition broadens the institutional and geographic footprint of the network.
If you are weighing CBTC against single-custodian wrapped Bitcoin or bridges with concentrated keys, the Attestor Network is the difference: custody held by a quorum of independent institutional operators, signing on a FROST threshold scheme, on a privacy-native network built for institutional participation.
BitSafe builds decentralized, privacy-enabled infrastructure and compliant digital asset products on the Canton Network. As the team who brought Bitcoin to Canton, BitSafe's threshold-governed multi-sig infrastructure distributes custody and governance, eliminates single points of failure, and enables institutions and developers to launch trading venues, deploy vaults, and build compliant financial products across the ecosystem.
Website | Twitter (X) | LinkedIn | Telegram