How Top Security Experts Safeguard the LBTC Ecosystem

Managing billions of assets and millions of transactions demands the highest level of security. Lombard is secure by design, but the unique design of the blockchain space requires a multi-layered approach to security. Lombard’s commitment extends beyond the basics, incorporating advanced protections at the smart contract level, hardware-enforced governance mechanisms, and robust defenses such as audits, bug bounties, and more.

Lombard’s security framework brings together a collective of top cybersecurity teams to protect the protocol and LBTC, working in cooperation with Lombard’s own cryptographers and the Cubist team. Partners like Veridise, Halborn, Immunefi, Hexagate, and TRM contribute to a range of measures, from rigorous code audits to real-time monitoring and sanctions screening.

This blog post details how cybersecurity experts work alongside Lombard, more information can be found on our Gitbook.

Our Collaborations with Cubist, Halborn, Veridise, Immunefi, Hexagate and TRM.

Cubist

Lombard has locked down the protocol using Cubist’s CubeSigner to offer stronger security guarantees than typical smart contract-based staking providers on Ethereum.

CubeSigner is a hardware-backed key management platform that safeguards keys in secure hardware, even during transaction signing. This system ensures that private keys are never exposed, addressing the security vs. availability tradeoff that liquid staking tokens (LSTs) have traditionally faced. With CubeSigner, policy-restricted keys are generated inside secure hardware and remain inside throughout their lifecycle, from generation to signing. No one — not attackers, Consortium members, nor even Lombard developers — can ever access these private keys. CubeSigner is designed to mitigate breaches, hacks, and insider threats, ensuring protection against key theft and misuse.

Halborn and Veridise

Lombard has established a long-term auditing program with Halborn and Veridise, two industry leaders known for their penetration testing and security audits. These comprehensive audits cover current and future code releases, and can be found on our Gitbook.

Hexagate

Lombard has partnered with Hexagate, the leading Web3 threat prevention and risk intelligence platform, to integrate its proactive Web3 security monitoring and prevention tools designed to detect anomalies, suspicious activities, and potential attacks in real time. Hexagate’s technology sends alerts on threats like oracle deviations, cyber exploits, broken invariants and 3rd party dependencies, to name a few, while providing automated pause functions and other mitigation procedures to eliminate risks before an impact is made.

Immunefi

Lombard has partnered with Immunefi, the leading Web3 bug bounty platform, to launch a live bug bounty with a rewards pool of $250,000 for white-hat hackers. This extra layer of security incentivizes ethical hackers to identify and report vulnerabilities, allowing Lombard to address them swiftly and securely.

TRM

In compliance with international standards, Lombard works with TRM to ensure wallet addresses interacting with LBTC are screened for sanctions. Addresses are checked against the OFAC (Office of Foreign Assets Control) listings to prevent any association with terrorism, money laundering, or other threats to global security, or been involved with, or related to, any suspicious activities.

_

As Lombard moves forward, it remains committed to a principled and structured approach to protocol security. Building secure systems on Bitcoin is complex, but Lombard is committed to setting a high standard for security in the evolving Bitcoin ecosystem.