Custodial Wrapping

With custodial asset wrapping, a custodian (or group of custodians) holds the private keys controlling accounts on two chains. The off-chain custodian monitors both accounts and keeps them in sync by issuing signed transactions to the appropriate blockchain.

One of the earliest successful examples of token wrapping was WBTC¹. A group of custodians hold BTC on the Bitcoin blockchain and issue “wrapped” BTC (WBTC) on Ethereum. The WBTC custodians monitor their WBTC wallet(s), and when BTC is deposited, they use their private key to issue (“mint”) new WBTC on the Ethereum blockchain. Conversely, when Ethereum users redeem (“burn”) their WBTC, the custodians use their private key to release BTC on the Bitcoin blockchain.

There are two core security problems with custodial token wrapping.

1. Insider Threat

The custodians hold the private keys to accounts on both chains and can use these keys to steal the reserve assets or mint unbacked wrapped assets.

2. Contract Vulnerabilities

Attackers could potentially subvert the minting capability of the smart contract to mint unbacked wrapped assets. This is also a threat to non-custodial solutions.

The risk of contract vulnerabilities also increases with the complexity of the on-chain bridge contracts for both custodial and non-custodial solutions. For example, the Wormhole bridge uses multi-signatures instead of threshold signatures (TSS)². This requires the contract to aggregate multiple signatures from different accounts before updating its state. The use of multi-signatures, instead of TSS, drastically increases the complexity of the contract and leads to contract risk like that used in the Wormhole attack³.

¹Kyber Network, BitGo Inc, and Republic Protocol. Wrapped tokens a multi-institutional framework for tokenizing any asset. , 2019.

²Leopold Schabel. Introducing the wormhole bridge., 2020.

³Extropy.io. Solana’s Wormhole hack post-mortem analysis. , 2022.