search
githubEdit

CBTC Overview

⚠️ API Disclaimer: CBTC APIs are subject to change. There is no formal versioning policy today. Breaking changes are communicated via #cbtc-ecosystem and the site changelog.

hashtag
What is CBTC? Bitcoin on the Canton Network

CBTC is a 1:1 wrapped Bitcoin token built on the Canton Networkarrow-up-right, a privacy-first blockchain for institutional finance. Each CBTC is fully backed by native BTC held in decentralized custody using FROST threshold signatures. CBTC is CIP-56 compliant, meaning it works with any Canton token-standard-compatible tool out of the box.

CBTC brings Bitcoin's liquidity into Canton's privacy-enabled smart contract environment, where app developers and trading firms can build trading, DeFi, custody, and settlement applications without exposing positions to a public mempool. Unlike wrapped Bitcoin on public chains, CBTC transactions are private by default, eliminating MEV (Maximal Extractable Value) risks like front-running and sandwich attacks.

Key properties:

Property
Value

Backing

1 CBTC = 1 BTC, always

Standard

CIP-56 (Canton Instrument Protocol)

Custody

Decentralized via FROST threshold signatures (no single party can move reserves)

Network

Canton Network (permissioned, private transactions)

Audit

Quantstamp audit reportarrow-up-right

Confirmations

6 Bitcoin block confirmations (~60 minutes) for minting

hashtag
CBTC Architecture: How Wrapped Bitcoin Works on Canton

The CBTC system bridges Bitcoin's UTXO model to Canton's Daml-based smart contract network through three layers:

hashtag
1. Bitcoin Layer

Bitcoin transactions are monitored and verified. A user sends BTC to a generated Taproot deposit address. The system waits for 6 block confirmations before proceeding.

hashtag
2. Attestor Network

A decentralised network of institutional-grade node operators independently verify Bitcoin deposits and withdrawals. Each Attestor runs nodes on both the Bitcoin and Canton networks. Key details:

  • Operators: Pre-screened institutional node operators (including providers like Finoa and Nethermind)

  • Threshold: A configurable M-of-N threshold of Attestors must approve every mint and burn operation

  • Coordination: A Coordinator executes periodic checks (every 60–120 seconds), monitors deposit accounts, constructs Bitcoin transactions, and submits governance actions

  • No unilateral control: No single party - including BitSafe or the Coordinator - can mint, burn, or move BTC without threshold approval

hashtag
3. Canton Asset Layer

Daml contracts mint and burn CBTC tokens, but only after the required threshold of Attestor signatures is reached on the governance contract. CBTC is then held in the user's Canton party, fully under their control.

hashtag
Security Model: FROST Threshold Signatures for Bitcoin Custody

CBTC's security rests on FROST (Flexible Round-Optimised Schnorr Threshold Signatures), a cryptographic protocol added to Bitcoin with the Taproot upgrade.

Why FROST matters for developers:

  • Taproot-native: Deposit addresses are standard P2TR addresses. Any wallet that supports Taproot can send BTC to mint CBTC.

  • Indistinguishable on-chain: FROST signatures look identical to regular single-signature Bitcoin transactions. No one can tell from the blockchain that a threshold scheme is in use.

  • Smaller transactions, lower fees: Compared to traditional on-chain multisig, FROST produces a single aggregated signature regardless of how many Attestors participated.

  • No single point of failure: Even if some Attestors go offline, the system continues to operate as long as the threshold is met. For a full technical deep dive, see the Security Deep Dive page. For the original research, see the FROST whitepaperarrow-up-right.

hashtag
What You Can Build with Wrapped Bitcoin on Canton

CBTC is a foundational layer for building institutional-grade financial products on Canton:

  • DeFi Protocols - DEXs, lending platforms, and liquidity pools using CBTC as collateral

  • Custody and Wallet Solutions - Institutional-grade wallets supporting CBTC and Canton-native assets

  • Structured Products - Yield-generating vaults, options strategies, and derivatives

  • Payment and Settlement - Instant, low-cost cross-border transactions

  • Trading Systems - Spot and perpetual trading with Canton's privacy (no public mempool, no MEV)

hashtag
Developer Resources

Resource
Description
Link

cbtc-lib (Rust)

SDK for minting, burning, sending, and receiving CBTC

GitHubarrow-up-right

canton-lib

Lower-level Canton interaction library

GitHubarrow-up-right

CBTC DAR files

Daml packages to install on your Canton participant

GitHubarrow-up-right

FROST Whitepaper

Original threshold signature research

ePrintarrow-up-right

Canton Whitepaper

Canton Network technical overview

canton.networkarrow-up-right

Quantstamp Audit

Security audit of CBTC smart contracts

View Reportarrow-up-right

Data API

Analytics and rewards API for institutional clients

API Referencearrow-up-right

hashtag
Next Steps

  • Ready to code? Start with the Developer Quick Start - mint your first CBTC in 15 minutes

  • Need API details? See the API Reference for Canton Ledger API endpoints

  • Setting up authentication? See the Authentication Guide for Keycloak setup (and an Auth0 community example)

  • Want to test first? See the Testnet Guide for sandbox environment setup

🟢 ⚙️ Engineering Review Complete Technical claims in this document have been reviewed and approved.

PreviousDevelopersNextInstitutional Client Reward API Reference

Last updated