Lombard
About
Lombard is a full-stack infrastructure protocol that transforms Bitcoin from an idle store of value into productive onchain capital. Its flagship product, LBTC, is a yield-bearing liquid staked Bitcoin token backed by BTC staked on the Babylon protocol, allowing holders to earn native staking rewards while remaining fully liquid and usable across DeFi on 14+ blockchains. The product suite also includes BTC.b (a permissionless, non-custodial 1:1 Bitcoin bridge token), Bitcoin Earn vaults (automated DeFi yield strategies), Bitcoin Smart Accounts (non-custodial yield and borrowing), and the Lombard SDK for developers.
Where Does Yield Come From?
Lombard makes Bitcoin productive — it takes idle BTC and puts it to work, generating yield (returns) for holders while keeping the Bitcoin usable across many blockchains and apps.
Here are the main ways yield is earned and how funds flow through the system:
LBTC — Liquid Staked Bitcoin
You deposit BTC. Lombard's chosen operators (Galaxy, Kiln, P2P, Figment) stake that Bitcoin on the Babylon protocol. In exchange, newer blockchains called Bitcoin Secured Networks (BSNs) pay for security in their own tokens. Those payments are converted into BTC. The LBTC token does not simply grow in number; instead, each LBTC becomes redeemable for a gradually larger amount of BTC over time as rewards accumulate. Lombard keeps a portion of the staking yield as its own revenue.
Bitcoin Earn (DeFi Vaults)
Automated vaults, run by asset and risk managers, take your Bitcoin and spread it across a mix of DeFi strategies — things like lending, providing liquidity to trading pools, and restaking. You make a single deposit, and the vault handles the rest. A management fee is charged as protocol revenue.
DeFi Integrations (compounding the yield)
LBTC's base staking yield keeps growing even when you use LBTC elsewhere. You can lend LBTC on platforms like Aave or Morpho, add it to DEX liquidity pools (Uniswap, Curve), or put it into yield aggregators (Pendle, EigenLayer, EtherFi). The staking reward keeps ticking up regardless, letting returns compound.
Lombard Ledger (security consortium)
Cross-chain minting and bridging of LBTC and BTC.b is guarded by 14+ institutional members who must sign off using cryptographic supermajority rules. Stakers of the BARD token provide extra economic security through Symbiotic and Chainlink CCIP.
Lux Rewards Program
Users earn points by actively using LBTC or BTC.b in eligible protocols. The multiplier varies by activity:
- DEX liquidity: 1x points
- Lending collateral: 3x points
- Lombard vaults: 6x points
These points convert into BARD token airdrops (distributed in seasonal rounds).
BARD Token Staking
You can stake BARD tokens in a Mellow vault (receiving auto-compounding stBARD in return). Rewards are paid out in BARD. Unstaking takes 21 days to complete.
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Halborn23-07-2024 - 05-08-2024 |
| The Halborn audit identified one high-severity vulnerability (uninitialized burnCommission leading to DoS/drain risks) and two low-severity issues, all of which were remediated before final deployment, with 100% of reported findings addressed. The remaining informational items pose no security risk, making the contracts safe for deployment with the implemented fixes. |
| The audit found no critical or high-severity vulnerabilities in the current codebase, and the Lombard team resolved all medium and low-severity findings, indicating that the on-chain LBTC contracts are in a reasonably secure state for deployment. | |
Halborn07-10-2024 - 10-10-2024 |
| No critical or high-severity issues were found, and all reported findings were either remediated or formally risk-accepted, indicating that the codebase was in a secure state at the time of assessment with acknowledged design-level risks around admin centralization and fee caps. |
Halborn06-12-2024 - 09-12-2024 |
| The audit found no critical, high, or medium severity vulnerabilities; the single low-severity issue was fixed and both informational items were either resolved or acknowledged with a planned multi-sig, indicating the contracts are reasonably secure for deployment. |
OpenZeppelin04-11-2024 - 06-12-2024 |
| The audit identified several high-severity issues affecting cross-chain fund movement and system integrity, all of which were resolved or partially resolved before the final report; the partially resolved H-02 (unstake double-claim using a single Bitcoin transaction) retains a residual risk that the in-memory check is cleared on node reboot, so teams should monitor this attack surface closely. |
Veridise14-10-2024 - 13-12-2024 |
| The audit identified high-severity access control and reentrancy vulnerabilities in the CCIP bridging path that were remediated before deployment, and 21 of 27 acknowledged findings were fixed; however, users should note that 6 acknowledged issues remain unaddressed and residual design risks around centralization and CCIP configuration dependencies persist. |
OpenZeppelin23-06-2025 - 11-07-2025 |
| No critical or high-severity vulnerabilities were found; the three medium-severity issues were either resolved or intentionally accepted, making the GMP contracts safe for deployment under the documented trust assumptions (honest notary quorum and governance-controlled privileged roles). |
Sherlock25-07-2025 |
| The audit reveals several high-impact issues including sender-vs-caller confusion in deposits and oracle manipulation vectors, most of which the Lombard team acknowledged and committed to fix. Once remediated, the protocol's core bridge and token infrastructure appears structurally sound, though residual complexity in cross-chain GMP handling warrants continued monitoring. |
ABDK Consulting22-09-2025 |
| No critical vulnerabilities were found; all 3 Major issues were fixed, and the remaining informational items were either resolved or acknowledged, indicating the audited contracts are safe for deployment. |
OpenZeppelin29-09-2025 - 07-10-2025 |
| The audit found no critical or high-severity vulnerabilities, and all 16 medium, low, and informational findings were resolved by the Lombard team during the engagement, reflecting a well-designed codebase and a responsive development process. |
OpenZeppelin01-04-2026 - 03-04-2026 |
| The audit found no critical or high severity issues; the single medium-severity front-running risk was resolved. The remaining open items are acknowledged design trade-offs with low residual risk, making the contracts safe for deployment provided operational procedures handle the documented pause and migration edge cases. |
Sherlock01-04-2026 |
| Sherlock identified several medium-to-high severity issues in Lombard's multipauser bridge and token contracts, including fee-signature replay and cross-chain sender-format vulnerabilities that could cause frozen funds. The report notes some findings were resolved or acknowledged, but residual risks around signature replay and cross-chain version compatibility require careful remediation before production deployment. |
Backers
Lombard raised a $16 million seed round announced on July 2, 2024, led by Polychain Capital (incubator of the protocol). Additional participants in the seed round included BabylonChain, Inc., dao5, Franklin Templeton, Foresight Ventures, Mirana Ventures, Mantle EcoFund, Nomad Capital, FTI Global, YZI Labs, Bybit, and other strategic institutional investors. The team was also assembled from leaders previously at Polychain, Coinbase, Ripple, Maple, and Argent. Lombard is described as being "built and backed by digital asset leaders, including top DeFi protocols, institutions, and exchanges." The $16M seed was publicly stated to be used to grow the Bitcoin restaking ecosystem alongside Babylon. No subsequent funding rounds (Series A, etc.) or valuation details were found on official sources.
Legal
Legal form
Lombard Finance Ltd (operator of the website/app); Liquid Bitcoin Foundation (Exempted Foundation Company Limited By Guarantee, oversees protocol governance); Liquid Bitcoin Operations Inc. (corporation, token issuer)
Registration jurisdiction
Cayman Islands (Lombard Finance Ltd and Liquid Bitcoin Foundation, foundation registration CR-420906); Panama (Liquid Bitcoin Operations Inc., commercial register 155767515)
Status and notes
Lombard Finance Ltd operates the Services as stated in the Terms of Service, governed by Cayman Islands law with arbitration seated in the Cayman Islands. The MiCA whitepaper (August 2025) discloses Liquid Bitcoin Foundation (Cayman Islands, registered April 25, 2025) as the person seeking admission to trading, and Liquid Bitcoin Operations Inc. (Panama, registered May 20, 2025) as the token issuer. Lombard Finance Ltd is not authorised or regulated by the UK FCA (UK FCA disclaimer published). Terms & Conditions and Privacy Policy are available at docs.lombard.finance/legals/. Cookie Policy is referenced on the site. A MiCA whitepaper is published at lombard.finance/mica. Contact email: [email protected].