Mezo
About
Mezo is a Bitcoin Layer-1 finance app (built by Thesis*) that enables users to borrow, earn, and spend without selling their Bitcoin. It offers Bitcoin-backed loans via its native MUSD stablecoin (100% backed by BTC reserves), yield-earning vaults and liquidity pools, and a vote-escrowed earn system (Mezo Earn) where locking BTC and the MEZO token generates passive and active yield from real on-chain protocol revenue — loan interest, swap fees, and transaction/bridging fees. The platform is designed as a self-service banking layer for Bitcoin holders to put their BTC to work in everyday finance.
Where Does Yield Come From?
Mezo Earn is a yield system that rewards users for locking up two different assets — Bitcoin (BTC) and the platform's own MEZO token. The rewards come from three real sources of money flowing into the protocol:
- Loan interest — People who borrow the platform's stablecoin (MUSD) by putting up BTC as collateral pay interest (typically 1–5% per year at the start), plus small fees for creating, refinancing, or redeeming the loan.
- Swap fees — Every trade that happens on Mezo's built-in exchange (Mezo Swap) collects a small fee.
- Chain & bridging fees — Transaction costs (paid in BTC) and fees for moving assets into the Mezo network.
For BTC holders (passive yield or active voting): You can lock your BTC for between 1 and 28 days (the lock decays steadily over time) and receive a veBTC NFT. This NFT gives you voting power and automatically earns a share of chain and bridging fees based on how much BTC you've committed — no need to manage anything actively.
For potentially higher returns, you can use your veBTC to vote each week (every 7-day epoch) on where to send swap fees and MUSD lending revenue. You choose among staking pools for the exchange and the MUSD Savings Vault, validator pools, and ecosystem pools. Votes in one week decide where rewards flow in the following week.
For MEZO token holders (boosting and earning): Locking MEZO for anywhere from 1 week to 4 years gives you veMEZO. This doesn't give you independent voting power, but it can boost a veBTC holder's voting weight by up to 5×. In return, MEZO holders can earn by voting on boost requests from BTC holders (who post incentives to attract your boost) and by receiving anti-dilution rebase distributions from weekly token emissions. This creates a kind of matching market: BTC holders want yield amplification, and MEZO holders earn rewards for directing their boost toward them.
How MUSD fees and MEZO emissions work: Fees from MUSD are initially split 50/50 between repaying a bootstrap loan and the MUSD Savings Vault. At launch, interest and redemption fees first go to the MUSD treasury stability pool, which covers liquidations and bad debt. Meanwhile, newly created MEZO tokens are sent out in early phases to attract liquidity, secure validators, and grow the ecosystem.
Persons
Matt Luongo
Founder and CEO of Thesis*
Antonio Salazar Cardozo
CTO of Thesis*
Victoria Chan
COO of Thesis*
Michael Gluzman
CDO (Chief Design Officer) of Thesis* — oversees brand and product design for Mezo
Carolyn Reckhow
CSO (Chief Strategy Officer) of Thesis*
Engin Erdogan
VP of Product at Thesis* — focuses on BitcoinFi infrastructure
Brian Mahoney
Co-founder of Mezo
Audits
| Audit / Date | Findings | Verdict |
|---|---|---|
Thesis Defense08-01-202630-01-2026 |
| The audit reveals systemic risks in Mezo Earn's boost accounting where discrete state changes (grant revocation, boost reuse, managed withdrawals) are not synchronously propagated, allowing temporarily unbacked voting power to influence gauge rewards and governance snapshots; while three High issues were fixed, the remaining High acknowledged findings represent architectural trade-offs that depend on trusted grant managers and off-chain poke maintainers for correctness. |
Halborn16-12-2025 - 08-01-2026 |
| The audit found one high-severity vulnerability — yield index manipulation via flash loan — which was remediated, and no critical issues remain unaddressed; the medium and low risks were either solved, risk-accepted, or acknowledged by the Mezo team, making the protocol safe for its intended use with residual design risks clearly documented. |
Thesis Defense25-08-2025 - 28-08-2025 |
| No critical, high, or medium severity vulnerabilities were found; the two low-severity issues were acknowledged or partially mitigated, and the sole informational item was a gas optimization, indicating the MezoBridge contract was in strong security standing at the time of audit. |
Halborn27-08-2025 - 08-09-2025 |
| The audit found no critical or high-severity vulnerabilities, and all 9 reported findings have been addressed via partial remediation, risk acceptance, or acknowledgment by the Mezo team. The bridge's security posture appears adequate for its current PoA phase, though several accepted risks rely on governance-level processes rather than code-level fixes. |
Cantina05-03-2025 - 15-03-2025 |
| The Cantina audit uncovered severe accounting and economic vulnerabilities in the mUSD protocol, including a critical refinance-spam exploit and multiple high-severity issues that could lead to insolvency and broken invariants; all critical and high findings were fixed by the Mezo team and verified by Cantina before launch. |
OtterSec28-02-2025 - 11-03-2025 |
| The single HIGH-severity vulnerability (DOS via blocked-address bridging) was resolved before publication, and the five informational findings were acknowledged with acceptable risk or planned mitigations, making the protocol reasonably safe for its expected operational parameters. |
Halborn27-01-2025 - 31-01-2025 |
| The audit revealed two critical but proactively addressed design-level risks in EVM/Cosmos state synchronization around precompiles, both fully remediated by the Mezo team, resulting in a clean bill of health for the scoped commit. |
Halborn16-09-2024 - 18-10-2024 |
| The two high-severity resource-exhaustion issues were resolved (one fully, one partially), and the medium-severity gas-cost issue was accepted as a design trade-off for the temporary PoA module, meaning no unaddressed critical or high risks remain for the scoped codebase at the time of reporting. |
Thesis Defense18-07-2024 - 29-07-2024 |
| The audit identified one high-severity fee-circumvention bug that was fixed, along with two medium-severity issues of which one was fixed; the remaining unfindings were either design decisions acknowledged by the team or low/informational items, leaving no unaddressed critical vulnerabilities in the contracts at final report time. |
Quantstamp29-04-2024 - 03-05-2024 |
| The audit revealed no critical or high-severity vulnerabilities; the single medium-severity signature-forgery issue was fixed, and the low/informational items were acknowledged or resolved, indicating the Passport contracts were in a sound security state at the conclusion of the engagement. |
Thesis Defense05-04-2024 - 19-04-2024 |
| The audit found no critical or high-severity vulnerabilities, and the codebase was deemed well-organized with robust security-by-design choices, but two low-severity issues and several informational recommendations were left unaddressed, compensated by the team's manual upgrade safeguards. |
Thesis Defense04-03-2024 - 08-03-2024 |
| The audit found no critical, high, or medium severity vulnerabilities; the three low-severity items were either fixed or mitigated via the out-of-scope UI layer, and all eight informational recommendations were resolved, indicating a solid security posture for the Portal contracts at the time of review. |
Backers
Mezo launched following a $21 million Series A fundraising round led by Pantera Capital, with participation from Multicoin Capital, Hack VC, and Draper Associates, as reported by Fortune in April 2024. The project is built by Thesis*, a venture studio that has been developing Bitcoin-focused products since 2014 (creators of tBTC, Fold, Taho, and others). Thesis* itself is noted as being backed by Pantera Capital and Hack VC.
Legal
Legal form
British Virgin Islands Business Company (Supernormal OpCo BVI Ltd.), wholly owned by Supernormal Foundation (Cayman Islands) — an Exempted Limited Guarantee Foundation Company. River Delta, Inc. (Delaware corporation) is a core contributor.
Registration jurisdiction
British Virgin Islands (Supernormal OpCo BVI Ltd., registered 19 November 2024, company no. 415906). Parent entity: Supernormal Foundation, Cayman Islands.
Status and notes
Operator entity disclosed in Terms of Use and Privacy Policy as Supernormal OpCo (BVI) Ltd., a subsidiary of Supernormal Foundation. River Delta, Inc. (Delaware, USA) is named as a core contributor. Terms governed by BVI law; disputes subject to BVI courts. A MiCA-compliant crypto-asset whitepaper (MEZO token) was published 8 January 2026, identifying the applicant as Supernormal OpCo BVI LTD. Imprint/terms/privacy pages all resolve successfully with current dates (Terms updated 16 March 2026; Privacy updated 7 November 2024). Contact: [email protected]; mailing addresses for both Supernormal OpCo BVI Ltd. (Trinity Chambers, Road Town, Tortola, BVI) and River Delta, Inc. (Atlanta, GA, USA) provided.