How Does Rootstock Work?
Rootstock (RSK) is Bitcoin's oldest and most battle-tested smart contract platform, launched in January 2018 as a sidechain secured by Bitcoin's proof-of-work via merge-mining. Think of it as Ethereum built on top of Bitcoin's security: miners simultaneously mine both networks at no extra cost, with ~81-90% of Bitcoin's hashrate protecting RSK in 2025. The native token RBTC is a 1:1 BTC-pegged gas token managed by the PowPeg bridge — a federation of 9 hardware-secured signatories (pegnatories) who control the BTC-RBTC bridge using tamper-resistant HSM devices. RSK hosts approximately $163-197M in DeFi TVL (Q4 2025), with Money on Chain and Sovryn as the leading protocols. The RIF token provides ecosystem utility (name services, storage, payments) and in February 2025 integrated with LayerZero, enabling RBTC/RIF to move across 100+ blockchains. The biggest risk isn't RSK's technical design — it's the trust placed in the PowPeg federation: 9 companies/individuals hold the keys to all bridged BTC, and if a majority are compromised or coerced, all locked BTC is at risk. The Ronin Bridge hack (same n-of-m multisig model) is the closest historical parallel. On the positive side: 7+ years without a bridge-level exploit is a strong Lindy effect, and the PowHSM design makes casual key theft extremely difficult. The main challenge is competitive: newer Bitcoin L2s (BOB, Babylon, Stacks with sBTC) are attracting developers, and RSK's active address count has been declining — from ~420/day in Q3 2025 to ~280/day in Q4 2025.
TVL
$24,000
Sector
L2
Risk Grade
C+
Value Grade
C-
Core Mechanisms
Consensus / Merged Mining
NovelRSK Merged Mining with Bitcoin PoW
Rootstock miners simultaneously mine Bitcoin and RSK by embedding RSK block hashes in Bitcoin coinbase transactions. Merged mining participation reached an all-time high of ~81-90% of Bitcoin hashrate in 2025, making RSK one of the most PoW-secured sidechains. No additional energy cost to miners. Novel design proven over 7+ years without a consensus-level failure.
Bridge / Federated 2-Way Peg
NovelPowPeg — HSM-enforced Bitcoin bridge with pegnatories
The PowPeg is Rootstock's 2-way BTC-RBTC bridge, secured by a federation of pegnatories each running a PowHSM (hardware security module) that enforces signing rules. Currently 9 pegnatories (expanding to 20 post-Reed upgrade). PowHSMs only sign peg-out transactions that are backed by sufficient merged-mining proof-of-work, making malicious peg-outs economically prohibitive. A SegWit-enabled PowPeg upgrade was activated in October 2025 reducing peg-out fees.
Execution / EVM-Compatible Sidechain
RSK EVM with Bitcoin-native gas token (RBTC)
Rootstock runs a full EVM-compatible execution layer where RBTC (1:1 BTC peg) serves as the native gas token. Ethereum smart contracts can be deployed with minimal modification. RSK uses a different address format (checksum differs) but is otherwise standard EVM. This compatibility has been stable since 2018.
Token / Native Peg Token
RBTC — BTC-pegged gas token
RBTC maintains a 1:1 peg to BTC via the PowPeg. There is no algorithmic component — peg is maintained by the bridge custodying actual BTC. Peg stability is entirely dependent on PowPeg federation integrity. No historical depeg events since launch in 2018.
Infrastructure / Emergency Recovery
Emergency Recovery Protocol (ERP) multisig
If a majority of PowPeg signatories become unresponsive for an extended time-lock period, a secondary recovery multisig (including RootstockLabs, MoneyOnChain, Jameson Lopp) can release bridged BTC. This provides a safety valve against peg freezing but introduces a secondary trust assumption involving named entities.
Ecosystem / Name Service and Infrastructure Tokens
RIF Token — ecosystem utility token for RSK services
The RIF (RSK Infrastructure Framework) token enables decentralized name services (RNS), storage, and payments on top of RSK. Fixed supply of 1 billion tokens, all in circulation as of 2025. Integrated with LayerZero in February 2025, enabling RBTC and RIF to move across 100+ chains. RIF has limited fee-capture but serves as coordination token for ecosystem services.
How the Pieces Interact
Federated control of all bridged BTC creates a critical single point of failure. If a supermajority of pegnatories are compromised (key extraction, HSM vulnerability, regulatory seizure), all BTC locked in the bridge (~$180M+) is at risk. The PowHSM design mitigates this by requiring PoW-backed signatures, but a 0-day HSM vulnerability could bypass this protection.
PowPeg security is designed around the assumption that pegnatory HSMs will only sign valid peg-outs backed by sufficient PoW. If merged mining participation were to drop significantly (e.g., due to Bitcoin mining pool consolidation or miner exodus), the economic cost of attacking the peg would decrease. Currently at 81-90% Bitcoin hashrate participation, this risk is low but not zero.
The ERP activates after a time-lock if PowPeg signatories go silent. The ERP multisig includes named entities (RootstockLabs, MoneyOnChain, Jameson Lopp), reintroducing centralization. Regulatory action against these entities during a PowPeg failure window could result in locked or seized BTC. The time-lock partially mitigates rushed coercion but not prolonged regulatory pressure.
Since RBTC tracks BTC 1:1, gas costs in USD terms fluctuate with BTC price. During high BTC prices, gas fees become expensive in USD terms, pricing out smaller DeFi users. This creates a feedback loop: high BTC prices → high RSK gas costs → reduced DeFi usage → declining TVL. Q1 2025 saw 60% gas fee reduction via protocol optimizations, mitigating this partially.
DeFi protocols on RSK rely on Chainlink price feeds and Money on Chain's own oracle system. Oracle manipulation or Chainlink node collusion on RSK could cascade into liquidation failures or mispriced collateral across the RSK DeFi stack. RSK's lower liquidity relative to Ethereum mainnet makes oracle manipulation attacks marginally cheaper.
What Could Go Wrong
- PowPeg federation of ~9 HSM-holding signatories controls all bridged BTC — regulatory pressure or coordinated key compromise could freeze or seize peg reserves
- Emergency Recovery Protocol (ERP) involves named entities including RootstockLabs and MoneyOnChain, creating a secondary centralization vector if PowPeg signatories become unresponsive
- Declining user-side metrics (active addresses -33% QoQ, -18% YoY in Q4 2025) despite strong merge-mining participation, suggesting ecosystem may be losing developer/user traction to newer Bitcoin L2 competitors
- RIF token utility largely limited to RIF Name Service and ecosystem services; limited fee-capture mechanism means token does not benefit proportionally from protocol growth
PowPeg Federation Compromise
TailTrigger: A coordinated attack (HSM firmware exploit, regulatory seizure of multiple pegnatories, or insider threat) compromises a supermajority of the 9 PowPeg signatories simultaneously
- 1.Attacker gains control of 5+ of 9 pegnatory signing keys (via HSM 0-day or coercion) — Attacker can authorize arbitrary peg-out transactions, draining BTC from the bridge
- 2.Large unauthorized BTC withdrawals detected on Bitcoin mainnet — RBTC loses BTC backing; all RBTC holders face effective total loss on a 1:1 ratio to drained BTC
- 3.DeFi protocols on RSK (Sovryn, Money on Chain, Tropykus) face mass RBTC unwinding — Cascade liquidations across RSK DeFi; $160-200M in TVL potentially unrecoverable
- 4.ERP activation is too slow (requires time-lock expiry) to prevent drain — Remaining bridged BTC potentially captured by recovery multisig but RBTC already depegged
Risk Profile at a Glance
Overall: C+ (37/100)
Lower score = safer