Is Rootstock Safe?
Risk Grade: C+ (38/100)
Rootstock is rated as elevated risk — multiple novel mechanisms and notable interaction risks.
Rootstock is the most proven Bitcoin smart contract platform — 7+ years, no bridge exploits, ~85% Bitcoin hashrate backing — but it faces a genuine existential challenge from newer Bitcoin L2s that offer better DeFi UX and more active developer communities. The PowPeg bridge is the right risk to focus on: it's the architecture that secures all bridged BTC, and while the HSM design is clever, it ultimately rests on trusting 9 federations members. For DeFi-on-Bitcoin exposure, RSK offers the strongest security track record but the weakest growth narrative among current Bitcoin L2 options. Best suited for risk-conscious Bitcoin holders who want smart contract functionality without venturing far from Bitcoin's security model.
Rootstock (RSK) is Bitcoin's oldest and most battle-tested smart contract platform, launched in January 2018 as a sidechain secured by Bitcoin's proof-of-work via merge-mining. Think of it as Ethereum built on top of Bitcoin's security: miners simultaneously mine both networks at no extra cost, with ~81-90% of Bitcoin's hashrate protecting RSK in 2025. The native token RBTC is a 1:1 BTC-pegged gas token managed by the PowPeg bridge — a federation of 9 hardware-secured signatories (pegnatories) who control the BTC-RBTC bridge using tamper-resistant HSM devices. RSK hosts approximately $163-197M in DeFi TVL (Q4 2025), with Money on Chain and Sovryn as the leading protocols. The RIF token provides ecosystem utility (name services, storage, payments) and in February 2025 integrated with LayerZero, enabling RBTC/RIF to move across 100+ blockchains. The biggest risk isn't RSK's technical design — it's the trust placed in the PowPeg federation: 9 companies/individuals hold the keys to all bridged BTC, and if a majority are compromised or coerced, all locked BTC is at risk. The Ronin Bridge hack (same n-of-m multisig model) is the closest historical parallel. On the positive side: 7+ years without a bridge-level exploit is a strong Lindy effect, and the PowHSM design makes casual key theft extremely difficult. The main challenge is competitive: newer Bitcoin L2s (BOB, Babylon, Stacks with sBTC) are attracting developers, and RSK's active address count has been declining — from ~420/day in Q3 2025 to ~280/day in Q4 2025.
TVL
$180M
Mechanisms
6
Interactions
5
Value Grade
C-
Key Risks for Rootstock Users
Federation bridge risk: 9 signatories control all bridged BTC. A majority compromise (via hack, regulatory seizure, or insider threat) could drain the bridge. The Ronin Bridge exploit showed this architecture can fail even with reputable participants.
Ecosystem concentration: Money on Chain holds ~48% of RSK's TVL. A single protocol failure or exploit could cut RSK's TVL nearly in half overnight.
Competitive displacement: Newer Bitcoin L2s with better UX, more liquidity, and fresher developer communities are gaining traction. RSK's declining active user metrics (-18% YoY in Q4 2025) suggest this competitive pressure is already materializing.
RIF token limited upside: With all 1 billion RIF tokens already in circulation and limited direct fee-capture from RSK protocol activity, RIF appreciation depends heavily on ecosystem growth that has been slowing.
Top Risk Factors
- •PowPeg federation of ~9 HSM-holding signatories controls all bridged BTC — regulatory pressure or coordinated key compromise could freeze or seize peg reserves
- •Emergency Recovery Protocol (ERP) involves named entities including RootstockLabs and MoneyOnChain, creating a secondary centralization vector if PowPeg signatories become unresponsive
- •Declining user-side metrics (active addresses -33% QoQ, -18% YoY in Q4 2025) despite strong merge-mining participation, suggesting ecosystem may be losing developer/user traction to newer Bitcoin L2 competitors
- •RIF token utility largely limited to RIF Name Service and ecosystem services; limited fee-capture mechanism means token does not benefit proportionally from protocol growth
Risk Score Breakdown
Rootstock's highest risk area is Interaction Severity (11/20). Here's how each dimension contributes to the overall 38/100 score:
Read the Full Rootstock Risk Report
This protocol has 2 collapse scenarios. 1 critical and 2 high-severity interaction risks identified. See the full mechanism classification, interaction matrix, and deep-dive recommendations.
View Full Report →Considering an investment?