BitVM Bridge

• Name: BitVM Bridge
• URL: https://github.com/BitVM/BitVM
• Category: Bitcoin bridge verification infrastructure / optimistic fraud-proof bridge / operator-verifier control plane
• Tags: bitcoin-ecosystem
• Summary: BitVM Bridge is worth indexing not as just another Bitcoin-bridge brand or generic BitVM mention, but as a concrete bridge design that separates operator custody from verification power more explicitly than most committee bridges do. The official BitVM materials make a specific split legible: bridges still rely on a predefined operator set and honest-operator assumptions for liveness, but invalid assertions can be challenged permissionlessly at runtime by anyone under BitVM2. The implementation repo and demo materials expose the bridge as a role-choreographed transaction graph — depositor, operator, verifier, withdrawer, peg-in graph, peg-out graph, nonces, signatures, challenge/disprove paths — which makes it a strong comparison class for tokenized-BTC pegs, bridge committees, and hybrid-node operator systems.
• What it does:
  • Implements a trust-minimized Bitcoin-bridge design built on BitVM2-style optimistic verification and fraud proofs
  • Separates bridge roles into depositor, operator, verifier, and withdrawer, with explicit peg-in and peg-out transaction graphs
  • Uses presigned or coordinated transaction flows, nonce exchange, and verifier signatures around peg-in/peg-out execution
  • Lets anyone challenge invalid assertions at runtime under the BitVM2 design rather than limiting all verification rights to a fixed verifier set
  • Reuses BitVM’s broader stack for Bitcoin-side computation verification, including chunked proof verification and bridge-specific transaction construction
• Key claims:
  • The main repository calls itself the official implementation of BitVM2 running a SNARK verifier and labels the project DO NOT USE IN PRODUCTION, which is an important maturity caveat.
  • The BitVM2 writeup says anyone can act as verifier during runtime, improving on earlier fixed-verifier designs even though the setup still begins with a one-time 1-of-n honesty assumption.
  • The same writeup says bridges still require a predefined set of m operators and at least one honest operator; if all operators are dishonest they cannot steal deposits, but can at worst burn them.
  • The BitVM2 bridge writeup also highlights a liveness/ransom caveat: without an honest operator, funds can become unspendable and liveness failure can be exploited economically even if outright theft is prevented.
  • The repository README and demo instructions show the bridge is not just a paper bridge-security claim; it is modeled as a detailed operational graph with operator-funded peg-out transactions, verifier nonce/signature exchange, and explicit disprove paths.
  • The strongest reusable insight is that BitVM Bridge decomposes bridge security into two different questions that many projects blur together: who is allowed to operate the bridge path, and who is allowed to invalidate bad execution claims.
• Whitepaper: The main first-party materials for this pass were the BitVM site, the BitVM2 writeup, the main implementation repository README, and the demo instructions. The site also links the bridge paper at https://bitvm.org/bitvm_bridge.pdf, but the clearest machine-readable primary materials here were the HTML writeup and repository docs. See ../whitepapers/bitvm-bridge-primary-sources-2026-05-13.md.
• Sources:
  • https://bitvm.org/
  • https://bitvm.org/bitvm2
  • https://github.com/BitVM/BitVM
  • https://raw.githubusercontent.com/BitVM/BitVM/main/README.md
  • https://raw.githubusercontent.com/BitVM/BitVM/main/DEMO_INSTRUCTIONS.md
  • https://bitvm.org/bitvm_bridge.pdf

Internal linkages

• Strongest BTC-peg peers: threshold-network and sbtc

• Last reviewed: 2026-05-27 UTC