Bedrock talks big about decentralization, but the multi-sig is in the hands of the project team.

In Bedrock's white paper, the term "decentralization" pops up quite a bit.

But when I took a look at their cross-chain bridge design, I found an awkward truth. The multi-sig keys for uniBTC are controlled by the project team. Users wanting to move their assets from one chain to another need to get a signature approval from the Bedrock team. I double-checked, and I wasn't mistaken. Deposits are instant, but withdrawals require waiting for someone to approve. Is this what they call decentralization? @Bedrock

I asked a friend who does tech audits: "If the multi-sig keys are held by the project team, what level is that?" He said, "That's centralized. The actual control of user assets isn't in their hands; it's with the project team. If the team wants you to withdraw, you can. If they don't, you can't."

This isn't just me talking. A user posted for help online, saying that while arbitraging with his uniBTC, the project team pulled the liquidity pool and blocked the cross-chain channel. When he tried to move his assets, the system prompted: transaction requires project team signature authorization. He posted on several platforms back and forth, and after a few days, the official response was, "We’re working on it." Another week went by, and still no updates. In the end, it took almost a month to get back his principal, but the profits were withheld. When someone asked why the profits couldn't be withdrawn, the reply was, "Arbitrage activity doesn’t comply with protocol standards." I scoured the user agreement and couldn’t find that clause anywhere.

A protocol that claims to be "decentralized" requires users to wait for project team approval to access their own money. How is that different from a bank? At least banks have regulations watching over them, and if there’s an issue, you can file complaints. Here? If the project team says no, it’s a no-go, and you don’t even know who to complain to.

What bothers me even more is that the list of signers for this multi-sig address isn’t public. How many signatures are needed to make a move? Who are the signers? What are the conditions for changing the signer? Where is the key backup stored? This information is nowhere to be found in public channels. The project team says, "It's managed by the team," but managed by whom? If someone on the team goes rogue and takes the keys to move user assets, what then? No one has an answer.

Decentralization isn’t just a slogan in a white paper; it’s the real ability for users to control their assets. At Bedrock, it’s clear that users don’t have that control.
#bedrock $BR