Hemi’s Ethereum Tunnels facilitate secure and efficient asset transfers between Ethereum and the Hemi network.
While similar to other “lock-and-mint” cross-chain mechanisms, Hemi’s Tunnels are distinguished by their integration with Bitcoin’s Proof-of-Work finality model and decentralized dispute mechanisms, offering faster settlement times and enhanced security.
By integrating these features, Hemi’s Ethereum Tunnels offer a more efficient and secure mechanism for cross-chain asset transfers, benefiting from both Ethereum’s smart contract capabilities and Bitcoin’s unrivaled security.
The Ethereum Tunnel process involves locking assets on one network while minting corresponding representative tokens on the other network. For Ethereum-native assets, tokens are minted on Hemi once the assets are locked in a Hemi validation contract on Ethereum.
This allows seamless asset transfers across chains, enabling users to leverage the strengths of both networks while minimizing the friction of cross-chain operations.
The process begins with the user initiating a deposit transaction on Ethereum. This deposit locks up Ethereum-native tokens in a Hemi validation contract on Ethereum. The validation contract plays a critical role by securing the assets and ensuring they remain locked throughout the tunneling process.
Once the deposit is secured in an Ethereum block, Hemi’s block derivation protocol kicks in. The Sequencer, responsible for ordering and generating Hemi blocks, is required to include the deposit in the first Hemi block derived from the Ethereum block that contains the deposit transaction. This ensures that the deposit is acknowledged in Hemi’s L2 environment almost immediately after its validation on Ethereum.
After the deposit is included, Hemi mints a representative token on the Hemi Network, which serves as the equivalent of the locked asset on Ethereum. This token can now be freely used within the Hemi ecosystem, allowing users to engage with dApps or perform any transaction that requires the asset. You should receive your deposit within
To return the assets back to Ethereum, the user submits a withdrawal transaction on Hemi. When the withdrawal request is submitted, the representative tokens on Hemi are burned, which signals the user’s intent to withdraw their corresponding Ethereum-native assets.
Hemi’s state transition system updates its rollup state root, which is then submitted to Ethereum by a Publisher. The state root acts as a cryptographic proof of the transactions that occurred on Hemi, including the user’s withdrawal request.
The key to finalizing the withdrawal lies in Hemi’s use of Bitcoin finality, which is a significant differentiator from other optimistic rollup bridges. (In traditional optimistic rollups, the finality of cross-chain transactions is delayed by a dispute window, during which fraud proofs can be raised. Hemi accelerates this process by leveraging Bitcoin’s highly secure Proof-of-Work consensus mechanism to finalize the state root on Ethereum.) This process takes roughly 4
Hemi’s tunneling process is not limited to Ethereum-native assets. Phase 2 of Hemi's Ethereum Tunnel will support Hemi-native and Bitcoin-native assets, extending the functionality of the tunnels to a broader range of assets. This capability is crucial for enabling the use of Bitcoin within Ethereum’s extensive decentralized finance (DeFi) ecosystem, which traditionally lacks native Bitcoin interoperability.
The process for tunneling Hemi-native assets begins with the user submitting a deposit transaction on Hemi, locking their native assets within Hemi’s native asset tunnel contract.
Similar to Ethereum-native asset transfers, the state root containing this deposit transaction is published to Ethereum.
Once the rollup state root is confirmed (following Bitcoin finality and the absence of any disputes), the user submits a deposit proof on Ethereum to claim the corresponding representative tokens. These tokens represent the Hemi-native assets within the Ethereum ecosystem and can be used in Ethereum dApps or traded just like any other Ethereum-based token.
Deposit to Hemi
Moving Hemi-native assets back to Hemi from Ethereum involves a similar process. The user initiates a withdrawal on Ethereum, burning the representative tokens.
This triggers Hemi’s block derivation protocol to include the withdrawal in the next Hemi block derived from the corresponding Ethereum block.
Once the withdrawal is processed, the Hemi-native assets are transferred from Hemi’s native asset tunnel contract back to the user, completing the return to Hemi’s L2 environment.
One of the core advantages of this system is its flexibility. It allows Bitcoin-native assets, which are traditionally siloed on the Bitcoin network, to be tunneled through Hemi and into Ethereum. This enables Bitcoin to participate in Ethereum’s DeFi ecosystem while maintaining the security and decentralization that Bitcoin’s Proof-of-Work consensus provides.
While Hemi’s Ethereum Tunnels share the foundational principles of traditional bridges like the Standard Bridge, there are several critical distinctions:
The primary distinction between Hemi’s Tunnels and standard bridges lies in the finality model and security architecture. Standard bridges depend on an optimistic model with a delayed dispute window. The withdrawal process on these bridges typically takes a week or longer, as they await the potential for fraud proofs before finalizing the transaction.
Hemi Tunnels enhance this process by incorporating Bitcoin finality. Instead of relying solely on an Ethereum-based dispute window, Hemi uses Bitcoin’s Proof-of-Work consensus as an additional layer of security. This allows Hemi to finalize transactions more quickly, as the Bitcoin network’s finality period is shorter and more secure than the traditional dispute windows of optimistic rollups.
Hemi will decentralize the dispute process by distributing the Challenger role across a wider set of participants. This decentralization mitigates the risk of collusion or centralization of power within the bridging system, offering a more secure alternative to centralized or semi-centralized dispute mechanisms found in standard bridges.
Once Bitcoin finality is achieved, and assuming no disputes are raised through the decentralized Challenger role, the state root is confirmed, and the user can submit a withdrawal proof on Ethereum to claim their assets from the Hemi validation contract. A proof may take up to 24 hours.
The withdrawal proof ensures that the burned representative tokens on Hemi correspond to the original locked Ethereum-native tokens. Upon successful validation of the proof, the Ethereum-native assets are unlocked, completing the cross-chain asset transfer.
Bridging i.e. Tunneling allows the transfer of assets between disparate blockchains (such as between distinct L1s or between an L1 and an L2).
While bridging addresses the siloed nature common to most blockchains, it typically suffers from centralization because most blockchains do not maintain state awareness of other networks.
Hemi Network enables sophisticated asset transfer and decentralization by maintaining protocol-level state awareness of both Bitcoin and Ethereum.
Blockchain networks typically operate as independent systems with no knowledge of other networks, creating a siloed environment. This isolation makes it impossible to transfer assets directly from one chain to another.
Bridges are developed to address this issue, enabling asset transfers between different blockchains. They function by accepting a token from one blockchain (chain A) and issuing a corresponding placeholder or wrapped token on another blockchain (chain B). This wrapped token represents the original token and can be redeemed for it.
To illustrate, consider the process of transferring bitcoin to Ethereum. A user sends bitcoin to a bridge connecting to the Ethereum network. This bridge then issues a wrapped Ethereum token representing the bitcoin.
The user can utilize this wrapped bitcoin within the Ethereum network or return it to the bridge to reclaim the original bitcoin on the Bitcoin network.
Bridges are not limited to transferring assets between distinct blockchains. They can also facilitate transfers between different network layers, like connecting a Layer 1 (L1) blockchain like Ethereum to a Layer 2 (L2) rollup chain. This connection allows assets to benefit from the L2's lower fees and other features.
However, bridges often rely on centralized infrastructure due to the lack of protocol-level awareness between the connected chains. For example, while an L2 might maintain the state of its corresponding L1, the L1 lacks inherent knowledge of the L2. This disconnect necessitates a centralized third party to maintain awareness of both chains.
The security model behind Hemi’s Ethereum Tunnels leverages the strengths of both Ethereum and Bitcoin. By integrating Bitcoin finality, Hemi ensures that cross-chain transactions achieve a level of finality backed by Bitcoin’s Proof-of-Work consensus, widely considered the most secure consensus mechanism in blockchain technology.
This significantly reduces the time it takes to finalize cross-chain transactions and provides strong protection against censorship or fraud attempts during the tunneling process.
The decentralized Challenger role also strengthens Hemi’s security. Rather than relying on a centralized entity to raise disputes, any participant in the Hemi ecosystem can act as a Challenger, further decentralizing the network and increasing its resistance to fraud.
The phased approach to Hemi’s Ethereum and Bitcoin Tunnels aims to progressively enhance the security, decentralization, and asset support for cross-chain transfers. Each phase introduces key improvements to the settlement mechanisms and expands the range of assets that can be tunneled across Ethereum, Bitcoin, and Hemi, all while focusing on increasing trust minimization and reducing reliance on centralized actors.
This approach contrasts with centralized bridges, which can be vulnerable to manipulation or collusion by a single entity overseeing the dispute process.
Tunnels allow for sophisticated, noncustodial bidirectional asset transfers between networks, such as Bitcoin and Ethereum. Unlike traditional bridges, tunnels within the Hemi Network maintain state awareness of both networks at the protocol level.
This enables a variety of custodianship approaches, both centralized and decentralized. For instance, BRC-20 tokens can be tunneled from Bitcoin to the Hemi Network or Ethereum, facilitating trading on Ethereum-based decentralized exchanges (DEXes). Additionally, tunnels benefit from the security features of the Hemi Network’s Bitcoin-based superfinality
ETH-based assets tunneled between Ethereum and Hemi.
Bitcoin Tunnels:
Over-collateralized multisig/threshold signatures, providing moderate decentralization.
BTC itself tunneled to and from Hemi.
ETH-based assets plus support for Hemi-native assets, including BTC-based assets, tunneled to Ethereum.
Bitcoin Tunnels:
Introduction of BitVM2+hVM, a decentralized 1-of-N trust system for enhanced security.
BTC itself, with groundwork for supporting fungible BTC assets (BRC-20s, Runes).
Full support for Hemi-native assets, including BTC-based fungible and non-fungible assets (Ordinals) tunneled to Ethereum.
Bitcoin Tunnels:
A mature BitVM2+hVM model for trust minimization.
Full support for fungible BTC assets (BRC-20s, Runes) and non-fungible assets (Ordinals).
Hemi’s Bitcoin Tunnel enables the secure transfer of Bitcoin and Bitcoin-native assets (such as Ordinals and BRC-20 tokens) between Bitcoin, Hemi, and eventually, EVM-compatible networks.
The Bitcoin Tunnel contract uses hVM to track Bitcoin addresses and outputs tied to custodianship vaults, ensuring efficient and secure asset management.
Hemi will offer two custodianship models: overcollateralized multisig and BitVM. These ensure decentralized, trust-minimized asset tunneling with high security and performance.
The Bitcoin Tunnels allow Bitcoin assets to move between Bitcoin and Hemi by locking assets in custodial vaults and minting representative tokens on Hemi. Users can freely use these tokens on Hemi, and eventually, tunnel them to Ethereum or other EVM-compatible networks.
Users generate a deposit transaction by sending Bitcoin (or Bitcoin-native assets) to the selected custodianship vault’s Bitcoin address, managed by the multisig.
Once sent, the Bitcoin assets are locked in the custodianship vault.
Hemi’s Bitcoin Tunnel verifies the successful deposit on the Bitcoin network by monitoring the UTXO table for the corresponding deposit. If the deposit is successfully verified, the system moves to the next step.
The user on Hemi initiates a withdrawal transaction by selecting the amount of representative tokens they want to convert back to Bitcoin.
These representative tokens are burned on the Hemi network, signaling the system that the user intends to withdraw the corresponding amount of Bitcoin from the custodianship vault.
Hemi’s Bitcoin Tunnel updates the rollup state root with the details of the withdrawal transaction. This state root is submitted to Bitcoin by a Publisher to ensure that the withdrawal is accurately recorded.
Hemi’s Bitcoin Tunnels leverage the power of hVM (Hemi Virtual Machine) to monitor and secure Bitcoin-based asset transfers.
The Bitcoin Tunnel contract uses hVM to track Bitcoin addresses and outputs tied to custodianship vaults, ensuring efficient and secure asset management.
In hVM Phase 0, an externally owned account (EOA) is required to notify the contract of any irregular withdrawals. Once flagged, hVM can verify the offending transaction and respond by slashing misbehaving custodians.
Hemi’s Bitcoin Tunnel verifies the correct burning of tokens and prepares the custodianship system for withdrawal.
The custodianship vault is notified of the withdrawal request. In the case of a multisig vault, the required number of signatures is collected to authorize the withdrawal.
Once verified, the custodianship vault releases the corresponding Bitcoin or Bitcoin-native assets to the user’s Bitcoin address. It may take up to 12 hours to verify and release withdrawn BTC.
The hVM system constantly monitors for any unauthorized withdrawals. In Phase 0, this requires an externally owned account (EOA) to flag any potential issues. In later phases, event notifications will allow automatic detection of unauthorized actions. If any misbehavior is detected during the withdrawal process, the responsible custodian is slashed on Hemi, and corrective measures are taken to prevent unauthorized fund transfers.
This contrasts with BTC interoperability solutions like BTC header relay, where users must manually construct cryptographic proofs of misbehavior and relay them to the contract for validation, introducing higher costs and risks of error.