Merlin Chain: Inside Bitcoin's Largest Layer 2 by Total Value Locked
Merlin Chain holds over $1.7B in TVL and supports 150+ dApps. How does its architecture work and what are the trade-offs?
Merlin Chain emerged as Bitcoin's largest Layer 2 by total value locked, reaching $1.2 billion within six months of its February 2024 mainnet launch. The project combines a ZK-rollup execution layer with an EVM-compatible environment, allowing Solidity developers to build on Bitcoin for the first time without learning a new language. With 150+ dApps, $16 billion in cumulative bridge volume, and a native token (MERL) traded on major exchanges, Merlin represents a significant experiment in what Bitcoin DeFi infrastructure can look like.
But scale alone does not determine quality. This article examines how Merlin Chain works, what trust assumptions users accept when bridging BTC, and how its approach compares to other Bitcoin Layer 2 architectures.
How Merlin Chain Works
Merlin Chain is an EVM-compatible ZK-rollup built on top of Bitcoin. Users interact with it the same way they would interact with Arbitrum or Optimism: through MetaMask, Solidity smart contracts, and standard ERC-20 token interfaces. Under the hood, three core modules handle execution, data verification, and asset bridging.
ZK-Rollup Transaction Processing
Sequencer nodes on Merlin collect user transactions, execute them off-chain, and batch the results into compressed state transitions. These batches are accompanied by zero-knowledge proofs that attest to the validity of all included transactions without revealing their contents. The compressed data and ZK state roots are then posted to Bitcoin's blockchain via Taproot inscriptions, anchoring Merlin's state to Bitcoin L1.
This approach mirrors how Ethereum rollups work conceptually: execute off-chain, prove on-chain. The difference is that Bitcoin lacks native smart contract verification, so Merlin cannot have its proofs verified by an L1 contract the way a ZK-rollup on Ethereum can. Instead, it relies on a fraud-proof module and its oracle network for verification.
Decentralized Oracle Network
Merlin's oracle network serves as the data availability and verification layer. Data Availability Committee (DAC) nodes store raw transaction data and verify that sequencer outputs are correct. Participants must stake BTC, MERL tokens, or BRC-20 tokens to operate a DAC node, creating economic penalties for misbehavior.
The design borrows from Celestia's BlobStream model: DAC nodes attest to data availability without re-executing every transaction. State roots are published to Bitcoin, and users can verify them against the ZK proofs. If a proof is challenged, the fraud-proof module on Bitcoin adjudicates.
Key distinction: Unlike Ethereum-native ZK-rollups where validity proofs are verified by an L1 smart contract, Merlin posts proofs to Bitcoin as data inscriptions. Bitcoin cannot execute verification logic natively, so the actual proof verification depends on the oracle network and off-chain fraud-proof mechanisms. This is a fundamentally different security model.
The BTC Bridge
To use Merlin, users bridge BTC from Layer 1 into the rollup. On the Merlin side, a smart contract mints M-BTC at a 1:1 ratio. When withdrawing, M-BTC is burned and the corresponding BTC is released on L1.
The bridge custody uses MPC-TSS (Multi-Party Computation with Threshold Signature Scheme) in partnership with Cobo, a digital asset custody provider. Private key shares are distributed between Cobo and Merlin Chain, so no single entity holds a complete key. Co-signing is required for any withdrawal, preventing unilateral access to bridged funds.
This is a significant improvement over single-key custodial bridges, but it is still a trust-based bridge: users must trust that Cobo and Merlin Chain will cooperate honestly and remain operational. There is no mechanism for users to unilaterally withdraw BTC from the bridge if both parties become unavailable or malicious.
Merlin Chain Architecture at a Glance
| Component | Function | Trust Assumption |
|---|---|---|
| ZK-Rollup sequencer | Batches and executes transactions off-chain | Sequencer must include transactions honestly |
| Oracle / DAC network | Stores data, verifies sequencer output | Staked nodes must attest data availability correctly |
| Taproot inscriptions | Anchors state roots to Bitcoin L1 | None: Bitcoin consensus secures this |
| BTC bridge (MPC-TSS) | Locks BTC on L1, mints M-BTC on L2 | Cobo + Merlin must cooperate for withdrawals |
| Fraud-proof module | Adjudicates disputed proofs | Challengers must be active and funded |
The TVL Story: From Zero to Billions
Merlin Chain's growth trajectory was unusually fast. The mainnet launched in February 2024, and within two months the network held $1.29 billion in TVL with 13,600 BTC bridged. By September 2024, TVL reached $1.2 billion (after some fluctuation), with the project claiming the title of Bitcoin's largest Layer 2 by locked value.
Much of this growth was driven by the "Merlin's Seal" staking event, which preceded the mainnet launch. Users locked BTC, BRC-20 tokens, and other Bitcoin-native assets in exchange for MERL token allocations. The mechanism created a powerful bootstrapping flywheel: high TVL attracted dApp developers, which attracted more users, which attracted more liquidity.
This pattern is familiar from Ethereum DeFi. Incentivized TVL programs produce impressive numbers quickly but raise questions about sustainability. When token incentives decrease, does the liquidity stay? The answer depends on whether the ecosystem generates genuine economic activity beyond farming.
The Ecosystem: 150+ dApps and Growing
Merlin's EVM compatibility gave it an immediate advantage in ecosystem development. Existing Ethereum dApps could port to Merlin with minimal code changes, and Solidity developers could build new applications without learning Bitcoin Script or Clarity (the language used by Stacks).
MerlinSwap and DeFi
MerlinSwap, built by the iZUMi Finance team, serves as the primary decentralized exchange. It implements a discretized-liquidity AMM model (similar to Uniswap V3's concentrated liquidity) and has facilitated over $200 million in trading volume. Beyond MerlinSwap, the ecosystem includes lending protocols, launchpads like Merlin Starter, and cross-chain bridges like Meson.
The breadth of the ecosystem is real: scan.merlinchain.io lists dApps spanning DeFi, NFTs, GameFi, bridges, and social applications. Whether 160 or 200 dApps are active on any given day depends on how you count, but the scale of developer activity is not in dispute.
Yield and Staking Products
A significant portion of Merlin's TVL sits in staking and yield products. M-BTC staking protocols allow users to earn yield on bridged Bitcoin, and the broader BTCfi ecosystem grew to over $10 billion in staked BTC across all Bitcoin L2s by 2025. Avalon Labs launched SuperEarn in February 2026, offering market-neutral yield products targeting 8-15% annualized returns on Merlin.
Bridge Trust Model: What Users Actually Accept
The core question for any Bitcoin Layer 2 is: what happens to your BTC when you bridge it? The answer varies dramatically across different architectures, and understanding Merlin's bridge trust model is essential for evaluating the protocol.
How Merlin Locks BTC
When a user bridges BTC to Merlin, the funds are sent to an address controlled by the MPC-TSS scheme operated jointly by Cobo and Merlin Chain. The private key is never assembled in one place: key shards are generated, encrypted, and distributed so that co-signing can occur without either party seeing the complete key.
This is materially better than a single-custodian bridge, where one compromised key means all funds are lost. However, it remains a federated custody model. The bridge security depends on:
- Cobo and Merlin Chain both remaining honest and operational
- The MPC implementation being free of cryptographic flaws
- Key shards being properly secured by both parties
- Neither party being coerced by regulators or attackers into cooperating against users
No Unilateral Exit
The most significant limitation of Merlin's bridge is the absence of a unilateral exit mechanism. If Cobo goes offline, or if Merlin Chain's operators cease functioning, users cannot independently recover their BTC from L1. This is the fundamental difference between a trust-based bridge and a trustless L2 design.
For comparison, Lightning channels allow either party to force-close and recover funds on-chain. Similarly, Ethereum ZK-rollups like zkSync include escape hatch mechanisms that let users withdraw directly from the L1 rollup contract even if the sequencer disappears. Merlin lacks an equivalent safety mechanism because Bitcoin L1 has no smart contract to enforce it.
Bridge risk is not theoretical: The history of cross-chain bridges includes catastrophic failures. The Ronin bridge lost $625 million in 2022, and Wormhole lost $320 million. Merlin's MPC-TSS approach reduces single-key risk, but does not eliminate bridge risk entirely. Users holding significant value on Merlin are trusting the bridge infrastructure with their Bitcoin.
The $16 Billion Bridge Volume Question
Merlin Chain reported $16 billion in cumulative bridge volume within its first six months of operation. This is a striking number, but it requires context.
Bridge volume counts every crossing in both directions. A user who bridges 1 BTC to Merlin, uses it in DeFi, and bridges back generates 2 BTC worth of bridge volume from what is effectively one round trip. Yield farming strategies that involve frequent bridging amplify this further. The $16 billion figure also coincided with the Merlin's Seal staking event, which incentivized large BTC deposits.
Alongside this, Merlin reported $1 billion in spot trading and $1 billion in perpetual trading volume. The ratio of bridge volume to trading volume suggests that a substantial portion of bridge activity was driven by capital moving in and out for staking and farming, not necessarily by sustained DeFi usage. This is not unique to Merlin: every incentive-driven L2 shows similar patterns.
How Merlin Compares to Other Bitcoin Layer 2s
The Bitcoin Layer 2 landscape has expanded significantly since 2023. Each project makes different tradeoffs between decentralization, programmability, and trust assumptions.
| Feature | Merlin Chain | Stacks | Lightning Network | Spark |
|---|---|---|---|---|
| Architecture | EVM ZK-rollup | Independent chain with sBTC bridge | Payment channels | Statechains + FROST |
| Smart contracts | Solidity (EVM) | Clarity language | Limited (HTLCs) | Token standard (BTKN) |
| BTC bridge model | MPC-TSS (Cobo) | sBTC threshold signing | Payment channels (trustless) | Statechains (unilateral exit) |
| Unilateral L1 exit | No | No | Yes (force close) | Yes (pre-signed exit txs) |
| EVM compatible | Yes | No | No | No |
| Consensus | Sequencer + DAC | Proof of Transfer | Channel peers | 1-of-n operators (FROST) |
| Primary use case | DeFi, dApps | DeFi, dApps | Payments | Payments, stablecoins |
TVL Concentration Risk
Merlin's TVL concentration raises questions that are well-studied in the Ethereum L2 context. When a single protocol holds a large share of an ecosystem's locked value, a bridge exploit or protocol failure can have outsized consequences.
On Ethereum, this risk is mitigated by the existence of multiple mature L2s (Arbitrum, Optimism, Base, zkSync) and by L1 smart contracts that enforce withdrawal guarantees. On Bitcoin, neither mitigation applies with the same strength. The Bitcoin L2 ecosystem is younger, alternative options are fewer, and no L1 contract can enforce bridge withdrawals.
This means that users concentrating value in Merlin are taking on both protocol-specific risk (the Cobo MPC bridge) and ecosystem-wide risk (Bitcoin L2 infrastructure is still maturing). For context: Merlin's TVL exceeds that of most other Bitcoin L2s combined, creating a single point of potential impact that the Ethereum L2 ecosystem does not have.
Centralization Concerns: Sequencers and Validators
Like most rollups in their early stages, Merlin operates with a relatively centralized sequencer set. The sequencer is responsible for ordering transactions, creating batches, and generating proofs. If the sequencer censors transactions or goes offline, users cannot interact with the L2 until it recovers.
Merlin has taken steps toward decentralization through its DAC staking model, which allows anyone with sufficient staked assets to operate a verification node. The multi-token staking approach (BTC, MERL, BRC-20 tokens) lowers barriers to participation. However, the sequencer itself remains a more centralized component, and the roadmap toward full sequencer decentralization is still in progress.
This is not unique to Merlin. Arbitrum, Optimism, and virtually every other rollup launched with a centralized sequencer and decentralized progressively. The difference is timeline: Ethereum rollups have had years to develop decentralization plans, while Merlin launched in February 2024 and is still in early stages of this process.
Sequencer risk in practice: Merlin's November 2025 infrastructure upgrade required approximately 12 hours of planned downtime. While this was a scheduled maintenance event, it illustrates the operational reality: when the sequencer stops, the L2 stops. Users' BTC remains locked in the bridge during any outage, and there is no L1 fallback mechanism to access funds.
Recent Developments: Merlin 2.0 and Beyond
Merlin Chain has continued active development through 2025 and into 2026. Key milestones include:
- Merlin Chain 2.0 launched in December 2025, introducing DeFi and AI-powered features
- Fork 12 mainnet upgrade in June 2025 deployed new sequencer and RPC systems for higher throughput
- Coinbase perpetual futures integration for MERL launched December 2025
- MERL token holder count reached 173,800 as of December 2025
- Wizard 0.1 AI assistant launched in April 2025 for developer and trader support
The MERL token (2.1 billion total supply, four-year vesting from TGE) is used for governance, staking, and transaction fees on the network. Open interest in MERL perpetual futures reached $75.79 million by December 2025, suggesting growing speculative interest in the protocol's trajectory.
Security Audits and Track Record
Merlin has undergone audits from CertiK and ScaleBit. The CertiK audit found no critical vulnerabilities, and ScaleBit's January 2024 audit identified four issues of varying severity, all of which were resolved before mainnet launch. Merlin also formed a Security Council comprising SlowMist, BlockSec, Salus, Secure3, and ScaleBit to provide ongoing security oversight.
Published audits are a positive signal, but they are point-in-time assessments. They verify code as written at the time of review, not the ongoing operational security of the bridge, key management, or sequencer infrastructure. The bridge's MPC custody arrangement with Cobo introduces operational risks that code audits alone cannot fully address.
What Merlin Chain Demonstrates About Bitcoin DeFi Demand
Regardless of the specific tradeoffs Merlin makes, the project demonstrates something important: there is massive demand for DeFi on Bitcoin. Users bridged billions of dollars in BTC to access yield, trading, and lending products that do not exist on Bitcoin L1. This demand exists independently of any single protocol and will continue to drive innovation in the Bitcoin L2 landscape.
The question for the ecosystem is not whether Bitcoin DeFi will happen, but what trust model it will happen on. Merlin chose EVM compatibility and a federated bridge, optimizing for developer experience and rapid ecosystem growth. Other projects make different choices.
Spark, for example, takes a fundamentally different approach. Rather than bridging BTC into a separate execution environment, Spark uses statechains to transfer Bitcoin ownership off-chain through cryptographic key rotation. Users always hold pre-signed exit transactions that allow them to settle back to Bitcoin L1 unilaterally, without relying on any bridge operator or MPC custody provider. The tradeoff is that Spark does not offer general-purpose smart contract programmability, but for payments, stablecoins, and token transfers, it eliminates the bridge risk entirely.
Key Takeaways
Merlin Chain achieved something rare: it built the largest Bitcoin L2 ecosystem by TVL in under a year. Its EVM compatibility, incentive-driven growth strategy, and aggressive dApp recruitment created a thriving DeFi environment on top of Bitcoin. For developers who want to bring Ethereum-style applications to Bitcoin users, Merlin provides a familiar environment with real adoption.
The tradeoffs are equally real. The MPC-TSS bridge with Cobo requires trust in specific institutions. There is no unilateral exit to Bitcoin L1. The sequencer set is still centralizing. And TVL concentration creates systemic risk that the broader Bitcoin L2 ecosystem has not yet learned to manage.
For users and developers evaluating Bitcoin L2 options, the choice depends on what you are optimizing for. If you need full EVM programmability and are comfortable with bridge trust assumptions, Merlin offers the deepest ecosystem. If unilateral exit and self-custody guarantees are priorities, architectures like Spark and Lightning offer stronger security properties at the cost of reduced programmability. For a deeper comparison across all major Bitcoin L2s, see the Bitcoin Layer 2 comparison guide.
Developers building on Bitcoin can explore the Spark documentation to understand how statechains and FROST threshold signatures enable a different scaling model: one where users never give up control of their Bitcoin.
This article is for educational purposes only. It does not constitute financial or investment advice. Bitcoin and Layer 2 protocols involve technical and financial risk. Always do your own research and understand the tradeoffs before using any protocol.