The amount of ckBTC is gradually increasing on ICP. I wonder if any of this information is being picked up as tvl for ICP. It would be nice to have ckbtc txs show up on third party analytics sites as part of ICP tvl.
On X, someone said this:
Is this correct?
Others have posted about this like @bob11 :
And @marc0olo
But was any of this implemented yet?
not sure what he meant with his post. I responded on X and made clear that the amount of ckBTC is the minimum amount of BTC secured via ICP and that it could be more.
somehow nobody really stepped up yet to work on this. and even if we have it, it would most likely âjustâ be a standardized way of doing it (e.g. clear rules about derivation paths). ultimately a developer cannot be âforcedâ to expose the amount of BTC/ETH/⌠their canister really controls.
sidenote: there is currently an active grant in that regard to research and evaluate different options to expose TVL of canisters 
Hey @marc0olo, given whatâs been happening recently regarding exploits in third party dapps built using chain fusion, it may be worth clarifying whatâs meant by âsecured via ICPâ.
with âsecured via ICPâ I mean that the native tokens (BTC, ETH, âŚ) are held in accounts that are âultimatelyâ secured through ICP by utilizing threshold signatures.
however, the derived key material is of course depending on the master key which is unique for each canister and controlled by the canister. and it is very important to understand that the controller of a canister has ultimate control over all the derived keys because the controller could potentially update the canister code anytime. so even if the code in the present is secure, that might not be the case after an update.
the controller of a canister could be a single user, multiple users, a multisig setup, another canister, an SNS or the NNS. a canister can also be blackholed (no controllers) if that is desired, but making that decision should be taken carefully.
when taking the ckBTCminter as an example, the controller of the BTC that are âsecured by ICPâ (via the canister accessing threshold signature APIs) is the NNS. so nobody can easily âjust upgradeâ the canister code. typically DFINITY proposes updates to that canister and these need to be accepted by the NNS.
it is also very important to understand that ckBTC is âjustâ an ICRC-1/2/3 ledger on ICP which is controlled by the ckBTCminter canister. the native BTC are always controlled by the ckBTCminter canister in this case.
now, while it is a clear difference whether canisters are using threshold signature APIs directly to control assets on other chains natively or whether canisters control deposited funds of ckBTC on behalf of users - the problem is the same:
some people might not care too much about this, while others do. ultimately it is a decision of the enduser whether they want to trust the team (and code) behind a project or not.
projects should ideally:
⌠especially if they deal with financial assets.
this in turn is not feasible for every project and requires additional effort and expenses. IMO the bare minimum we could expect is a solid multisig setup for the controller.
yeah 
⌠seem to be lotâs of misunderstandings on that. only navigated through it quickly.
Do you think it could be worth making it easier for users to see when services theyâre using do not conform to these standards?
This would help the IC avoid reputational damage. I suspect there will be many more hacks ahead. Not because the IC is insecure, but because you canât control what people build and use on top of the IC. The protocol and/or dashboard can help people make more informed decisions though.
I think it would also be worth including a disclaimer like this in promotional material that describes the IC and/or chain fusion as immune to hacks.
Hi there. Yes, we will start working on this soon and might circle back to this thread in a couple weeks (Iâm glad itâs relevant!)
sure, I am absolutely advocating for this in different threads and independent discussions. I think we will get there over time, actually we have to IMO 
