Self-Custody: The Illusion of Freedom - Part II

Imagine you’re flying over the Atlantic. There’s no internet onboard, and your seatmate asks to borrow 100,000 sats. You pull out your phone, open your favorite Lightning wallet… and see a “failed to connect to server” error. Your keys are in your pocket, your seed phrase is written safely at home — but you can’t send the money.

That’s the difference between owning and controlling.

In Part I of this article, I explored how layers of trust can hide even under the “self-custody” label. But wallet servers add another set of hidden dependencies to this nesting doll. And this applies even to Bitcoin — or rather, especially to Bitcoin. So let’s break down what exactly prevents you from instantly using your sats, even when the private key is stored right on your phone.

Lightning Network: Keys Are Yours — But Where Are the Coins?

As is well known, Bitcoin’s blockchain doesn’t have much space. If every person on Earth started using Bitcoin, each of them would only be able to make about two transactions in their entire lifetime — because recording 8 billion transactions into Bitcoin blocks would take 36 years! That’s why, in the case of mass adoption, there would be only one practical way to send bitcoin: through second-layer solutions.

Today, the most well-known second layer for Bitcoin is the Lightning Network. I covered it in more detail here — take a look if you haven’t read it yet.

In short, the Lightning Network is a system of payment channels. Each channel holds sats (satoshis) that are jointly owned by the two people connected by the channel. Sats can move back and forth, and after each movement, both participants receive a transaction, signed by both parties, which allows either of them to unilaterally withdraw their share of the funds to their own on-chain address.

This mechanism was designed to ensure that each participant always maintains full control over their sats. But this control relies on two key components:

• A private key or seed phrase — this stays the same and can be written down and stored safely offline.
• The current, pre-signed channel closing transaction — this one keeps changing and cannot be permanently stored offline.

The creators of the Muun wallet put it best when explaining this nuance:

And in the case of Lightning, this really matters. If you have your key but, for some reason, don’t have access to the most recent channel closing transaction (for example, the server storing it has failed), then you’ll be forced to rely on the good faith of the other party in the channel to retrieve your sats.

Where Is This Transaction Stored?

If you run a full Lightning node, the closing transaction is stored there. But how many people actually run full nodes today?

I’d say most Lightning Network users choose mobile wallets that let them send and receive sats quickly and easily — after all, that’s the whole point of Lightning, isn’t it?

Especially considering that the makers of these wallets unanimously advertise them as self-custodial:

All the wallets shown in the screenshots above gave users a seed phrase, and for many this serves as proof of non-custodial storage. But in reality, none of these wallets included even a button for closing a channel — let alone access to the transaction that would allow the user to close the channel unilaterally. To withdraw sats, the wallet’s backend server had to approve the transaction. If that server went offline — or refused to process the request — your sats were no longer yours.

What Does This Mean in Practice?

Among the wallets shown in the screenshots, the most telling case was Bitmask. After one of the updates, the developers accidentally removed all references to Lightning Network assets from the interface. This meant that users completely lost access to their funds in the Lightning Network. Old versions of the wallet stopped working, and the new one simply didn’t display any Lightning sats at all.

If you had used the wallet exclusively for Lightning, it would now show that your balance is zero.

And the seed phrase wouldn’t help. If you import it into another wallet, you might see the assets stored on Bitcoin’s base layer (if there were any) — but the funds in Lightning payment channels would still be inaccessible.

Things get even trickier with wallets that use the Breez SDK / Greenlight architecture — such as Green, Relai, Blitz, and several others. These wallets interact with the Lightning Network exclusively through a Greenlight server. On the one hand, this setup lets you import your seed phrase into another wallet using the same system and access your Lightning funds. On the other hand, it makes you heavily dependent on Greenlight’s servers. If there’s a technical failure and the channel closes, your assets stay on the server — not with you.

The GitHub issue tracker for the Green wallet shows that users sometimes wait months for the development team to resolve problems and return their sats. Is this really what self-custody is supposed to look like?

Withdrawal error in Green wallet. Source: Blockstream’s GitHub

There are also cases of outright deception. The now-defunct wallet Mutiny also claimed to offer self-custody. Naturally, it provided users with a seed phrase, which was supposed to mean full control over their funds.

But then, one day, the wallet’s developers decided to introduce a fee on incoming transactions. Any time you received sats, the wallet would automatically deduct exactly 1 satoshi from the amount. It might seem like a trivial fee — one that users could live with — but it raised a serious question:

• I received 1,000,000 sats.
• I never signed a transaction authorizing the deduction of 1 satoshi.
• So why is my balance showing 999,999 sats?
• Who approved that, if this is supposed to be self-custody?

Unsurprisingly, the wallet failed to gain traction in the Bitcoin community and eventually shut down. And when it did, it kept a portion of user funds. Because really — if a wallet can take 1 sat without your consent, what’s stopping it from taking more? Especially when the project is closing down and reputation no longer matters.

How Not to Fool Yourself

We often see the word self-custody and think, “This is exactly what I need.” Wallet developers know this all too well — and they slap the term onto their products even when it doesn’t belong there.

So if you see a wallet claiming to be self-custodial, ask yourself a few questions:

• Does the wallet rely on a single server to process all transactions?
• What happens if that server goes offline?
• Does the wallet give you enough information to access your funds using a different wallet?

And don’t just ask — test it. If the wallet is for a new network where you don’t yet hold any assets, try sending a small amount to it via our swap service. Rabbit.io supports very small amounts, so you won’t risk much if anything goes wrong with your wallet.

Compare the amount shown on our site with the amount that appears in your wallet. If the incoming transaction is “trimmed” by a fee, that means the wallet’s developers have the ability to take money from you.

Finally, make a backup of your wallet, delete the app from your device, restart the device, reinstall the wallet, and try restoring access to your funds. Only after this test can you consider the wallet ready for real use.

Choose your tools wisely. True freedom is rare — and often misrepresented.