MyBankBTC is the first open-source infrastructure for running a custodial Lightning bank where users hold Chaumian e-cash — blind bearer tokens the operator cannot surveil — secured by FROST threshold keys and Nostr-native wallet connectivity.
Over a billion people need fast, cheap Bitcoin payments — and most of them will use custodial wallets. But every existing custodial Lightning service can see every payment, link every balance to an identity, and build a complete financial graph of its users.
Today's custodial Lightning wallets store named balances. The bank knows exactly who sent what to whom and when — no different from a traditional bank.
Most custodial operators hold funds in hot wallets or simple multisig. One compromised key, one rogue employee, or one regulatory order and all user funds are at risk.
There is no auditable, deployable open-source stack for a privacy-preserving Lightning bank. Every serious operator builds proprietary infrastructure from scratch.
Cashu, FROST, VLS, NWC, LNURL, and Bolt Card all exist independently. No project has assembled them into a coherent custodial banking architecture.
MyBankBTC assembles the best of Bitcoin's privacy and security stack into a single deployable open-source infrastructure.
Users hold blind bearer tokens. The mint cannot link issuance to redemption. The operator learns nothing about who owns what.
3-of-5 threshold Schnorr signatures across HSMs and air-gapped devices. No single party can move funds unilaterally.
Any NWC-compatible wallet connects natively. Ephemeral relays leave no financial metadata. Payments route through encrypted Nostr events.
Validating Lightning Signer runs in a TEE and enforces velocity limits, HTLC caps, and output allowlists before signing any transaction.
Built entirely in Rust and Go, deployed on Kubernetes. Every component is independently useful and MIT/Apache 2.0 licensed.
Chaumian e-cash mint via cdk-mintd. Blind BDHKE signatures over secp256k1. NUT-00/04/05/08/12/13 protocol suite.
3-of-5 threshold Schnorr signatures. Asynchronous ROAST coordinator for signing ceremonies. Single on-chain signature.
Validating Lightning Signer in a Trusted Execution Environment. Enforces velocity, HTLC, and output policies before any signing.
NIP-47 Wallet Connect bridge. NIP-44 ChaCha20-Poly1305 encryption. NIP-98 signed HTTP auth. Ephemeral relay with Redis pub/sub.
LUD-04 (Auth), LUD-06 (Pay), LUD-16 (Addresses), LUD-03/17 (Withdraw). Full Lightning Address support at user@mybankbtc.xyz.
NTAG 424 DNA SUN verification. AES-128 PICCData decryption, CMAC validation, monotonic counter. Tap to pay at any merchant.
Blinded paths for destination privacy. Reusable offers. Experimental route blinding so the custodial node cannot see the final recipient.
Full Terraform on GCP: GKE, Cloud Run, Cloud SQL, Cloud KMS HSM (secp256k1), Cloud Armor WAF, GitHub Actions CI/CD.
Custodial Lightning wallets are the realistic on-ramp for the next billion Bitcoin users. This is the first open-source stack that gives them financial privacy even within a custodial relationship — using the same blind signature cryptography as physical cash.
FROST 3-of-5 threshold means no rogue employee, no regulatory seizure, and no single server breach can drain user funds. This is the key management model the industry should adopt, and we are making it open source and deployable.
Every component — the Rust LNURL server, NWC bridge, Bolt Card server, ROAST coordinator — is MIT/Apache 2.0. Any Lightning service provider, Bitcoin bank, or community node can deploy this stack instead of building proprietary surveillance infrastructure.
The individual technologies have reached production maturity. No one has combined them into a coherent banking stack — until now.
Chaumian e-cash for Bitcoin Lightning reaches mainnet viability. CDK (Cashu Development Kit) provides a production Rust implementation.
FROST threshold Schnorr and ROAST (asynchronous robustness) are published and implemented. Single Schnorr signature on-chain — chain-private and fee-efficient.
Nostr Wallet Connect (NIP-47) becomes the standard for wallet connectivity. BOLT-12 blinded paths land in Core Lightning. VLS ships production policy enforcement.
We are the first project to combine all of these into a single deployable open-source Bitcoin bank. Running on signet today. Mainnet hardening in progress.
Built, deployed, and running — not a whitepaper.
We are seeking $158,000 in grant funding to complete mainnet hardening, conduct a security audit, and deliver the first production-ready open-source Bitcoin bank stack. Custodial does not have to mean surveillance.
Questions? Reach us at hello@defiuniversity.xyz