Custodial Lightning Wallets — Final Scoring & Rankings

This page presents a strict, sovereignty-maximalist scoring and ranking for five custodial Lightning wallets, evaluated across two distinct roles: Beginner Onboarding and Advanced Decoy. Every score is a 0–100 rating per criterion, rolled up into two composite scores using separate weight sets.

Wallets Blink · Coinos · Wallet of Satoshi · Rizful · Machankura Roles Beginner Onboarding (BOS) · Advanced Decoy (ADS) Method Weighted multi-criteria composite

1) Criteria

Each criterion is scored from 0 to 100 (higher is better under a sovereignty-maximalist lens).

1. Identity / KYC coupling

How tightly the wallet is bound to state-grade identity (ID docs, SIM-KYC, phone, email).

2. Surveillance / logging / retention

IP/device tracking, analytics stack, AML record-keeping, deletion options, and retention horizon.

3. Bitcoin-only purity

Pure BTC/LN vs Liquid, stables, and USDT bridges or similar synthetic rails.

4. FOSS / self-hostability

Open-source client/server, auditable code, ability to fork/run equivalents.

5. Custody & exit path

How easy it is to drain to self-custody (on-chain + LN), and how clear custodial status is.

6. Beginner UX & safety

Onboarding friction, clarity, and low chance of user-error driven loss or confusion.

7. Decoy plausibility

How believable it is as “the only wallet in use” for a normie/regulator-coded profile.

8. Legal / geo attack surface

Jurisdiction, AML posture, history of geo-blocks or explicit regulatory heat.

Important: These are custodial wallets. Every score is about relative risk and utility as a surface layer for Lightning payments, not a claim of safety comparable to self-custody.

2) Weights

Two composite scores are calculated with different priorities: one for onboarding beginners, one for advanced decoy surfaces.

Beginner Onboarding Score (BOS)

CriterionWeight
Identity / KYC coupling20%
Surveillance / logging / retention10%
Bitcoin-only purity10%
FOSS / self-hostability10%
Custody & exit path15%
Beginner UX & safety25%
Decoy plausibility5%
Legal / geo attack surface5%

Advanced Decoy Score (ADS)

CriterionWeight
Identity / KYC coupling30%
Surveillance / logging / retention20%
Bitcoin-only purity10%
FOSS / self-hostability10%
Custody & exit path10%
Beginner UX & safety5%
Decoy plausibility10%
Legal / geo attack surface5%
Composite calculation: Score = Σ(criterion_score × criterion_weight). Weights sum to 100% in each role.

3) Final composite rankings

Beginner Onboarding (BOS)

RankWalletBOS
1Coinos78.8
2Rizful75.8
3Wallet of Satoshi70.8
4Blink69.0
5Machankura55.0

Advanced Decoy (ADS)

RankWalletADS
1Rizful79.0
2Coinos78.2
3Wallet of Satoshi62.2
4Blink56.4
5Machankura45.2
Interpretation: Rizful and Coinos form the top tier under a sovereignty-maximalist lens. Wallet of Satoshi and Blink remain high-utility for onboarding and everyday payments, but carry heavier surveillance and/or AML entanglement. Machankura is structurally niche: critical in feature-phone contexts, weaker as a general sovereignty surface.

4) Raw per-criterion scores (0–100)

Higher is better under a sovereignty-maximalist lens.

Wallet KYC / ID Surveillance BTC purity FOSS Exit UX Decoy Legal
Rizful 95807040 85708070
Coinos 95606595 75807555
Wallet of Satoshi 7525955 85959540
Blink 40158095 85929035
Machankura 30308520 65807045
Links in the analysis below point to primary sources (official sites, privacy/terms pages, documentation, and open-source repositories) wherever possible.

5) Wallet-by-wallet analysis

Rizful Best overall sovereignty-aligned custodial surface Site · Privacy · Docs · USDT bridge doc

Core picture

Email-based account with explicit guidance toward privacy-preserving email and VPN usage (privacy policy). Default analytics uses Plausible (privacy-friendly). Strong focus on Nostr integrations and Nostr Wallet Connect (NWC) use-cases (Rizful.com).

Key score drivers

High KYC and high privacy posture by default (analytics + retention details). Purity hit due to explicit Lightning-to-USDT sending (documentation). FOSS hit because the full backend is not presented as a turnkey, self-hostable open stack.

Evidence-linked specifics

  • Privacy posture: default site analytics via Plausible; optional session recording/advanced analytics is opt-in and time-limited (Rizful privacy policy).
  • Exit tooling: direct guides for Lightning → on-chain and on-chain → Lightning swaps (LN→on-chain, on-chain→LN).
  • Synthetic bridge: explicit “Send USDT” path from Lightning balance with risk disclaimer (USDT doc).
Net: Strongest composite as a sovereignty-leaning custodial Lightning surface, especially in Nostr-native flows. Scores are reduced for explicit stablecoin bridging and limited end-to-end open-core verifiability.

Coinos Best beginner composite; strongest FOSS stack Site · Server (GitHub) · Classic app (GitHub)

Core picture

Web-first custodial wallet supporting Bitcoin mainchain, Lightning, and Liquid (repo description). Open-source server implementation is published and actively maintained (coinos-server).

Key score drivers

Very high FOSS / self-hostability via open server + code. Purity hit from Liquid support (sidechain + asset layer). Surveillance uncertainty typical of web custodians, mitigable via hardened access patterns (e.g. Tor).

Evidence-linked specifics

  • Open backend: “Coinos back-end application server” and system components are documented in the repository (GitHub).
  • Multi-network support: classic app states support for Bitcoin, Liquid, and Lightning (coinos-classic).
Net: Highest beginner composite due to “no-KYC-leaning” posture combined with maximum FOSS resilience and workable UX. Loses points on Bitcoin-only purity because Liquid introduces an additional asset layer.

Wallet of Satoshi UX + decoy king; heavy telemetry Site · Privacy · Disclosure · US market exit (The Block)

Core picture

Widely used custodial Lightning wallet optimized for near-zero friction onboarding (official site). Privacy policy describes collection of personal information, transaction data, and device/network metadata (privacy policy).

Key score drivers

Very high UX and very high social plausibility. Very low FOSS verifiability. Low surveillance posture (rich metadata + large operator footprint). Regulatory heat evidenced by the U.S. app-store removal and market exit in 2023 (report).

Evidence-linked specifics

  • Data collection and handling described in official policy (privacy policy).
  • Custodial vs self-custody disclosure and Spark/third-party processing references (disclosure document).
  • U.S. market exit: removed from U.S. app stores and stopped serving U.S. customers in late 2023 (The Block).
Net: Excellent onboarding and decoy plausibility; penalized heavily for closed infrastructure and telemetry surface.

Machankura USSD feature-phone bridge (niche) Site · Privacy · Terms · Android app · Profile (Bitcoin Magazine)

Core picture

USSD-accessible custodial Lightning wallet for feature phones, enabling sats transfers without mobile data (8333.mobi). Privacy policy covers personal data processing and usage/technical logging (privacy policy).

Key score drivers

High niche UX in low-infrastructure contexts. Moderate Bitcoin purity (wallet is sats; surrounding ecosystem often includes vouchers and telecom rails). Structural identity coupling via phone number and telco infrastructure (SIM registration regimes vary by country).

Evidence-linked specifics

Net: Low global sovereignty score, high niche value as a “feature-phone Lightning bridge.”
About links: Sources are embedded inline (official sites, privacy/terms pages, documentation, and open-source repositories). No “all-links appendix” is used; each claim is linked at the point it appears.

Built as a single-file HTML/CSS page (no external dependencies). Jump back to top.