Bitcoin Lightning Network payment solutions provider Amboss Technologies has launched “Ghost Addresses” — a new type of Lightning Address that enables users to receive payments directly into their own custody, avoiding reliance on dominant custodial wallets.
Lightning Network operates as a network of bi-directional payment channels on top of the Bitcoin blockchain, designed to enable fast and cost-effective micropayments.
Lightning Addresses provide a user-friendly, email-like format for receiving payments on the Bitcoin Lightning Network, like “[email protected].” They simplify the process of receiving payments by providing a static and reusable address, eliminating the need for users to create individual Lightning invoices for each transaction. Lightning Addresses are also often integrated with Nostr-based decentralized social media apps like Damus for payments between users.
Users can already receive payments directly into self-custody using Lightning invoices without relying on custodial solutions, though this isn’t as convenient or automated as Lightning Address payments. However, as setting up a self-hosted Lightning Address server is more complex, requiring a certain level of technical expertise, many users rely on custodial wallet services, like Wallet of Satoshi, to generate and host Lightning Addresses on their behalf.
“Contrary to the trustless spirit of Bitcoin, many applications using Lightning Network for payments rely heavily on centralized, custodial Lightning wallet providers,” Amboss CEO and co-founder Jesse Shrader said in a statement. “This is why we’re very excited to announce the release of Ghost Addresses, which solve this problem by enabling anyone to receive payments directly to their self-custodied wallet using what looks like an email address, bypassing these centralized third parties.”
Amboss’ introduction of Ghost Addresses follows its launch of Hydro in September — a subscription-based auto-sourcing liquidity solution for the Bitcoin Layer 2.
What are Ghost Addresses?
Ghost Addresses merge the convenience of existing Lightning Address formats with more advanced features of the Lightning Network to enhance security and privacy without requiring additional infrastructure. However, it is only suitable for users running their own customized or off-the-shelf Lightning nodes, who are perhaps less likely to use custodial services to begin with.
Users can receive funds directly to their own self-custodial Lightning node via a personalized Ghost Address ([email protected]), without running a separate Lightning Address server. This is done using Phantom Payments, which don’t require any additional node permissions.
More specifically, the destination in Ghost Address invoices is a Phantom node, which doesn’t actually exist, according to Amboss’ website. Instead, each invoice generated includes users’ nodes in the route hints provided by the Amboss API. This enables users’ nodes to intercept the payments, directing the payer to route the payment to the payee’s node through a specific Phantom channel. Users must still ensure they have enough channel capacity to receive payments.
Ghost Addresses are also intended to offer a more private solution than custodial Lightning Addresses, which reveal payment sizes and subsequent transactions, Amboss said. Payments to a Ghost Address reveal the amount of a theoretical payment, but Amboss would not be able to provide proof of completed payments using Ghost Addresses, it added.
Self-hosted Lightning Address servers would be required to improve privacy further. However, Lightning Address servers used in this way need invoice permissions from the node — increasing the attack surface, Amboss said.
Amboss added that Ghost Addresses are compatible with any Lightning Network implementation through integration with its API. However, the only client currently supporting Ghost Address payments is Thunderhub, which uses the LND implementation.
Randomly generated Ghost addresses are free via an Amboss account, but customized addresses require a subscription, the firm said.
In terms of existing alternatives, “Users can already create their own Lightning Address server and give it invoice permissions (macaroons), but so far extremely few users have set this up,” Shrader told The Block — citing the complexity and cost in doing so.
“[Node infrastructure provider] Voltage offers a third-party Lightning Address solution for their users, but this uses an invoice macaroon from the user. [Self-custodial wallet] Zeus also offers a HODL invoice solution, which makes payments stay in a pending state for a long time and has been the cause of expensive force closes [of payment channels] in the network,” he said.
“A bad actor could spam the node with invoice requests and essentially DDOS the node if they got a hold of the invoice macaroon,” Shrader added. “Another key advantage [to Ghost Addresses] is that payments will either go through or fail within a second or two. There is no pending state that could be the cause of a force close or payment that fails at a later time.”
“Custodial wallets are great until they’re not. At no point is someone else holding your funds with a Ghost Address, removing the loss of funds risk,” he said.
However, not everyone wants to run their own Lightning node, limiting the market for Ghost Address functionality. “Not everyone will run a Lightning node and that’s okay! There are several self-custodial mobile Lightning wallets available like Phoenix and Breez that can eliminate custodial risk while providing a user experience that is good and continuously improving,” Shrader said. “Other scaling methods like Cashu and Fedimint enable micro-custodians, which enable shared infrastructure in a privacy-preserving way. These have custodial risk, of course, but not at the systemic scale like FTX or Mt Gox.”
The risk of centralized Lightning Network custody
The reliance of many users on custodial wallet providers to generate Lightning Addresses and hold funds on their behalf, exposes them to the possibility of those services shutting down or ceasing operations due to regulatory demands, risking the accessibility and privacy of their funds.
Last month, major Bitcoin Lightning wallet provider Wallet of Satoshi removed itself from the U.S. Apple and Google app stores, confirming it will not serve customers in the country going forward. The popular Bitcoin Lightning app did not specify the reason for the decision but sought to assure existing customers in the U.S. that their funds were safe and available to transfer to another wallet.
“After the Binance lawsuit, it was clear that custodial wallets that don’t do KYC and AML are at risk if they serve U.S. customers,” Shrader told The Block. “I expect that custodial wallets will exit the U.S. market if they don’t want to cater to U.S. regulations and the increasingly vocal political adversaries in Congress. You can’t ban bitcoin; you can only ban yourself from participating.”
However, there is also a risk that Amboss, as a Ghost Address provider, could alter the node destination for payments. “This offering does involve some trust that the provider isn’t going to steal from users by redirecting payments,” Shrader told The Block. “It’s not in Amboss’ interest to do this; it’d be brand suicide for even a single instance of this.”
In fairness, custodial wallet providers would likely argue the same.
The need for Layer 2 solutions
The recent spike in fees on Bitcoin, driven by a surge in inscriptions-related activity, has highlighted the importance of Layer 2 solutions like Lightning. The average number of daily transactions on Bitcoin reached an all-time high of 621,000 yesterday, according to The Block’s data dashboard.