Website: cypherbox.io · Community: Telegram · Email: info@cypherbox.io
Cypher Box walks you up the self-custody ladder: start with an easy custodial Lightning account, graduate to a non-custodial Lightning vault on the Ark protocol, and land in full on-chain cold storage.
Forked from BlueWallet 6.5.1. Built with React Native + Electrum, powered by Strike, Coinos, and Second's Bark SDK.
| Rail | Custody | Network | Best for |
|---|---|---|---|
| ⚡ Lightning Accounts | Custodial (Strike / Coinos) | Lightning | First sats, everyday spending |
| ⛵ Bark Vault | Self-custodial | Ark protocol (L2) | Lightning speed, your keys |
| 🔥 Hot Vault | Self-custodial | Bitcoin on-chain | Savings on your device |
| 🧊 Cold Vault | Self-custodial (watch-only) | Bitcoin on-chain | Hardware-signed savings |
Swap between rails in-app: Lightning ↔ Bark, top-up vaults from Lightning, withdraw Lightning to vaults.
- Multi-currency balances via Strike + Coinos (USD, EUR, GBP, AUD and more)
- OAuth login (Strike) or credentials (Coinos); tokens live only in your device Keychain
- Send/receive Lightning and on-chain BTC; Liquid receive via Coinos
- Lightning addresses, payment history, withdrawal-threshold reminders
- Real-time payment notifications via a self-hosted relay
- Swap between accounts, withdraw to vaults, top-up from vaults
Your sats live in lightning capsules (VTXOs) on Bitcoin mainnet via the Ark protocol and Second's Bark SDK. Self-custodial: you can always exit to the chain without the server's permission.
-
Send & receive over Lightning, receive on Ark addresses, board from on-chain
-
Capsule dashboard with color-coded expiry at a glance:
Capsule age Meaning 🟢 21+ days left Fresh, nothing to do 🟡 14–20 days Past the midpoint 🟠 7–13 days Refresh window open 🔴 < 7 days Refresh now, reminders firing -
Tap-to-refresh reminders: up to 5 escalating notifications (4d/2d/24h/12h/6h) before any capsule expires; tapping one opens the app with the refresh already running
-
Encrypted backups (
.cbark): iCloud Drive on iOS, folder of your choice + Google Drive on Android, verified round-trip at wallet creation -
Emergency exit: unilateral on-chain sweep, no server cooperation needed
-
Transparent fees shown inline before every action
- Keys generated and stored on-device, never leave it
- SegWit-first, BIP39, RBF + CPFP
- Coin control with UTXO visualization: label, consolidate, pick coins
- Cold Vault: watch-only + PSBT signing with BBQr animated QR for airgapped hardware
- Custom Electrum server support, plausible deniability
Every release is reproducible:
- CI builds the unsigned bundle twice in a pinned container and fails on any byte difference
- Releases ship with the unsigned artifact + SHA-256 and a signed git tag: releases
- Rebuild it yourself:
make repro-verifyat any release tag - walletscrutiny/ contains the verification script for comparing the Play Store binary against this source
- PRs are gated by dependency review, secret scanning (gitleaks), and unit tests
Minimum Node/npm versions: see
enginesinpackage.json(use even-numbered LTS). Toolchain pins, Gradle cache rules, codegen gotchas and other build-environment notes live in docs/BUILD.md.
git clone https://github.com/CypherBoxLLC/Cypher-Box.git
cd Cypher-Box
npm ci # always ci, never plain install — keeps the lockfile authoritative- Open
android/in Android Studio - Start an AVD or connect a device
npx react-native run-android
npx pod-install
npm start
# in another terminal:
npx react-native run-iosiOS Simulator debug: Product → Destination Architectures → Show Both → pick a Rosetta-compatible simulator.
npx pod-install
npm start
# open ios/BlueWallet.xcworkspace, scheme BlueWallet-NoLDK, Run- ⏳ Bark SDK 0.11.x upgrade: offline wallet open, truthful send status, stuck-payment recovery
- ⏳ iOS TestFlight → App Store release
- ⏳ Incoming on-chain transaction notifications with capsule visuals
- ⏳ Revive the e2e test suite on RN 0.77
Found a vulnerability? Email info@cypherbox.io — please don't disclose publicly until it's resolved. Valid, responsible disclosures may qualify for a bounty based on severity. See SECURITY.md.
License: MIT · Upstream: BlueWallet · Bark SDK: Second