logo

Hide your Nuts!

Nutstash is a custodial lightning wallet for your browser, that uses the cashu ecash protocol to let you send and receive sats immediately, anonymously and privately.

Nutstash

A custodial lightning wallet without accounts

Ecash for Privacy

nutstash is a custodial lightning wallet that uses the Cashu ecash protocol to protect your privacy.

Transact Anonymously

Ecash works without accounts. Cashu tokens are bearer assets, that are stored locally on your nutstash wallet.

Ecash for Privacy

Choose your custodian nutstash is not a custodian. The custodian of your sats are the mints you connect to.

Stashing Features

Nutstash wallet comes with a suite of features

Choose your custodians
Nutstash lets you connect to multiple Cashu mints. They will custody your sats and issue the ecash.
Send and receive ecash
Easily send and receive Cashu ecash tokens.
Pay and receive via Lightning
Pay lighting invoices anonymously. Receive Lightning sats anonymously.
Send and receive sats via nostr private messages
Activate Nostr in the settings in order to send and receive tokens. You can generate throwaway keys or link up your Nostr handle via an extension like nos2x.
Swap between mints
Seamlessly exchange Cashu tokens from one mint to the other
Air-gapped token transmission
Send peer-to-peer ecash without leaving a trace by using nutstashs animated QR codes.

Progressive Web App (PWA)

Install Nutstash as a PWA on your device via browser. (iOS, Android or desktop)

  1. Open Mobile Browser

    Using your mobile native internet browser, open an existing or create a new wallet at https://wallet.nutstash.app.

  2. Save to Home Screen

    Using your internet browser (on mobile, use the native browser) go to the browser settings, and look for an "install" or “Save to Home Screen” option.

  3. Offline Access

    Once Nutstash is saved in your device home screen, you’ll be able to access your wallet anytime. You can even send tokens peer-to-peer when you are offline

Browser Wallet

Nutstash can be accessed in any browser

Open nutstash in the browser to instantly receive sats, anonymously, without creating an account.

Self host

Nutstash can easily be self hosted, so you know your code gets shipped safely

Install on umbrel
Install with Docker
Run from source
1. Clone it
  
                    
2. Install it
cd cashu-wallet
npm i
3. Run it
npm run dev

Join the party

Join us on telegram

FAQ

safety and privacy

Are there any risks when using nutstash?

Yes. In fact, there are many risks. Make sure to understand them before putting any sats into nutstash.

  • Nutstash and the underlying Cashu protocol are still in early development. Funds might be lost forever due to bugs in the software or the protocol.
  • Nutstash is a ecash wallet interface. It is not a lightning wallet, and it does not run a lightning node. Nutstash leverages the Cashu protocol to communicate with Cashu mints to integrate with lightning. Therefore, the mint is running the lightning infrastructure and custodies the satoshis for the mints ecash users. Users have to trust the mint to redeem their ecash once they want to swap out to lightning.
  • Ecash tokens are bearer asset tokens. This means the data that gets stored in the wallet (browser local storage) represents the actual money itself. Should the storage be wiped, funds will be lost.
  • Nutstash is a PWA, a progressive web app. This has the benefit of accessability, since it doesn't rely on appstores listing and not banning the app, but it opens up a whole plethora of security risks. For example, the updates can be pushed from the server to devices without notice. So if the server that ships nutstash gets compromised, so will every wallet. Of course we will try our best to keep the wallet as safe as possible, but please be aware that there are inherent limitations to this model.

Please take these risks seriously. Don't put any money into nutstash that you're not willing to lose.

How much privacy does nutstash/Cashu provide?

The Cashu protocol offers a blinding mechanism to unlink the creation of an ecash token from its redemption. This gives the mint or anyone else no direct link for parties involved in a transaction. The cashu protocol also works entirely without accounts. So theoretically it is impossible for a mint operator to determine how many users it has and who they are.

There are a few things to consider though.

Privacy chokepoints

  • Swapping in and out of the mint requires lightning transactions. While sender privacy is pretty good on lightning, the mint will almost certaily be able to identify a receiver that is getting paid through the mint. This still doesn't deanonymize the sender, but it does give the mint the power to censor certain payments.
  • Larger amounts most likely have less good privacy properties, due to their token denominations being rare. Cashu uses fixed (power-of-2) token denominations to create a hide-in-the-crowd effect. But the larger a token gets, the more likely it is that fewer and fewer of them exists, and at some point there is no crowd to hide anymore. If there is only one token of a specific denomination, it can always be linked back to its creation.

Inter-protocol privacy

  • Cashu does offer decent privacy at the protocol level, but it does not take into consideration network level privacy. Mints may try to collect network data such as access time, IP addresses and or other metadata. To achieve better network level privacy users should rely on tools that specialize in that, such as tor, mixnets, VPNs etc..
  • Cashu transactions happen 'out-of-band', which shifts the responsibility to use secure channels for sending tokens. The most secure channel is to send tokens air-gapped (via QR codes), since it doesn't leave any trace of out-of-band data. If tokens need to be sent over a network, it should always be done over an end-to-end encrypted channel, preferably with self destructing messages.

Cashu Basics

How does the Cashu ecash protocol work?

See http://lconf.gandlaf.com or https://www.youtube.com/watch?v=UNjVc-WYdgE&t=105s for an introduction to the Cashu protocol. Or read the Cashu NUTs (Notation, Usage, Terminology) in Github here: https://github.com/cashubtc/nuts

Can I create a Cashu account?

Cashu doesn't have accounts. In fact, you don't need one. All the tokens are stored client-side, on your device.

Cashu Mints

What is a mint?

Mints are Lightning node runners, that have decided to let you use their Lightning infrastructure to offer you a service. They will act as a custodian for your satoshis on the Lightning network, while they issue ecash to you, the user. You can think of it as in free banking, where the bank issues their own bank notes that is backed by gold.

Can mints see my IP address?

Yes. Cashu doesn't protect against network level heuristics per default. Users should take precautions to protect themselves against leaking network meta data by using privacy tools such as tor.

Which mint should I choose?

Right now, Cashu is in its early development. There are not yet any professionally run mints. Find mints for playing around here: https://mintindex.gandlaf.com

Can I run my own mint?

Yes you can, and you should! At least for now, as we are still in the early testing phase. You can easily set up a mint by installing the Cashu extension on LNBits. (It's literally 2 clicks)

Can I use tokens from one mint at another mint?

No. Each mint has their own tokens. You can however use the tokens from one mint and swap them over lightning for tokens from another mint.

Tokens and Wallets

What is a Token?

A "token" (also known as "ecash" or in slang "a nut") is a piece of data that consists of a blindly signed secret. It was signed by the mint with the private key for a specific amount. Therefore a token is an IOU representation of satoshis that are custodied at the mint.

What is an ecash wallet?

An ecash wallet is a special type of wallet. Ecash wallets are always custodial, since the ecash itself has no value. Cashu ecash represents satoshis, but the keys that control the actual satoshis on-chain are at the mint. So the easiest way to compare an ecash wallet is with another custodial lightning wallet, like wallet of satoshi.

Ecash wallets come with some additional features over traditional custodial wallets, such as:

  • No accounts: Since ecash is bearer asset tokens, Cashu doesn't require accounts and balances to keep track of users funds
  • Enhanced privacy: Due to the fact that there are no accounts, plus the blinding mechanism for creating ecash, users inside a mint cannot be distinguished from one another.
  • Send/receive at ecash layer: We can send funds at the ecash layer, without touching the lightning network. This allows for out-of-band or air-gapped value transfers.
  • Store all data locally: No data has to be stored at any servers.