How it works
Blockstream Green is a Bitcoin and Lightning wallet for iOS, Android, Windows, macOS and Linux. Its default account type is a 2-of-2 multisig: one key sits on the user's device, the second on Blockstream's servers, and any spend requires both signatures. The server signature is gated by an app-based 2FA prompt, so a stolen phone alone cannot move funds. If Blockstream ever stops co-signing — outage, shutdown, subpoena — the wallet's outputs become spendable after a configurable timelock, set to 90 days by default. The same app also offers a singlesig mode that follows BIP39, BIP44, BIP49, BIP84 and BIP86 (Taproot), so the recovery phrase imports cleanly into other wallets. Hardware signers (Jade, Ledger, Trezor) plug in over USB or Bluetooth, and Lightning is delivered through Greenlight, Blockstream's non-custodial node-as-a-service, with trampoline routing enabled by default.
KYC & privacy
Green asks for nothing at signup — no name, no email, no phone. An email address is offered only as an optional recovery aid; users can skip it. Tor is a single toggle in settings, and the metadata that syncs across devices (transaction notes, account labels) is end-to-end encrypted before reaching the cross-device service. The trade-off is the cosigner: in multisig mode, Blockstream's server sees every address and every spend it co-signs, even if it cannot identify the user behind them. Singlesig mode removes that visibility, at the cost of the 2FA. The effective KYC tier is L1 — anonymous: no compulsory data collection, no AML screening, no ability to freeze a balance the operator does not custody.
Strengths and limits
The architecture targets a real beginner failure mode: most self-custody loss is device theft and seed mishandling, and a remote cosigner mitigates both without taking custody. The 90-day timelock turns trust Blockstream into trust Blockstream for three months, a meaningful difference. Open-source code under GPL, a decade of corporate continuity, and broad platform coverage all sit on the credit side. The limits are structural. WalletScrutiny lists Green's Android builds as not reproducible, which means the binary shipped on the Play Store cannot be byte-matched against the public source. No third-party security audit has been published. And the metadata leakage of the multisig mode is exactly what privacy maximalists object to, even when no KYC is involved.
Verdict
Blockstream Green is the most polished self-custody Bitcoin wallet that still ships a server-side 2FA path, and the timelock is what makes the trade-off defensible. Pick it if managed 2FA without a custodian is the priority; switch to singlesig if you would rather Blockstream see nothing at all. Grade: A- (8.9/10). Trust: TRUSTED.
Blockstream Green is the most polished self-custody Bitcoin wallet that still ships a server-side 2FA path, and the timelock is what makes the trade-off defensible. Pick it if managed 2FA without a custodian is the priority; switch to singlesig if you would rather Blockstream see nothing at all. Grade: A- (8.9/10). Trust: TRUSTED.
