Case file · Exchange
RoboSats
One click generates a robot avatar. No email, no username, no account — just a Lightning trade over Tor.
The systematized overview
The bureau vs the internet.
8.1/10 · Guaranteed no-KYC
The strongest no-account posture we have reviewed in the category: there is no registration to KYC, only a throwaway robot avatar over Tor. The trade-off is reliability, not identity — outages, thin liquidity, and a brief coordinator-controlled settlement window are the real risks.
3 recurring praises · 3 recurring gripes
Most praised: genuinely no-kyc and private, with fast lightning settlement. Most cited downside: outages and downtime with little status communication.
We track our editorial score and community sentiment separately — neither moves the other. Read together, they're the systematized overview.
The facts
Custody & jurisdiction.
- Jurisdiction
- No legal entity; pseudonymous FOSS project, federated coordinators
- Custody
- Mostly non-custodial (Lightning hold-invoices); brief coordinator-controlled settlement window
- Escrow
- Lightning hold-invoices act as bond + trade escrow
- Traded
- Bitcoin over the Lightning Network; fiat settled peer-to-peer
- Fiat rails
- No — peers settle fiat directly between themselves, off-platform
- Payment methods
- Any method the two peers agree on (SEPA, bank transfer, cash, gift cards, in person)
- Payment privacy
- Peer-chosen; Tor + PGP hide identity from the coordinator; not natively Monero
- Disputes
- In-app PGP chat, then coordinator arbitration; bonds default ~3%
- KYC trigger
- None — there is no account to attach an ID requirement to
- Open source
- Yes — AGPL-3.0, github.com/RoboSats/robosats
- Audited
- No independent security-audit report found
- Operating since
- 2022 (federated model adopted later); experimental, no SLA
The full read
Our analysis, in plain words.
RoboSats is the purest expression of the no-KYC idea in this category: it removes the account entirely. There is no login, no email, no username - a single click mints a disposable "robot" avatar, and trades run over Tor with PGP-encrypted peer chat. On the privacy axis there is almost nothing to critique, and a specialist no-KYC directory (kycnot.me) scores it a perfect 10.
The honest caveats are all on reliability, not identity. RoboSats is Bitcoin/Lightning only, liquidity is thin because it is pure peer-to-peer with no market makers, and the project has suffered real outages - including a roughly three-week stretch where the main site was unreachable. It is also mostly, but not entirely, non-custodial: during the settlement moment the coordinator controls the hold-invoice, a narrow window their own documentation flags as the point of maximum trust.
We could not find any independent security audit, and there is no legal entity behind the project - a deliberate design choice that buys censorship-resistance at the cost of recourse. For a privacy-maximalist who values never handing over identity above all else, RoboSats is close to ideal. For someone who wants dependable, high-liquidity access, the reliability trade-offs are real and are exactly why the score sits at 8.4 rather than higher.
The score, broken down
How the 8.1 is built.
Privacy
weight 50%What identity, data and metadata the service can demand or collect.
94 × 50% = 4.7 of 10
Trust
weight 30%Whether it can technically deliver what it claims — code, audits, age.
72 × 30% = 2.2 of 10
Reliability
weight 20%Whether the no-KYC claim holds under real-world pressure.
62 × 20% = 1.2 of 10
Weighted total 8.1 / 10 · no reliability rule triggered, so the score stands. See the rubric →
Every point, sourced
What earned the score.
Privacy
The fine print, read for you
The clause they bury.
“No registration at all. With a single click you will generate a robot avatar: that’s all you need. Since no email, phone, username or any input from the user is needed, there is no possible way to make a mistake and doxx yourself.”
What it meansThere is no account to attach identity to, so there is no discretionary "we may request ID" surface at all. This is what a structural level-0 reads like: privacy is the absence of a data-collection step, not a promise that could be reversed later.
Read the source →“The escrow could be permanently lost if RoboSats were shutdown or suddenly disappeared between the seller confirming fiat was received and the moment the buyer’s Lightning wallet registers the released escrow funds.”
What it meansRoboSats is mostly non-custodial, but the coordinator briefly controls the hold-invoice during settlement. It is a narrow window and disclosed in their own docs, but it is the one moment your funds depend on the coordinator staying online and honest.
Read the source →None. There is no account, so there is nothing to gate. Identity is never requested at any point — not to generate an avatar, not to trade, not to settle. Trust is per-coordinator (each arbitrates its own disputes), but no coordinator has a KYC mechanism.
Policy review — point by point
-
No account, so no identity clause exists
There is no terms-of-service surface that could reserve a right to demand ID, because there is no account or user record to attach it to. ↗
-
Coordinator arbitrates disputes
Each federated coordinator publishes its own privacy/data policy and resolves disputes; you are trusting the specific coordinator you trade through, not one central company. ↗
-
Settlement-window custody risk
Their own escrow docs disclose that funds could be lost if the coordinator vanished at the exact settlement moment. ↗
There is deliberately no jurisdiction to point at: RoboSats is a pseudonymous open-source project, and each coordinator operates independently, often behind a Tor .onion service. This makes it very hard to censor or subpoena, but it also means there is no company to hold accountable and no consumer-protection recourse if a coordinator misbehaves.
We keep watching
Incident & policy timeline.
- 2024
A coordinator node failure (recovery unconfirmed)
A federation coordinator ("Temple of Sats"), not core RoboSats, had an LND node degrade after a storage fault and force-close channels. Recovery of the stuck funds was reported as likely but is not confirmed by the cited source. It underlines that reliability and custody are per-coordinator, not monolithic.
source ↗ - 2025
Multi-week outage of the main site
The primary website and Tor link were offline for roughly three weeks; secondary onion addresses stayed up. No funds were lost, but it is the clearest example of the availability risk of an experimental, volunteer-run project.
source ↗ - Ongoing
No exit scam, seizure or court action on record
Across public sources we found no coordinator absconding with funds, no law-enforcement seizure, and no court case. The structural risk (a "shady coordinator") is acknowledged in their docs but has not been realised at scale.
source ↗
The verdict
Where it stands.
Strengths
- No account of any kind — identity is never collected, so there is nothing to leak or subpoena
- Open source (AGPL-3.0) and Tor-first, with PGP-encrypted peer chat
- Federated: no single company or server is a point of control or failure
- Very low, transparent fees (0.2% total)
Trade-offs
- No independent security audit report could be found
- Availability is a real weakness — multi-day and multi-week outages have happened
- Thin liquidity: pure P2P with no market makers, and small trade sizes
- A brief coordinator-controlled settlement window is the one non-custodial gap
- No legal entity means censorship-resistance but also no recourse if a coordinator misbehaves
Across the internet
What reviewers report.
Consistently praised
- Genuinely no-KYC and private, with fast Lightning settlement
- Low, transparent fees
- Strong safety record cited (thousands of orders, very few disputes)
Recurring complaints
- Outages and downtime with little status communication
- Thin liquidity and small maximum trade sizes
- Occasional counterparty scam attempts on the fiat side
Community sentiment skews positive-with-caveats: users trust the privacy model and the record, but downtime and liquidity are recurring frustrations. Aggregated from Bitcoin Magazine, Stacker News threads and the independent kycnot.me listing.
Ask the bureau
RoboSats, common questions.
Does RoboSats require any ID or account?
No. You click once to generate a random robot avatar and that is the entire "signup". There is no email, phone, username, or verification anywhere in the flow, which is why we rate it KYC level 0.
Is RoboSats custodial?
Mostly not. Trades use Lightning hold-invoices, and your bond auto-returns even if RoboSats disappears. The one exception is a brief settlement window where the coordinator controls the escrow hold-invoice — disclosed in their own docs as the moment of maximum trust.
Why is the score not higher if privacy is maximal?
Because we weight Reliability at 20%, and RoboSats has had multi-week outages, thin liquidity, and no published security audit. Identity protection is excellent; day-to-day dependability is the weaker axis.
Does RoboSats accept Monero?
It is Bitcoin/Lightning-centric. Monero is not a native pair, though peers occasionally agree to it as a payment method in chat. Fiat is settled directly between the two traders using any method they agree on.
Your exact case not covered? The live Ask the bureau answers it and turns it into a public FAQ.