Bit2: You Control Your Funds—No One Else

Fairgate
·
July 01, 2026
·

Not all Bitcoin Layer-2 constructions provide comparable security guarantees. In some networks, a centralized operator mediates every transaction. The powers of these operators range from relatively minor—such as imposing discretionary transaction fees on specific accounts—to severe, including permanently blocking user accounts or even seizing users' funds. For example, in 2026 Arbitrum's Security Council froze approximately $71 million tied to the April 2026 Kelp DAO/Aave exploit, proving they had full control to do so.

In statechain systems such as Mercury or Spark, the server can collude with a previous owner in the ownership chain and recover control of the coins. In RGB, a transaction aggregator may withhold contract state data, temporarily or even permanently preventing users from accessing their funds.

Self-custody is often presented as a binary property: either users hold their private keys or they do not. In practice, self-custody is multidimensional. A user may possess the private keys and still lose practical control over their assets if the surrounding infrastructure can indefinitely block payments or prevent withdrawals.

We believe there are three complementary properties that together determine whether users truly retain control over their assets:

  • Unilateral Access
  • Uncensorable Exit
  • Mass Exit Safety

These three properties address different failure modes. Unilateral Access concerns ordinary payments inside the layer 2. Uncensorable Exit concerns the ability to withdraw funds to the base layer despite malicious service providers. Mass Exit Safety concerns withdrawals during systemic stress, when many users attempt to leave simultaneously. Together they form a hierarchy of guarantees that characterize practical self-custody.

Each level strengthens the previous one. A payment network that remains safe during a mass exit necessarily provides meaningful uncensorable exits, and one that provides meaningful uncensorable exits necessarily provides practical unilateral access.

Together, these properties determine whether a payment network provides effective self-custody not only during normal operation, but also during infrastructure failures and large-scale network stress.

Unilateral Access

A payment network provides unilateral access when any user can always access or spend their funds within the payment network without relying on the cooperation of any other party.

For payment networks layered on top of a blockchain, such as the Lightning Network, we assume that the underlying blockchain already provides uncensorable access. Our analysis therefore focuses exclusively on Layer-2 properties.

Unilateral access is critical because users should never be forced to trust infrastructure providers in order to transact. They must be able to continue spending their funds even if service providers become unavailable, begin censoring transactions, or behave maliciously. Systems that depend on a single party for data availability or transaction authorization introduce a dangerous failure mode in which funds remain technically owned by the user but become practically unusable.

Bit2 users typically rely on two infrastructure services: a mailbox service and a Timestamp Service Provider (TSP), both selected independently by the user.

If a mailbox provider fails, the user can still receive payment messages through any alternative communication channel, including a direct peer-to-peer connection, e-mail, or even a data availability layer. Bit2 embeds the preferred transport service inside the Destination ID (DID). Similar to a Bitcoin address, a DID contains additional routing information, including the receiver's preferred mailbox provider. It can also include a backup transport service so that, even if the primary provider becomes unavailable, payment messages can automatically be delivered through a secondary preconfigured channel.

Unlike many messaging systems, the transport mechanism is completely decoupled from the payment protocol itself. Mailbox providers merely relay encrypted messages; they neither validate nor authorize payments.

If a Timestamp Service Provider becomes unavailable, the sender can publish a deregistration transaction on the L1 and continue transacting through a lightweight meta-protocol running directly on the base layer. The recovery operation requires only a small L1 transaction—approximately 200 weight units when Bit2 is deployed on Bitcoin, or about 70 bytes of calldata when deployed on an EVM-based chain. At the same time, the user can issue a registration command for another TSP and continue operating normally.

This recovery mechanism differs fundamentally from many other Layer-2 payment systems. In many blockchain-based payment networks, the failure of an infrastructure provider immediately triggers what is known as a mass exit event, where all users attempt to leave the system simultaneously.

Bit2 behaves differently. Because users are not subject to time-limited withdrawal windows, they are free to postpone their exit until network congestion subsides and transaction fees return to normal levels.

Ark illustrates the opposite design trade-off. In Ark, unilateral exit transactions must be completed before the corresponding VTXOs expire. After expiration, the service provider may reclaim the funds. Consequently, during a mass exit event, if L1 congestion causes transaction fees to spike, users may be forced to choose between paying extremely high fees or risking the loss of their assets.

Rollup-based systems face a different limitation. In systems such as Base, if the sequencer becomes unavailable, users cannot immediately continue operating the network themselves. Instead, they must wait for another sequencer to resume operation. For example, in June 2026, Base was down for almost two hours due to a bug in the sequencing code and no backup sequencer. During those two hours, there were no withdrawals or exits allowed. A similar event occurred in 2025.

A somewhat less severe scenario occurs if the sequencer merely censors transactions. In that case, users can eventually force their transactions into the rollup through the L1 using the protocol's forced-inclusion mechanism. Although censorship cannot continue indefinitely, users must still wait for the protocol's sequencing window before the forced transaction becomes part of the canonical L2 state.

The practical lesson is that infrastructure failures should degrade performance—not ownership. A resilient payment network allows users to continue operating, perhaps less efficiently, but never leaves them dependent on the goodwill or availability of a particular service provider.

Uncensorable Exit

Unilateral Exit means that a user can independently complete the withdrawal process without relying on any other party. Uncensorable Exit measures whether a user can always withdraw funds to the base layer without any single actor—or even a majority of a committee—being able to prevent it. In other words, cooperation from another party may still be required, but the protocol guarantees that the cooperation of any single honest participant from a sufficiently large committee is enough to complete the withdrawal.

Although uncensorable exit is slightly weaker than unilateral exit, it still provides a very strong safety guarantee. In practice, it ensures that users' funds cannot be permanently trapped inside the Layer 2 by service providers or infrastructure operators.

The distinction is subtle but important. Unilateral exit is a property of the withdrawal protocol itself, whereas uncensorable exit is a property of the trust assumptions behind that protocol.

Bit2 provides uncensorable exits because neither Timestamp Service Providers, mailbox providers, nor bridge operators can block withdrawals. The Bit2 bridge relies on BitVMX and a 1-of-N honesty assumption: as long as a single pegnatory behaves honestly, any incorrect bridge action can be challenged and a legitimate withdrawal can be enforced. Even if all infrastructure providers disappear, users retain the ability to recover their funds through the bridge.

In contrast, RGB aggregators can withhold state data, preventing users from proving ownership of their assets and effectively blocking access to their funds. Moreover, RGB currently lacks a trust-minimized Bitcoin bridge, meaning users cannot enforce withdrawals to Bitcoin without relying on trusted intermediaries. Consequently, RGB currently provides neither unilateral exit nor uncensorable exit.

The Lightning Network provides both unilateral and uncensorable exits. However, these guarantees become significantly weaker during large-scale failures. If a counterparty controls hundreds or thousands of channels, the requirement to publish penalty transactions before their respective deadlines may make timely exits practically impossible during periods of severe congestion.

Mass Exit Safety

Mass exit safety measures whether a payment network can preserve users' funds and withdrawal guarantees when a large fraction of participants attempts to exit to the base layer simultaneously.

This property is important because many systems advertise unilateral exit under normal operating conditions, yet fail to preserve that guarantee when it is needed most.

If withdrawals depend on narrow time windows, optimistic challenge periods, or a large number of individual L1 transactions, a systemic failure can transform theoretical self-custody into a race for scarce block space. Under these conditions, users may experience expired challenge windows, forced de-pegs, or transaction fees so high that withdrawing small balances becomes economically irrational.

In other words, a payment network should not only survive a bank run—it should preserve every user's right to self-custody throughout the event.

Bit2 is particularly strong on this metric when deployed on an EVM chain. In this case, the bridge contract verifies exit proofs directly on-chain. As a result, withdrawals do not rely on optimistic fraud games or delayed challenge periods. This eliminates one of the principal failure modes of optimistic systems under stress: users do not need to wait for dispute windows to expire while congestion accumulates, nor must they complete multi-step withdrawal procedures before protocol deadlines.

More generally, Bit2's exit mechanism is not tied to a per-user liquidation race against a centralized operator. The only remaining limitation is ordinary L1 inclusion cost. Importantly, the protocol itself does not introduce additional time-sensitive failure modes.

The Lightning Network is considerably weaker under mass-exit conditions. The original Lightning Network paper identifies forced-expiration spam as perhaps the network's greatest systemic risk. If many channels must close simultaneously, Bitcoin block space can become saturated, delaying confirmations until time-sensitive transactions expire. The paper explicitly warns that users interacting with uncooperative peers must have sufficient time for their transactions to confirm.

Ark appears even more fragile. Public Ark documentation describes unilateral exits as slow and expensive because exiting a VTXO requires broadcasting an entire chain of transactions representing the user's branch within the shared UTXO tree. Typical implementations use VTXO expiration periods of roughly seven days together with unilateral exit windows of approximately twenty-four hours. During a large-scale exit event, mempool chain limits and elevated transaction fees may delay confirmations long enough for the Ark Service Provider to reclaim expired VTXOs, potentially causing users to lose funds.

Base, and optimistic rollups more generally, are also comparatively weak with respect to mass exit safety. On OP Stack rollups, withdrawals are intentionally delayed. Users must first initiate the withdrawal, wait for the output root to be published, prove the withdrawal on L1, and finally wait through an approximately one-week fraud-proof window before completing the withdrawal. Although the bridge remains permissionless, the withdrawal process is inherently multi-stage and explicitly dependent on challenge periods. During a mass exit, this requires many users to compete simultaneously for L1 block space while also waiting through fixed dispute windows.

RGB lacks a trust-minimized Bitcoin bridge, it cannot provide mass exit safety.

Overall, Bit2 deployed on an EVM chain provides the strongest mass exit safety among the systems compared here because exit proofs are verified directly by the bridge contract, eliminating optimistic challenge windows while avoiding time-sensitive withdrawal races.

Advancing Bitcoin
into the
Agentic Era

Bit2 is the economic layer for autonomous agents

Markets are operating continuously at scale, with agents emerging as independent economic actors. This transformation requires infrastructure designed for autonomy — neutral, global, deterministic, and enforceable by design.
Bit2 provides the infrastructure for sovereign agents to transact trustlessly on Bitcoin.

Discover Bit2 →

Bit2 Custom Timestamping Failover Policies

A failing TSP should not force users to perform any L1 transaction. In the future, Bit2 will support custom timestamping failover policies, allowing users to predefine when an alternative Timestamp Service Provider (TSP) should automatically become active. For example, a user may specify a daily block-height interval—corresponding to roughly five minutes each day—during which only a secondary TSP is considered valid for the user's commitments. This creates regular synchronization points that allow the user to migrate seamlessly to the secondary TSP if the primary provider has failed.

Alternatively, users may define activity-based failover policies. For example, if the primary TSP fails to publish any timestamp commitments for a configurable period (e.g., one month), the user's account can automatically switch to a secondary TSP. This protects users against complete service outages.

Users may also protect themselves against selective censorship. A policy may specify that if the primary TSP does not timestamp that user's data for a configurable period, the account automatically migrates to a secondary provider. To keep this policy effective even during periods of inactivity, the wallet can periodically generate inexpensive dummy timestamp requests. These act as heartbeat messages, allowing the user to distinguish between a genuinely inactive account and a censoring TSP.

Together, these failover policies allow users to recover from both service failures and censorship with little or no user interaction and, in many cases, without requiring an L1 deregistration transaction.

Swap Exits

Bit2 provides a capability that is unique among the existing Layer 2s: swap exits.

Withdrawing to the L1 unilaterally is generally a very costly operation because it requires succinct proofs of account balances. During a mass exit event, Bit2 users do not necessarily need to withdraw directly to the L1. Instead, they can transfer ownership of their Layer-2 funds to third parties in exchange for assets that are immediately usable elsewhere—for example, wrapped tokens on another blockchain or stablecoins. This allows users with relatively small balances to avoid paying prohibitively high L1 transaction fees during periods of congestion.

In contrast, when the centralized sequencer of a rollup fails, users can no longer transfer ownership within the rollup itself. Their only option is to begin the withdrawal process. Similarly, if an Ark Service Provider fails, users cannot continue transferring VTXOs among themselves; they must individually exit before their VTXOs expire.

Swap exits create a natural market for exit liquidity. A liquidity provider can purchase the Layer-2 balances of thousands—or even millions—of users and later perform a small number of high-value withdrawals. This aggregates many small exits into a few large ones, dramatically reducing the total L1 fees paid by the ecosystem while allowing small users to recover value immediately.

In effect, Bit2 transforms mass exits from a technical scalability problem into an economic optimization problem. Rather than forcing every user to compete for scarce block space, the protocol allows market participants to efficiently arbitrage exit costs by aggregating withdrawals.

Conclusion

Many payment networks advertise self-custody, but the term is often used too loosely. Holding one's private keys is only part of the story. A user truly controls their assets only if they can continue spending them, recover them, and withdraw them under adverse conditions.

This is why we believe Unilateral Access, Uncensorable Exit, and Mass Exit Safety should be viewed as three complementary dimensions of self-custody.

A payment network should first allow users to continue transacting without relying on any single infrastructure provider (Unilateral Access). It should then guarantee that funds can always leave the Layer 2, even if service providers or bridge operators become adversarial (Uncensorable Exit). Finally, these guarantees must remain valid when they are needed the most: during large-scale failures in which many users attempt to withdraw simultaneously (Mass Exit Safety).

Many existing systems satisfy one or even two of these properties during normal operation. The real challenge is preserving all three during periods of systemic stress. A payment network that fails exactly when everyone needs to leave cannot realistically claim to provide unconditional self-custody.

Bit2 was designed around these principles from the very beginning. Its architecture deliberately separates communication, timestamping, and settlement into independent components, ensuring that the failure of one service does not compromise users' control over their assets. At the same time, it avoids time-sensitive withdrawal mechanisms that can collapse under congestion or fee spikes.

Perhaps more importantly, Bit2 recognizes that infrastructure providers are just that—infrastructure. Mailbox providers, Timestamp Service Providers, and even bridge operators should accelerate the network, improve user experience, and compete on quality of service. They should never become trusted gatekeepers capable of deciding who may continue using the system or who may recover their funds.

This philosophy reflects a broader design principle: decentralization is not measured by how many servers participate in a protocol, but by how little power any participant has over someone else's assets.

Even under systemic stress, Bit2 continues to provide users with choices. They may exit directly to the base layer, postpone their withdrawal until network conditions improve, or transfer their Layer-2 funds to a liquidity provider through a swap exit. By allowing markets to aggregate withdrawals efficiently, Bit2 turns what is traditionally a scalability bottleneck into an economic optimization opportunity.

Ultimately, the strongest payment network is not the one that performs best when everything works as expected. It is the one that continues protecting users when everything goes wrong.

That is the standard Bit2 was designed to meet.

Agentic Economy Briefing News

Join us as we track the evolution of agentic payments and beyond.