Downloads · Bitcoin Ghost

Ghost Tap · wallet + merchant terminal

Self-custodial Ghost wallet.

Ghost Tap is the reference wallet for Bitcoin Ghost. Holds L1 BTC, receives and spends L2 shielded notes, opens Wraith mixing sessions, runs a merchant terminal for in-person Bitcoin payments. Keys live on your device — the wallet never phones home and never shares a balance with a server.

iOS

iPhone · iPad

iOS 16+ · universal · TestFlight while App Store review is pending.

TestFlight →

Android

Phone · Tablet

Android 11+ · Play Store + signed APK (reproducible build).

Play Store → APK

Desktop

Linux · macOS · Windows

x86_64 + arm64 builds. Same Rust core as the mobile apps.

Download →

L1 + L2 in one wallet bitcoin + shielded

Send and receive regular Bitcoin on L1, plus shielded notes on Ghost Pay's L2. One seed, one backup.
Merchant mode point of sale

Accept L2 payments with instant confirmation. Generate receipts, export CSV at end of day, auto-sweep to cold storage.
Wraith mixing built-in

Join a coordinator-free mixing round with one tap. Break the transaction graph whenever you want, no third party involved.
Self-custodial your keys

BIP39 seed, BIP44 key derivation, encrypted device keychain. No accounts, no KYC, no server balance lookups.
Light wallet backend GSP

Syncs via the Ghost Silent-payment Protocol — the backend never learns which addresses belong to you.
Tor by default no metadata leak

Every network request is routed through an in-app Tor client. No exit IP leak, no ISP inference, no clearnet fallback.

Ghost Core + Ghost Pool · node software

Run a Ghost node.

Bitcoin Ghost runs the same ghost-core full node as the network, plus the ghost-pool daemon that earns rewards and votes on payouts. Most operators install both — the same server runs mainnet in one process and ghost-pool in another, sharing the on-disk chain. See the nodes page for hardware requirements and the full operator guide.

ghost-core

Full node

Clean Bitcoin Core v30 fork. Validates blocks, serves peers, relays transactions. Same CLI as Bitcoin Core.

Binary → Source

ghost-pool

Pool daemon

Earns share rewards, handles Stratum, participates in BFT payout consensus with the rest of the mesh. Requires ghost-core running.

Binary → Source

ghost-pay

L2 daemon

Optional. Participates in Ghost Pay L2 reconciliation. Required to claim the +4 Ghost Pay capability share.

Binary → Source

Linux binaries x86_64 · arm64

Static musl builds, no runtime dependencies. Shipped as .tar.gz and as .deb / .rpm packages for the major distros.
systemd units included one-shot install

ghost-core.service, ghost-pool.service, and ghost-pay.service ship inside the tarball. Drop them in /etc/systemd/system and enable.
Docker images ghcr.io

Signed multi-arch images at ghcr.io/bitcoin-ghost/ghost-core, …/ghost-pool, …/ghost-pay. A reference docker-compose.yml wires the stack together.
macOS + Windows personal use

Desktop builds for operators who want to run a node on their workstation. Not recommended for production mesh participation — Linux is the supported server target.

Ghost CLI · power users

Command-line tools.

ghost-cli is a single static binary that talks to ghost-core and ghost-pool over RPC. Generate addresses, inspect blocks, query pool state, manage a light wallet from a terminal.

ghost-cli

RPC client

Node RPC + pool RPC in one binary. Works against local or remote daemons over TLS.

Download →

ghost-light-wallet-cli

Light wallet

Command-line light wallet backed by GSP. Send, receive, check balance — no full node required.

Download →

ghost-light-wallet-tui

Terminal UI

Full-screen ncurses wallet for servers. Same GSP backend as the CLI, prettier interface.

Download →

verify your download

Check every binary before running it.

Every Ghost release is signed. Verify the signature before you install anything — a release you didn't verify is a release you can't trust. Three steps:

1

Import the release key

gpg --keyserver keys.openpgp.org --recv-keys 0xDEFENWYCKE — replace with the fingerprint published on the release page. Always cross-check the fingerprint against defenwycke.org and the pinned GitHub commit.
2

Verify SHA256SUMS.asc

Download SHA256SUMS and SHA256SUMS.asc from the release. Run gpg --verify SHA256SUMS.asc SHA256SUMS. You should see Good signature from defenwycke and a matching fingerprint.
3

Check the binary hash

Run sha256sum -c SHA256SUMS --ignore-missing. Each downloaded binary must match. If any line says FAILED, stop — delete the binary and report it on the issue tracker.

Builds are reproducible — the release tarball contains a Guix manifest and a build script that produces byte-for-byte identical binaries from the tagged source. Run the build yourself if you don't want to trust defenwycke's machine.

source · reproducible builds

Build it yourself.

Every binary on this page builds from a public git tag. Nothing is compiled on a private machine and pushed as an opaque blob. If you spot a divergence between your build and the signed release, that's a bug — open an issue.

clone + build

git clone https://github.com/bitcoin-ghost/ghost
cd ghost && git checkout v1.0.0
cargo build --release --workspace

Binaries land in target/release/. Full build instructions, dependencies, and Guix manifest in the repo README.

Source on GitHub → Build docs

Ghost software.

Self-custodial Ghost wallet.

Run a Ghost node.

Command-line tools.

Check every binary before running it.

Build it yourself.