TL;DR
- Users reported that BTC funds were transferred from older Alby wallets without warning.
- Alby updated its terms in March to allow full balance removal after 12 months of inactivity.
- While current accounts are self-custodied, thousands of legacy wallets were still controlled by the company.
Alby Wallet, a widely used app for managing BTC via the Lightning network, is under scrutiny after users claimed their balances were moved without explicit consent. The issue centers on legacy accounts created before Alby transitioned to a self-custody model in 2023. According to several reports, BTC balances disappeared from inactive wallets after a full year with no transactions.
What raised the most concern is that the move was made possible by an updated “Terms of Service” agreement introduced in March. This update included a clause allowing Alby to drain legacy wallets with no activity over 12 consecutive months. While the company said multiple warnings were issued and users were encouraged to migrate their funds, many were unaware of the changes until their balances were gone.
Global Crypto Reactions Spark Concern
One of the most notable cases involved security expert Yu Xian (@evilcos), founder of the SlowMist team, who confirmed losing his remaining BTC balance after prolonged inactivity. Although the amount was small, the fact that a wallet could access and transfer funds without user initiation alarmed users who value the principle of holding their private keys.
It’s important to note that all new Alby wallets are now fully self-custodied, meaning users retain complete control of their private keys, and such balance removals are no longer possible. However, legacy wallets were custodial by design, allowing the platform shared access, which enabled the enforced inactivity rule.
Technical Transition and Regulatory Framework
Alby operates under EU regulations and is registered as a financial service provider, which grants it legal grounds to manage inactive accounts. In addition, the company is in the process of migrating its services to a new data center, which has led to temporary service pauses for some users.
Despite the backlash, Alby has opened a support line for affected users and stated that funds may still be recoverable, though without concrete guarantees. This incident highlights the difference between centralized custodial services and decentralized, key-controlled alternatives.
In a landscape where long-term asset control is crucial, this episode with Alby reinforces the importance of opting for wallets where only the user has access.
