Separate legit bitcoin lending sites from scams. Covers Celsius/BlockFi lessons, a 10-point due diligence framework, DeFi vs CeFi platform reviews, and red flags.
Arkadii Kaminskyi
Arkadii Kaminskyi
Head of Operations at Sats Terminal
Head of Operations at Sats Terminal with 5 years of experience in crypto. Specializes in DeFi, yield farming, and borrowing — has reviewed 50+ crypto products.
Not every bitcoin lending site that launched in the last five years is still operating today — and several that collapsed took customer funds with them. If you are researching where to borrow against your Bitcoin, the most important question is not which platform offers the lowest rate. It is whether that platform will still be there when you need to repay, and whether your collateral is safe while your loan is open. This guide walks through the full evaluation process: why the industry's track record demands skepticism, a ten-point due-diligence framework you can apply to any lender, a curated list of platforms that have generally held up to scrutiny in 2025 (DeFi and CeFi separately), a red-flag checklist, and a breakdown of how proof of reserves actually works. Whether you are a first-time borrower or a seasoned holder looking to diversify your approach, the goal is to give you the tools to make an informed decision rather than a hopeful one.
The phrase "legit bitcoin lending site" sounds simple, but the history of the sector proves it is anything but. Between 2021 and 2023, several high-profile centralized lenders either froze withdrawals, filed for bankruptcy, or were shut down by regulators. Understanding what went wrong is not just a history lesson — it is a map of the failure modes you need to screen for.
Celsius grew to manage roughly $12 billion in customer assets by mid-2022. It marketed itself as a safe, high-yield alternative to traditional savings accounts for crypto holders. In reality, it was lending customer funds to illiquid counterparties, taking on leveraged positions, and using depositor assets to prop up its own CEL token. When the broader market turned and liquidity dried up, Celsius froze withdrawals in June 2022 and filed for Chapter 11 bankruptcy weeks later. Customers waited years in bankruptcy proceedings to recover partial amounts. The lesson: yield promises do not reveal what a platform does with your assets behind the scenes.
BlockFi operated as a regulated lending business with a US focus and accepted retail deposits in exchange for interest-bearing accounts. It had exposure to Three Arrows Capital (3AC), the crypto hedge fund that collapsed in 2022 after highly leveraged positions unwound. When 3AC defaulted, BlockFi's balance sheet was severely damaged. It received a $400 million credit facility from FTX — which itself collapsed in November 2022 — and BlockFi filed for bankruptcy shortly afterward. The platform had passed many surface-level checks: it was US-based, had regulatory settlements, and published some financial disclosures. What it lacked was adequate counterparty risk management and independence from a collapsing exchange. You can read more about these failure categories in our guide on crypto lending risks every borrower should know.
Voyager was a publicly traded company in Canada, which gave many users a false sense of security. It had audited financials and regulatory oversight. It also had a $650 million loan exposure to Three Arrows Capital with minimal collateral. When 3AC defaulted, Voyager could not cover withdrawals and halted operations in July 2022. Being publicly traded did not protect customers. Counterparty risk — the danger that the entity your lender lends to will fail — can bring down even an apparently well-governed platform. You can also read more about these failure categories in our guide on crypto lending risks every borrower should know.
Cred was a smaller lending platform that collapsed in 2020. It filed for bankruptcy after an executive allegedly embezzled funds and a lending partner defaulted. Cred had marketed itself through partnerships with reputable exchanges and held regulatory licenses. The collapse happened before the broader 2022 wave and showed that problems can emerge from internal fraud, not just market events.
Across all four failures, several patterns repeat: opacity about how customer funds were used, rehypothecation of collateral without adequate disclosure, concentrated exposure to single counterparties, and mismatch between the liquidity of assets held and the liquidity promised to customers. A platform can be professionally managed, regulated, and publicly traded and still fail because of these structural issues. This is why surface-level signals — name recognition, regulatory status, polished marketing — are insufficient. You need to go deeper.
Before depositing Bitcoin as collateral with any lender, work through the following checklist. No single item is decisive on its own, but together they give a reasonably complete picture of platform safety. Our dedicated guide on evaluating crypto lending platforms goes into additional depth on each dimension.
The single most important question: who controls your Bitcoin while your loan is open? There are three basic models. In non-custodial DeFi, a smart contract holds collateral and no individual or company can move it without triggering the protocol's programmed rules. In custodial CeFi, the lender holds your Bitcoin and you rely on their honesty, solvency, and operational security. In multi-signature CeFi, your Bitcoin is held in a wallet that requires multiple independent key holders to authorize any transaction. Understand exactly which model applies before you proceed. The difference between custodial and non-custodial lending has major implications for your risk exposure.
Does the platform publish verifiable proof that it holds the assets it claims to hold? A genuine proof of reserves attestation uses a Merkle tree structure: every customer's balance is included in a tree whose root hash can be verified on-chain or against a cryptographic commitment, and an independent auditor confirms the platform controls the corresponding wallet addresses. Marketing statements that say "we hold 1:1 reserves" without cryptographic proof are not proof of reserves. They are claims. See our full explainer on proof of reserves and transparency for the technical details.
For DeFi platforms, check whether the smart contracts have been audited by reputable security firms, whether the audit reports are publicly available, and whether any critical vulnerabilities were found and addressed. For CeFi platforms, check whether they have had financial audits by recognized accounting firms and whether those reports are public. A platform that claims audits but cannot produce the reports is a yellow flag. Learn more about what smart contract security audits actually cover and their limitations.
Regulatory compliance does not guarantee safety — Voyager and BlockFi proved that — but the complete absence of regulatory engagement is a warning sign, particularly for CeFi platforms serving retail customers. Check whether the platform holds relevant licenses in the jurisdictions where it operates, whether it has disclosed any regulatory actions against it, and whether it is transparent about its legal structure. Be cautious about platforms that emphasize offshore registration or make a selling point of avoiding regulation.
Rehypothecation means a platform uses your collateral as collateral for its own borrowing or lending activities. This creates a chain of dependency: if the platform's counterparty fails, your collateral may be at risk even though your loan is in good standing. Ask explicitly whether the platform rehypothecates collateral. If the answer is yes, or if the terms of service allow it without disclosure, treat this as a significant risk factor. DeFi protocols generally do not rehypothecate because the smart contract logic does not permit it — but verify this in the protocol documentation.
Is the leadership team publicly identified with verifiable professional histories? Founders and executives who operate under pseudonyms in CeFi lending create accountability problems — if funds disappear, there is no named individual to pursue. This standard applies differently to DeFi, where decentralized governance can function with pseudonymous contributors, but for custodial platforms specifically, team transparency matters.
What insurance, if any, does the platform carry? For centralized platforms, look for coverage from recognized insurers (not internal "reserve funds" labeled as insurance). For DeFi protocols, some projects carry cover through on-chain insurance protocols such as Nexus Mutual or Risk Harbor — check whether coverage is available and what events it covers (smart contract exploits typically yes; oracle failures and governance attacks often no). Understand the limits and exclusions before treating insurance as a safety guarantee.
How long has the platform been operating? Has it survived at least one significant market downturn without halting withdrawals or restructuring? A platform that has operated continuously since before 2022 and navigated the crypto winter without incident has demonstrated something meaningful. A platform launched in a bull market without a stress test has not. This does not mean new platforms are illegitimate, but longevity is evidence of operational resilience.
Can you withdraw your collateral immediately after repaying your loan, or are there lock-up periods, notice requirements, or conditions that could delay access? Review the terms carefully. The Celsius failure partly stemmed from the platform's inability to return assets on demand — customers assumed liquidity that did not exist. Check whether the platform has ever temporarily paused withdrawals, even for technical reasons, and what the stated policy is during market stress.
For DeFi protocols, all loan positions, collateral balances, and liquidation thresholds are visible on-chain in real time. Anyone can verify the total value locked, individual position health, and protocol solvency without trusting a company's statements. For CeFi, look for platforms that publish wallet addresses and encourage independent verification. On-chain verifiability is not a sufficient safety guarantee, but its absence for DeFi should be disqualifying. For a deeper look at comparing these two models side by side, see our analysis of CeFi vs DeFi crypto lending pros and cons.
Decentralized finance protocols operate through audited smart contracts rather than companies. There is no CEO, no custody, and no rehypothecation. Your collateral sits in a contract address visible to anyone. These platforms carry different risks than CeFi — primarily smart contract and oracle risk — but they eliminate counterparty risk in the traditional sense. Below are the three most established DeFi lending protocols as of 2025.
Aave is one of the longest-running DeFi lending protocols, having launched in its original form in 2017 and iterating through three major versions. Aave v3 supports Bitcoin exposure through wrapped Bitcoin (wBTC) and cbBTC on Ethereum, Base, Arbitrum, Polygon, and Optimism. Typical maximum LTVs for wBTC on Aave v3 are in the 70–75% range, with interest rates determined algorithmically by pool utilization. Aave v3 has been audited by multiple firms including Certora, ABDK, and OpenZeppelin. All code is open-source and all positions are on-chain verifiable. Governance is handled by AAVE token holders through on-chain voting. The protocol has been operating continuously since 2020 without a withdrawal pause.
Risk considerations: smart contract exploits remain theoretically possible despite audits; oracle manipulation (Aave uses Chainlink) is a risk; governance decisions can change parameters with minimal notice. The protocol has a significant safety module (staked AAVE) intended to cover shortfalls in extreme scenarios, but this mechanism itself carries complexity risk.
Morpho Blue (launched 2023) takes a minimalist approach to DeFi lending. Rather than one large pool, it allows anyone to create isolated lending markets with specific collateral assets, loan assets, LTV parameters, and oracle choices. This architecture reduces systemic risk — a problem in one market does not affect others — but it places more responsibility on users to select well-configured markets. For Bitcoin borrowers, Morpho markets using wBTC or cbBTC as collateral and USDC or USDT as the loan asset have attracted significant liquidity. Morpho Blue's core code is intentionally minimal to reduce attack surface and was audited prior to launch. For more on Morpho's availability through our aggregator, see the announcement: Morpho is now live on Borrow by Sats Terminal.
Risk considerations: isolated market design means liquidity can be thin in less popular markets; oracle choice varies by market and introduces variable oracle risk; the protocol is younger than Aave and has less battle-tested history.
Compound is one of the original DeFi lending protocols, predating Aave and operating since 2018. Its approach uses a single unified pool model for each asset, with governance handled by COMP token holders. Compound v3 (Comet) redesigned the architecture significantly, creating a single-borrow-asset model per deployment. wBTC has been supported as collateral in various Compound deployments. The protocol has been through multiple market cycles and has an extensive audit history. It has experienced one significant governance incident in 2021 where a bug in a governance proposal resulted in unintended token distribution — the protocol continued operating and the incident was remediated through governance, which is a meaningful test of its resilience.
Risk considerations: Compound has experienced more governance-level incidents than Aave; the transition to v3 meant some liquidity migrated away; and adoption varies by chain. It remains a credible, battle-tested option with full on-chain transparency.
| Protocol | Launched | Custody | Audits | BTC Collateral | Max LTV (approx.) | On-chain verifiable |
|---|---|---|---|---|---|---|
| Aave v3 | 2022 (v3) | Non-custodial smart contract | Certora, OpenZeppelin, ABDK, others | wBTC, cbBTC | 70–75% | Yes |
| Morpho Blue | 2023 | Non-custodial smart contract | Multiple pre-launch audits | wBTC, cbBTC | Varies by market (60–80%) | Yes |
| Compound v3 | 2018 (v1) | Non-custodial smart contract | OpenZeppelin, Trail of Bits, others | wBTC | 65–75% | Yes |
Centralized finance lenders custody your Bitcoin and issue loans as a business operation. They offer some advantages — fixed rates, fiat disbursements, personal support, and potentially simpler onboarding — but they reintroduce counterparty risk. The platforms below have generally maintained operations through market stress and have disclosed more about their practices than the failed platforms, though risk profiles differ significantly. For a deeper comparison of the two approaches, see our full breakdown of DeFi vs CeFi: how to choose the right Bitcoin loan in 2025.
Ledn is a Canadian company focused specifically on Bitcoin-backed lending — it has not tried to be everything to everyone, which is a point in its favor. It offers USD loans backed by BTC and has historically catered to clients who want a clean, single-asset relationship. Ledn has published proof of reserves attestations using the Merkle tree model through Armanino (a US accounting firm) and has made its process more transparent than most CeFi peers. It survived the 2022 bear market without a withdrawal pause. Ledn does lend out a portion of customer assets in its growth accounts (explicitly disclosed), and its standard custody accounts are segregated. The distinction matters: if you use a growth account, your assets can be lent out; if you use a standard account, they are not used for lending. Read the terms carefully to understand which product you are using.
Unchained Capital occupies a distinct niche: it offers Bitcoin-backed loans using a 2-of-3 multisig structure in which the borrower holds one key, Unchained holds one, and a third-party key agent (historically a firm like Kingdom Trust) holds the third. No single party can move your Bitcoin unilaterally. This model addresses the fundamental CeFi custody risk more directly than any other major lender — even if Unchained went bankrupt, the company could not liquidate your collateral without coordination with the third-party key agent. Unchained focuses exclusively on Bitcoin, offers relatively conservative LTVs (historically around 40–50%), and requires KYC. The trade-off is that its loan terms are less competitive on rate and LTV than DeFi alternatives, and US-only operation limits accessibility.
Nexo is a European-based platform that has operated since 2018 and was one of the few centralized lenders to weather the 2022 downturn without a withdrawal pause or bankruptcy. It holds regulatory approvals in several jurisdictions and has published proof of reserves reports through Armanino. Nexo faced a criminal investigation in Bulgaria in late 2022 and early 2023 related to alleged regulatory violations — the investigation was a significant event and potential borrowers should follow its resolution before treating Nexo as fully cleared. The platform has continued operating, but the regulatory cloud is a real risk factor that distinguishes it from purely operationally clean options. Nexo offers a range of loan terms including flexible credit lines against Bitcoin collateral at competitive LTVs.
Coinbase is the largest publicly traded crypto exchange in the United States. It is regulated by US authorities, publishes audited financial statements as a public company, and has a track record stretching back to 2012. Coinbase has offered Bitcoin-backed lending products at various points, though the specific terms and availability of its loan products have changed over the years — check current availability directly. The advantage of Coinbase is its regulatory clarity and institutional-grade compliance program. The trade-off is that it is a custodial platform and your Bitcoin collateral is held by Coinbase during the loan period. Its interest rates tend to be higher than DeFi alternatives for comparable LTVs. For first-time borrowers prioritizing regulatory safety over rate optimization, Coinbase is a reasonable starting point.
Strike is primarily known as a Bitcoin payments platform built on the Lightning Network, and any lending or credit products it offers are more limited in scope than the dedicated lenders above. Strike is US-based and regulated, with a clear focus on Bitcoin-native financial services. If Strike offers a credit product relevant to your needs, it operates within a well-regulated environment, but verify current product availability before including it in your comparison — product lines in this space change frequently.
| Platform | Type | Custody Model | Proof of Reserves | Survived 2022 | KYC Required | Notable Risk Factor |
|---|---|---|---|---|---|---|
| Ledn | CeFi | Segregated custody (standard accounts) | Yes (Armanino, Merkle) | Yes | Yes | Growth accounts involve lending out assets |
| Unchained Capital | CeFi | 2-of-3 multisig | Partial (multisig verifiable) | Yes | Yes | US only; conservative LTV |
| Nexo | CeFi | Custodial | Yes (Armanino) | Yes | Yes | Ongoing regulatory investigation (Bulgaria) |
| Coinbase | CeFi | Custodial (regulated US exchange) | Published as public company | Yes | Yes | Higher rates; product availability varies |
| Strike | CeFi (payments-focused) | Custodial | Not published in detail | Yes | Yes | Limited lending product scope |
After studying the collapsed platforms and evaluating those still standing, a clear pattern of warning signs emerges. Use the following checklist when evaluating any bitcoin lending site. The presence of one item does not automatically disqualify a platform, but multiple red flags together should give you serious pause. For a broader treatment of safety concerns in this space, see our guide on whether crypto lending is safe.
Proof of reserves is one of the most important transparency mechanisms available, but it is frequently misunderstood or misrepresented. Understanding what genuine proof of reserves looks like helps you identify when a platform is giving you substance versus marketing. Our glossary entry on proof of reserves covers the technical definitions; this section focuses on practical verification steps.
A credible proof of reserves report has three components. First, a Merkle tree of all customer balances: every account balance is a leaf in a tree structure, and the root hash of the tree is published. Each customer can verify their own balance is included in the tree without seeing other customers' balances. Second, on-chain evidence: the platform signs a message from wallet addresses visible on the blockchain, proving it controls those addresses and the associated balances. Third, an independent auditor: a recognized accounting firm confirms that the wallet balances at the time of the snapshot match or exceed the total customer balances in the Merkle tree.
Even a valid proof of reserves has limitations. It is a point-in-time snapshot — a platform could borrow assets the day before the snapshot and return them the day after. It does not show liabilities, only assets. A platform could have adequate assets but also have large debts that would consume those assets in a bankruptcy scenario. Some analysts advocate for proof of liabilities alongside proof of assets for a more complete picture. Also, proof of reserves only covers the specific assets included in the attestation — check what scope the audit covers.
Most platforms that use Merkle-based proof of reserves provide a verification tool where you log in and confirm your balance is included. If the platform provides the Merkle root and raw data, you can also verify independently using open-source tools. The key steps: obtain your account balance snapshot, confirm it appears as a leaf in the Merkle tree with the published root, and check the auditor's report that the root corresponds to verified on-chain wallet holdings. If a platform does not provide user-level verification — only a summary PDF from an auditor — the proof is weaker than it appears.
Verify proof of reserves as one input, not the only input. Cross-reference with the custody model, the platform's track record, and the due diligence framework above. A platform with verifiable proof of reserves that also rehypothecates assets, has anonymous founders, and offers guaranteed yields is still a high-risk proposition. Proof of reserves is necessary but not sufficient.
Borrow by Sats Terminal is a Bitcoin-backed lending aggregator that compares offers across both DeFi protocols (Aave v3, Morpho Blue) and CeFi lenders, presenting the most competitive terms in one interface. The question relevant to this guide is: how does Borrow's design address the risk factors described above?
The most important structural difference is that Borrow does not take custody of your Bitcoin. When you deposit Bitcoin as collateral through Borrow, the funds go directly into the underlying lending protocol or are held in your own self-custodial wallet. Borrow cannot move your funds without your explicit approval. This eliminates the platform-level custody risk that brought down Celsius, BlockFi, Voyager, and Cred — because Borrow is not holding your assets, Borrow's own financial health does not determine whether your collateral is safe.
For DeFi routes (Aave v3, Morpho Blue), the collateral sits in audited smart contracts on public blockchains. The positions are on-chain verifiable by anyone. For each protocol it routes through, Borrow surfaces the relevant security information — audit history, on-chain addresses, risk parameters — so you can evaluate them using the framework in this guide rather than taking our word for it.
Borrow also handles the operational complexity that often leads borrowers to cut due-diligence corners. Wrapping Bitcoin into wBTC or cbBTC, bridging across chains, and depositing into the right protocol are all handled automatically. Without this infrastructure, many borrowers would default to whichever platform has the most familiar interface, regardless of its safety profile. The aggregator model means you get competitive terms across multiple vetted protocols without having to manage each separately. You can learn more about how the platform works at our FAQ on whether Borrow is safe to use.
Borrow does not guarantee safety — no platform can. Smart contract risk exists in every DeFi protocol. Oracle risk exists. Market-driven liquidations can happen faster than you expect if you run a high LTV. What Borrow does is remove one of the largest historical risk factors (platform custody) while giving you transparent access to compare options. For a comparison of how aggregator-based borrowing stacks up against direct platform access, see our guide on how to choose the best crypto lending platform for you.
Despite careful due diligence, platform failures can happen. Knowing your options before a failure is more useful than scrambling after the fact.
If a DeFi protocol experiences a smart contract exploit or governance attack, the situation depends on the nature of the failure. If collateral is still accessible but the protocol is frozen (as happened with some smaller protocols), check governance forums for recovery proposals. Many protocols have safety modules or insurance funds — in Aave's case, the safety module (staked AAVE) can be slashed to cover a shortfall, with governance voting on the process. For Morpho, individual market isolation means a problem in one market may not affect others. Monitor official protocol channels (governance forums, official Discord, official Twitter) for accurate information. Never trust recovery information from unofficial channels — social media is full of scammers targeting users of distressed protocols.
If a CeFi lender halts withdrawals or files for bankruptcy, your position as a creditor depends on the legal structure of the bankruptcy and your jurisdiction. Key steps: document your account balance with screenshots immediately (including transaction history); file a claim in the bankruptcy proceeding when the process opens; join the official creditor communication channels (typically a website set up by the bankruptcy administrator); and engage a lawyer if your exposure is significant. Recovery in crypto bankruptcy proceedings has historically been partial and slow — BlockFi customers waited over two years and recovered less than 100 cents on the dollar. This outcome underscores why prevention — the due diligence framework above — is worth more than any recovery process.
If you are using a platform like Unchained Capital with a multi-sig custody structure, your situation in a platform failure is meaningfully different. Your key remains in your control. Work with the third-party key agent to understand the recovery process for releasing collateral. This is one of the core advantages of the multi-sig model — the platform's failure does not automatically mean your Bitcoin is lost.
The most actionable advice is not about recovery — it is about sizing. Do not put more Bitcoin at risk in any single platform than you can afford to lose. Diversifying across multiple protocols reduces the damage from any single failure. Keeping your LTV conservative reduces the risk of forced liquidation during market volatility, which can compound losses during a crisis. Our guide on crypto lending risks every borrower should know covers these risk management strategies in detail.
Common Questions
They carry different risks, not uniformly less risk. DeFi protocols eliminate counterparty risk — there is no company that can mismanage or steal your collateral — but they introduce smart contract risk, oracle manipulation risk, and governance risk. CeFi platforms introduce counterparty, custody, and rehypothecation risks but may offer simpler interfaces, fiat integration, and in some cases fixed rates. Most sophisticated borrowers evaluate both and choose based on their specific risk tolerance, loan size, and requirements. Our comparison of CeFi vs DeFi lending pros and cons walks through the trade-offs systematically.
