BR072: Dark Skippy Attack, Proton Wallet, Mutiny Sunsets, BDK, Nunchuk +MORE ft. Paul, Rob, Rijndael
I’m joined by guests Future Paul, Rob Hamilton & Rijndael to go through the list.
Quote of the Day
“The only exfil limits are your imagination” - addBTC
Housekeeping
00:02:31 Entrepreneurial editor wanted for a new Bitcoin media publication project for technical and industry topics [NVK’s Twitter post]
00:03:11 New COLDCARD website!
00:03:18 COLDCARD Q is now available in the EU [ColdHodl]
00:03:32 Updated Docs at coldcard.com/docs
00:03:46 Call for People to get off their ass and get into Amateur radio if they really care about decentralized comms
00:03:59 New boost email for questions questions@bitcoin.review
Also works as actual email to us
Vulnerability Disclosures
00:04:35 Dark Skippy: a new method for a malicious signing device to leak secret keys [Announcement]
Dark Skippy is a new attack that can exfiltrate secret keys from compromised signing devices using malicious firmware. It utilizes altered signing functions to embed the master secret seed within transaction signatures.
The attack involves using weak, low-entropy nonces derived from parts of the secret seed. By analyzing affected signatures in transactions, attackers can reconstruct the full seed.
00:38:32 “Free Relay” attack taking advantage of the lack of Full-RBF in Bitcoin Core [Bitcoin Development Mailing List Discussion]
Peter Todd discloses Bitcoin Core vulnerability allowing “free” relay attacks by broadcasting uneconomical transactions that Bitcoin Core nodes propagate but miners reject. This exploit highlights Bitcoin Core’s indifference to free relay issues.
00:39:35 Mac Malware posing as popular apps like LedgerLive, Chrome, Safari and Firefox [9to5Mac]
The malware is promoted through legitimate-looking Google ads and phishing emails and can potentially access and drain victims’ cryptocurrency wallets.
00:46:03 Five dollar wrench attacks:
Foreigner abducted and killed in Kyiv for bitcoin [Censor.Net]
Four men in Kyiv abducted and killed a 29-year-old foreigner, stealing nearly UAH 7 million (~$170,000) in bitcoins. They prepared by tracking his address and assaulting him at night.
00:47:09 Thai police arrest five Russians accused of kidnapping a compatriot for a $900,000 cryptocurrency ransom in Pattaya [Bangkok Post]
The victim, held for three days, was released after paying in various digital currencies. The police recover the ransom amount during the arrests.
00:48:27 Accessing deleted and private repository data on GitHub [Truffle Security]
A guide by Truffle Security shows how data from deleted forks, repositories, and private repositories on GitHub can still be accessed indefinitely, intentionally designed that way.
This presents a significant security risk for organizations using GitHub, leading to the introduction of the term “Cross Fork Object Reference (CFOR).”
A CFOR vulnerability occurs when data from one repository fork, including private or deleted ones, can be accessed by another fork using commit hashes, similar to Insecure Direct Object References.
00:49:44 Telegram zero-day exploit allows malicious APKs to be sent as videos [Bleeping Computer]
This exploit only affected Telegram’s Android version and has since been patched.
00:51:27 Data breach at bank linked to Coinbase exposes customer data [Atlas21]
A security breach on July 11 at a bank associated with Coinbase exposed the personal data of 154 customers. Exposed data includes customer names, bank account numbers, and routing numbers.
00:53:08 Fractal ID, a web3 identity solution provider, suffers a data breach, affecting 0.5% of its users [Post mortem]
An external party gained unauthorized access and retrieved personal data, including names, emails, and phone numbers.
00:53:23 Indian crypto exchange WazirX confirms a security breach resulting in $230 million loss [TechCrunch]
WazirX’s statement points out attacker likely exploited a discrepancy between data on the interface and the actual transaction. The payload is suspected to have been altered to grant the attacker wallet control.
The stolen assets represent 45% of WazirX’s holdings. The platform has decided to temporarily halts all withdrawals until further notice.
00:56:07 Exchange dYdX website hacked in DNS hijack attack [Bleeping Computer]
The attack involves altering DNS records to reroute dYdX’s domain, redirecting users to a fraudulent site.
Bitcoin
Software Releases & Project Updates
00:57:18 secp256k1 v0.5.1
Added: Add usage example for an ElligatorSwift key exchange
Changed:
The default size of the precomputed table for signing was changed from 22 KiB to 86 KiB. The size can be changed with the configure option
--ecmult-gen-kb(SECP256K1_ECMULT_GEN_KBfor CMake)“auto” is no longer an accepted value for the
--with-ecmult-windowand--with-ecmult-gen-kbconfigure options (this also applies toSECP256K1_ECMULT_WINDOW_SIZEandSECP256K1_ECMULT_GEN_KBin CMake). To achieve the same configuration as previously provided by the “auto” value, omit setting the configure option explicitly
Fixed: Fix compilation when the extrakeys module is disabled
00:58:25 BDK v1.0.0-beta.1
Allow user provided RNG, make rand an optional dependency
Use
Psbt::sighash_ecdsafor computing sighashesUse
Weighttype instead ofusizeRemove usage of
blockdata::from bitcoin pathsCalculate
DescriptorIdas the sha256 hash of spk at index 0Change
tx_last_seentoOption<u64>Add support for custom sorting and deprecate BIP69
Update
bdk_electrumto use merkle proofs
1:04:51 Nunchuk
Desktop v1.9.36
Support for automated wallet rollover
Key replacement for unassisted wallets
Android v1.9.48
Automated wallet rollover
Portal device integration
Automated Wallet Rollover feature [Announcement]
Independent rollover feature:
Transfer between any wallet types (single-sig to multi-sig, vice versa, or between different multi-sig configurations).
Preserve coin segregation strategy during transfers.
Enhance privacy further through randomized broadcast of the rollover transactions.
Advanced coin control during rollover:
Preservation of existing tags and collections, maintaining the separation of coins based on origin, purpose, or other criteria.
Enhanced privacy by preserving your original coin management strategy.
1:06:02 Libwally-core v1.3.0
Add support for fetching the CSV block count for Green CSV scripts
Add support for finalizing Green CSV inputs
PSBT: Do not serialize witness data for input non-witness UTXOs, in order to match the current behavior of Bitcoin core.
1:07:18 Bitcoin Keeper
v1.2.12 - Cloud backup auto triggered with any vault changes
Custom fees now enabled for auto-transfer - Assisted Keys can now be hidden
Signing device history screen now shows more information
Introducing companion Keeper Desktop app
Now you can also connect with Trezor for your multi-key setups
Inheritance Planning Documents updated
Use file transfer for all signers, useful for devices not supporting NFC or QR scanning
1:07:48 Boltz Exchange
web-app v1.4.1
Show cooperative refund error on broadcast fail
Add reckless mode
Add warning to download filenames
boltz-backend v3.7.2 - Stability is boring
Add features for API clients:
Overpayment protection which means swaps that send too much onchain will be failed
Custom descriptions for invoices created for Reverse Swaps
Sanity check invoice memos
Custom reverse swap invoice description
gRPC server SSL encryption and authentication
Allow lowball lockup transactions in API
Onchain overpayment protection
S3 compatible backup provider
ListSwaps gRPC method
1:08:02 Blockstream Green
1:08:26 Bitkey v2024.63.0
Feature callouts: Badges now appear to note new features
Improved price comparisons: See more detailed price comparisons across exchanges when buying bitcoin in the app
1:09:51 Padawan Wallet v0.13.0 - Swift Speeder
Now use Signet instead of Testnet3
Translation to portuguese
Improve screen for tutorials
1:11:14 ESP-miner v2.1.9
Add Overheat_mode
Add Multi-chip support without the need of nvs
Small optimization and code refactor:
Add quick link to stats when mining on CKPool
Add Recovery Page
Project spotlight
1:12:04 ProtonPrivacy launches ProtonWallet, an open-source, E2E-encrypted, and self-custodial Bitcoin wallet [Github]
Proton Wallet’s Bitcoin via Email feature uses PGP-signed addresses, aims to reduce error risk by verifying emails instead of 26-character Bitcoin addresses.
Users in over 150 countries can buy Bitcoin easily through Proton Wallet using credit cards or bank transfers.
Each bitcoin via email transaction uses a different address, in order to protect user privacy and to make transaction linkage difficult.
Bitcoin Safe: Long-term Bitcoin savings made Easy
Easy Multisig-Wallet Setup
Step-by-Step instructions with a PDF backup sheet
test signing with all hardware signer
Simpler address labels by using categories (e.g. “KYC”, “Non-KYC”, “Work”, “Friends”, …)
Automatic coin selection within categories
Sending for non-technical users
1-click fee selection
Automatic merging of small utxos when fees are low
Collaborative:
Wallet chat and sharing of PSBTs (via nostr)
Label synchronization between trusted devices (via nostr)
Multi-Language
Fast:
Electrum server connectivity
planned upgrade to Compact Block Filters for the Bitcoin Safe 2.0 release
Secure: No seed generation or storage (on mainnet).
A hardware signer/signing device for safe seed storage is needed (storing seeds on a computer is reckless)
Powered by BDK
1:20:56 lastseed: CLI tool to calculate last seed words and entropies [Github]
“Display the possible last seed words from 11, 14, 17, 20 or 23 words. Entropy is also displayed and can be pasted into Ian Coleman bip39 or similar tools.”
1:21:17 Dictionnaire de Bitcoin: Comprehensive guide to Bitcoin terminology [Github]
Loïc Morel authors a comprehensive dictionary of Bitcoin technical terms, available for free digitally on GitHub and for purchase in print from late 2024.
1:21:24 Octojoin: Payjoin with no interaction between sender and recipient [Announcement]
It uses multiple inputs, some swapped off-chain, making it hard for analysts to link all inputs to a single user.
Users need to label UTXOs as “octojoin,” use silent payment addresses, and create transactions with multiple outputs to enhance privacy.
1:21:35 Argon BWG: Border wallet generator [Live demo]
1:21:41 BitForge Nano: innovative, open-source Bitcoin miner designed for home use [Geyser page]
“Utilizing 2 of the BM1368 ASIC chip, BitForgeNano aims to deliver over 1 TH/s of mining power.”
1:21:51 Bitaxe Satellite: About Research and Development into an integrated system that will allow a Bitaxe BTC Miner to communicate via satellite with Public Pool [Github]
Bitaxe Satellite is an open-source project on GitHub designed to facilitate Bitcoin mining through satellite communication.
1:23:50 PyBLOCK: New solo mining pool
PyBLOCK is a not-for-profit project charging a 0.4% fee and does not require registration/KYC.
1:24:15 Roxom: Bitcoin denominated markets for stocks, ETFs, commodities and more
View all global asset in Bitcoin terms, along with direct trading with bitcoin coming soon.
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
1:24:54 reticulum-meshchat
Add new notification for incoming calls
Add a red indicator to show if a conversation has messages that failed to send
Add buttons to quickly open folder containing Reticulum config file and MeshChat database file
Add button to app version section to quickly go to MeshChat releases
Add dismissible section to interfaces tab with suggested community servers
Add new settings UI
Add setting to allow auto resending failed messages when the intended destination announces
Add setting to prevent auto resending failed messages if they have attachments
Add support for viewing and managing
TCPServerInterfaceAdd support for viewing and managing
UDPInterfaceImprove some UI for mobile sized screens
Sending a message will now attempt to find a path for unknown destinations instead of immediately failing
1:25:28 M17-Project Module_17 Rev1.0
Complete board redesign intended for use in an Hammond aluminum extruded case
New user interface board for the enclosure, with capacitive touch buttons and larger screen
Redesigned AF audio amplifier
Added OHIS
Added the option to use either digital or analog potentiometers to improve parts availability
License updated from TAPR to CERN-OHL-W-V2
Project spotlight
1:28:36 El Tor: Incentivized high bandwidth Tor network using the Lightning Network
The system incentivizes Tor relays with LN payments, improving decentralization and security. Users earn sats by running entry guards, middle relays, or exit relays.
El Tor uses Bolt12 offers for payments, with clients paying relays out of band and verifying payment proofs before building circuits. This ensures each relay is compensated.
Lightning + L2+
Software Releases & Project Updates
1:30:33 Mutiny Wallet is shutting down [Blog post]
“Our company is exploring alternative products, we’ll be shutting down the wallet at the end of the year but you can still self host.”
Project spotlight
1:44:15 Fedi: “The World’s First Community Superapp”
Fedi, Inc., a U.S. based developer of community-empowering financial and data technology, launched the first full commercial release of the Fedi App at a virtual event on August 6th, at 10am ET, live-streamed at fedi.xyz.
1:44:32 Alby Hub: one-click install node that lets you connect to Bitcoin apps with Nostr Wallet Connect [Github]
Own Lightning Node
Open-Source
Instant install, easy access
Simple channel management
NWC connectivity to various apps
Card top-ups
1:45:13 Nutlife.lol: Counts and display all the NutZaps sent recently, equivalent to Zaplife.lol, by @Pablof7z
Software Releases & Project Updates (cont.)
1:45:55 Phoenix
Android/iOS
Phoenixd
1:49:48 taproot-assets
Mainnet release of Taproot Assets on Lightning [Blog post]
“With Taproot Assets, users can make instant, low fee asset transfers, bringing trillions of stablecoin volume to Bitcoin.”
Add asset group burn itest, logging, and missing error handling
Add means to specify sqlite db file path for tapd test harness and db unit tests
Add enhanced prometheus metrics for tapd
Increase group witness test coverage
Improve coin selection unit tests
Add asset sell support to the RFQ service
Add RFQ buy offer
Add lll linter to golangci-lint configuration
Use new
WalletKit.FundPsbtcoin selection option
Zeus v0.8.5
c-lightning-REST: BOLT 12 offers and Twelve.cash BIP-353 lightning addresses
Embedded Node: LND v0.18.0-beta
Embedded Node: 5x Neutrino peer ping tolerance
Breez SDK v0.5.1-rc4
Support notifications to complete reverse swap when offline
Switching LSP now keeps getting payment notifications from the previous lsp (as long as there are channels)
Support non strict mode for LNURL pay when callback domain is different than the lnurl domain
Use JSON for dev command output
Alby lightning-browser-extension v3.9.0 - Sagittarius Star Cloud
Handle longer descriptions + buttons always visible in viewport
Extend kind list, kind types, kind translations
Show lnaddress only when oauth account settings are accessed
Add custom records to NWC connector
Use new nwc client from sdk
Polar v3.0.0
Shutdown Docker Containers when Closing Polar GUI
Real-time updates of channel status changes
Remember node counts when creating new networks
Add custom base port for nodes
Add ability to minimize, maximize and quit polar from system tray
Add ability to rename nodes
Fedimint v0.4.0 - Rotation Station
Changing peer’s DNS names is now possible
On chain deposits are now considered “expert-only”
On chain deposit charge fees by default to counter dust attacks
Wallet client module implements backup and recovery
Wallet client module is robust w.r.t deposit address reuse and rbf transactions
Client reconnection backoff was improved
RBF withdrawal functionality was removed
It’s possible to finish DKG (setting up Federation) using only the fedimint-cli tool
CLBOSS v0.13.2 - Bwahaha’s Dominion
Add signet support
Update the seeds list
Add module diagrams for channel creation, offchain to onchain swaps, and channel balancing
Improve listpeers handling diagnostics
Improve Initialization of OnchainFeeMonitor with Conservative Synthetic History
Aqua Wallet v0.2.0
Liquid Network transaction fees are now ~40 sats (3 cents)
AQUA now supports native Tether USDt transactions, meaning you can pay Liquid Network fees with USDt. L-BTC is no longer required
Add Taproot swaps for cooperative, instant refunds on failed Lightning sends (many thanks to Bull Bitcoin and Boltz for their work on this library)
Add more fiat currency display options
Add RBF (Replace-by-fee) for Bitcoin sends
Add Internal Send flow as another swap option in addition to the standard Swap interface
Add Direct Peg-In option for Layer 2 Bitcoin, which can be turned on in Advanced Settings - this allows for Liquid peg-ins from external wallets
Add SideSwap, SideShift, and Boltz swaps to a local database, which is shown on the transaction details screen
Nostr
Project spotlight
Nutsack: A NIP-60/61 nostr client by @pablof7z [Github]
Key features:
unified balance across your apps
pocket-change that follows you around
new users are immediately zappable
verifiable nutzaps
faster zaps and zaps that can’t go missing
Trust minimized NsecBunker with Frost [Demo]
The NsecBunker demo uses FROST signatures, establishing a 2-of-2 frost signature scheme. This ensures safety unless both a rogue client and bunker simultaneously conspire against the user.
Oblisk Sync: Nostr-based browser extension for tabs management [Github]
Oblisk Sync lets users save browser tabs into sessions, stored as encrypted Nostr events using private keys.
The extension also functions as a Nostr signer and works on Chromium browsers and Edge.
Osty: Framework for building Nostr web applications [Github]
“Free and open-source framework for building web apps on the Nostr protocol. Think of it as a Next.js but for Nostr.”
“It comes with all the essential tools and best practices you need to start building fully customized web apps on Nostr, including UI components, Nostr Widgets, NDK integration, caching, routing, state management, and more.”
nostr-filter-relay: A Nostr relay docker image package which filter content based on content type (SFW/NSFW), user type, language, hate speech (toxic comment), sentiment, topic, and various rules. [Github]
StatechainJS: A vanilla javascript implementation of a statechain client and an operator [Github]
StatechainJS allows users to pass around the private key to a Bitcoin UTXO instead of creating transactions.
A partially trusted operator holds a second key to the UTXO, ensuring no double-spending occurs by only interacting with the latest holder of the private key.
The latest holder is able to withdraw their funds even if the operator shuts down, thanks to “decrementing timelocks,” which provide a fail-safe mechanism.
Cryptographic keys are used to prove who the latest holder is. (StatechainJS uses nostr.)
Askeladd: Censorship-resistant global proving network, powered by Nostr and Stwo Circle STARK prover. [Github]
Askeladd is an open-source reinforcement learning framework designed to simplify the development and deployment of RL agents
Captain’s log: A desktop note-taking app for nostr [Github]
Nostrmo: A flutter nostr client for Android, IOS, MacOS, Windows, Web and Linux [Github]
Unify Wallet: A Fully Noded style Payjoin wallet powered by Nostr [Github]
DVMDash: Monitoring and debugging tool for AI activity on Nostr [Github]
DVMDash serves as a tool for monitoring and debugging DVM activity on Nostr.
“Data Vending Machines (nip-90) offload computationally expensive tasks from relays and clients in a decentralized, free-market manner”
Software Releases & Project Updates
NDK v2.10
Optimistic Signature verification: NDK introduces signature verification sampling. - Nostr Cache Adapter: ndk-cache-nostr is a cache adapter that connects to a single local relay.
Refactored Zapping interface: This new interface abstracts away the funding mechanism (NWC, WebLN, built-in-wallet) and the delivery mechanism (LN, ecash, Rai stones)
Major subscription Lifecycle refactor: The core of how NDK works was completely refactored from the ground-up, removing a lot of dependencies from nostr-tools, and bringing a lot of clarity to how NDK orchestrates subscriptions at the relay level.
Tutorials and other stuff: high-level documentation
Rust Nostr v0.33.0
Better outputs for send/batch/reconcile methods
Allow to change NIP-42 option after client initialization
Increase max stack size for JS bindings to prevent “memory access out of bounds” error
Expose more objects/methods for JS bindings
Dry run option for negentropy reconciliation
Get NIP-46 relay from NIP-05 profile
Nutshell v0.16.0
New binary token format
Offline wallet and improved coin selection
Now supports fees for Ecash transactions
Add WebSocket subscriptions
Add support for Multinut payments
Prepare Nutshell for parallel deployments in a Kubernetes cluster
Add support for EUR
Add support for CLN Rest
Amethyst
Add delete all drafts button
Enable crossfading between image states
Sign for just one auth event to register with the push notification service instead of the dozens of events, one per relay
Add the highlight quote to the base URL of a highlight event so that when the user opens the link, it highlights on the page
Add tests for 02 and 03 compressed keys to make sure they can encrypt and decrypt from and to each other
Add the mint information to each cashu preview
Render Base64 images and gifs
Add NIP-96 image server settings
Add Profile Gallery
Add outbox cache in order to resend events after relay authentication
Force-updates relays that are sending old versions of replaceables or events that have been already deleted
Add follow-list based relay recommendations to the relay settings
Add Malware Report type
Voyage
Edit mute word list
Hide posts and replies with muted words
Show why a profile is semi-trusted
Optionally send bookmarked posts to local relay
Optionally send upvoted posts to local relay
Change event content of upvote
Automatically connect to local relay (localhost:4869, Citrine default) if installed
Export your posts and bookmarks. Exported file can be imported to Citrine
Change local relay port
Show list description and IDs
Delete all posts from database
Show mentions in inbox view
Mute profiles and topics
Show mute list
Don’t show muted profiles and topics in feeds
Add topic to list from topic view
Oxchat v1.3.0
You can now choose to post text, images, or videos in the same input box for moments
Add the ability to set permissions in bulk for group chats
Add default zap message settings
Add a prompt to claim eCash from npub.cash in the settings-zaps
Add a yellow exclamation mark notification for regular kind4 private messages
The send button in the chat input box stays at the bottom when typing, no longer moving up
Long chat messages can be expanded to show the full text by clicking on them
Add liked & zapped filters for the moment feeds
Gossip v0.11
Secure direct messaging: NIP-17 DMs (with NIP-44 encryption and NIP-59 Giftwrap) is fully supported, usable only if both parties have published their DM relays in a kind 10050 event
Load more: now loads a fixed count of events, instead of a time period
Annotations: You may now annotate your messages.
Support for wgpu renderer, and new command to set renderer: wgpu_renderer
Option to render feed in reverse (with newest at the bottom)
Improve local storage performance
nos.social
Remove stories UI to improve performance
Report error to Sentry when parse queue contains over 1000 events
Add a filter button to the Home tab that lets you browse all notes on a specific relay
Improve the search experience with fast local searches
Add support for paid/authenticated relays (NIP-42)
Add impersonation flag category and better NIP-56 mapping
Add a Tap to Refresh button in empty profiles
Support
nostr:naddrlinks to text and long-form content notes
Nostrmo v2.9.0
NIP-29 Group support
Add NIP-07 at web version
Optimize the performance of other signers
Content base64 image decode support
nostr-filter-relay v0.3.0
This release bring new major features, modules updates, several code improvements, security fix, better documentation, and mark the completion step of nostr-filter-relay as follows:
Sentiment analysis filtering
Topic classification filtering
Language filter
NSFW/SFW image content filter
User type filtering (Nostr native user/non bridged user, activitypub/mostr bridged user)
Toxic comment filter
Nostr-zap v1.0.0
Add shadowdom, add data-button-color and data-anon, reset dialog cache on param change
Boosts
1:28:53 Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @seedor (21,000 sats) “Only since Satoshi found digital gold, any real liberty can exist! Few. 😜”
@ez21 (10,000 sats) “Zzzzzzzz…💬”
@vake (10,000 sats) “Keep it up 🙏”
@apemithrandir (7,777 sats) “I hear Mr Raw, I must boost.”
@garykrause_ (5,000 sats) “whiskey company sponsoring a sleep aid. donly fund the competition.”
@dubravko (2,140 sats) “I’m so excited to tell NVK that there is a Raspberry Pi based module that connects to the Flipper Zero to make gaming possible!”
@bencoin (2,100 sats) “great podcast”
@cantillionaire (1,000 sats) “drink everytime NVK brings up raspberry pi”
@plebhodl (1,000 sats) “Always worth listening too. Although after, normie’s seem even stupider… not sure they are going to cope with what is coming.. Thanks NVK and all.”
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
Disclosure of vulnerabilities affecting Bitcoin Core versions before 0.21.0: Niklas Gögge posted to the Bitcoin-Dev mailing list, linking to announcements of two vulnerabilities affecting outdated versions of Bitcoin Core. These versions have been past their end of life since at least October 2022. This disclosure follows a previous announcement of older vulnerabilities reported in an earlier newsletter.
Remote crash by sending excessive addr messages
Remote crash on local network when UPnP enabled
Optimizing block building with cluster mempool: Pieter Wuille posted on Delving Bitcoin the challenge of optimizing miner block templates with cluster mempool.
Hyperion network event simulator for the Bitcoin P2P network: Sergi Delgado posted on Delving Bitcoin about Hyperion, a network simulator he has developed. The simulator tracks data propagation through a simulated Bitcoin network.
Varied discussion of free relay and fee bumping upgrades: Peter Todd posted to the Bitcoin-Dev mailing list a summary of a free relay attack that he previously responsibly disclosed to Bitcoin Core developers. Some of the topics discussed included:
Free relay attacks
Free relay and replace-by-feerate
TRUC utility
Path to cluster mempool
Distributed key generation protocol for FROST: Tim Ruffing and Jonas Nick introduced a BIP draft on the Bitcoin-Dev mailing list. The draft includes a reference implementation of ChillDKG, a protocol designed to generate secure keys. These keys are intended for use with FROST-style scriptless threshold signatures, which are compatible with Bitcoin’s schnorr signatures.
Introduction to cluster linearization: Pieter Wuille posted a comprehensive overview of cluster linearization on Delving Bitcoin. The overview covers the fundamental concepts of cluster mempool and progresses to specific implementation algorithms.
News & Noteworthy
Bitcoin
University of Wyoming launches Bitcoin Research Institute [Press release]
The University establishes the first academic institute dedicated to bitcoin research, aims to produce peer-reviewed publications about bitcoin from all academic disciplines. The institute plans to address fundamental questions about money and digital currency. [Website]
Seed Tool App: Ledger now offers an alternative to its Ledger Recover service [Blog post]
The app utilize the SSKR (Sharded Secret Key Reconstruction) library, and creates Shamir’s Secret Shares to store BIP39 seed phrases.
Currently compatible with Nano devices, Ledger plans to expand to Stax devices and incorporate BIP85 functionality for generating passwords and managing multiple seeds.
Casa introduces the ability to secure bitcoin keys with a YubiKey [Blog post]
This development aims to increase security by generating and storing seed phrases directly on the YubiKey, protected by passkeys.
Voltage introduces developer-friendly Bitcoin Core solution for efficient node deployment and management [Blog post]
Features include direct blockchain and mempool access for detailed insights, independent fee estimation, transaction broadcasting, and seamless application integration.
Nostr
First demo of Nostr Web Services (NWS) bringing TCP to Nostr [Calle’s announcement]
NWS enables hosting web applications on Nostr without DNS or public IPs, using npub/nprofile.
The demo shows a Cashu mint running with NWS, using HTTPS encryption to secure traffic, ensuring entry relays can’t read it.
Business & Finance
Ledger announces Ledger Flex as its latest hardware wallet [Announcement]
Swan announces the termination of its Managed Mining business, are delaying their initial plans to IPO and cuts staff across many functions. [Announcement]
Portal maker TwentyTwo Devices partners with Nunchuk “to provide a world-class single-sig and multi-sig wallet app for our customers” [Announcement]
Fold Inc. to go public via a merger with a special purpose acquisition company (SPAC), as the first pureplay financial services company powered by Bitcoin [Press release]
Bitcoin miner producer Canaan Inc. to gradually release open-source firmware after recent vulnerability disclosure affecting the Avalon Nano 3. [Press release]
Riot Platforms acquires Block Mining for $92.5 million, adding 60 MW operational capacity and expands Riot’s total potential power capacity to 2 gigawatts. [Press release]
Satimoto, a privacy-friendly electric vehicle charging app utilizing the Lightning Network, will be shutting down from September 1st 2024. [Announcement]
Xapo introduces Bitcoin banking in the UK with new crypto-fiat product [Finance Magnates]
Unchained introduces a new feature named Connections, designed to facilitate easier interactions among users [Blog post]
“A new feature for Unchained vaults that allows you to secure your bitcoin with your closest friends and family, and let them secure bitcoin with you.”
Tradfi
Robinhood suspends trading amid global market turmoil [Investing.com]
The company cites the need to manage risk and comply with financial regulations as reasons for the suspension.
This service allows users to manage both Bitcoin and traditional currencies in one account.
Funding
OpenSats announces:
Sixth Wave of Bitcoin grants for 7 additional projects: [Blog post]
Peer Storage Backups for Lightning Channels
secp256k1.swift
Blitz Wallet
NLightning
eNuts
Gonuts
Bitcoin Fees
Fifth Wave of Nostr grants: [Blog post]
nosvelte
npub.cash
nostter
nostr-filter-relay
Mostro
Citrine
DVMDash
nostr-php
Shopstr
Nostrmo
Captain’s Log
Foundry Digital launches the “Foundry Donate” initiative in order to support the open source Bitcoin community [Press release]
The initiative allows Bitcoin miners in the Foundry USA Pool to donate portions of their mined Bitcoin to vetted non-profit organizations supporting core Bitcoin developers
Ark to donate a fixed percentage of its revenue to open source contributors through OpenSats, the Human Rights Foundation and Brink [OpenSats’ Twitter post]
Brink reveals @thesimplekid as its newest grantee.
His work will focus on Cashu Dev Kit, another FOSS protocol for ecash that’s designed to increase privacy, security, and scalability. [Announcement]
Brink welcomes Marco De Leon as latest Brink fellow [Announcement]
“For the next year, Marco will contribute to Bitcoin Core’s fuzz testing initiatives, in addition to general Bitcoin Core testing and review.”
Maelstrom Fund: New Bitcoin developer grant program [Blog post]
Applications for the grant program must be submitted by August 25, 2024.
Mining
First bitaxe-mined block: A miner successfully finds the 290th solo block on solo ckpool with just 3 TH of hashrate. [Twitter post]
Records indicate that the miner began solo mining to this address 19 days ago and increased their hashrate to 3 TH within the last 24 hours.
It is possible, yet unlikely, that they were mining with additional hashrate on a different address. [Block #853742]
WhatsMiner announces latest miner, the M60S+, with a hashrate of up to 210 TH/s, and a power efficiency of 17 J/T. [Announcement]
Cathedra Bitcoin Inc. completes its business combination with Kungsleden Inc., creating an entity managing 95 MW of power capacity and 4.8 EH/s of hashrate. [Press release]
Privacy
Tor: anounces Vanguards support in Arti [Blog post]
Vanguards act as an intermediary between users and the Tor network, making it harder for adversaries to track and target users by obfuscating traffic patterns.
This feature aims to strengthen user anonymity by rotating circuits more frequently, mitigating risks associated with long-lived connections.
Government & Political
Russia legalizes Bitcoin and other cryptocurrencies for international trade to bypass Western sanctions [Bitcoin Magazine]
Domestic cryptocurrency payments remain banned, focusing solely on international trade to facilitate imports and exports.
U.S. Senator Lummis introduces strategic Bitcoin reserve legislation [Press release]
The legislation mandates the U.S. Treasury to create secure Bitcoin vaults and purchase 1 million Bitcoin units, equivalent to 5% of the total supply
European Commission investigates the idea of an EU Asset Registry [Brussels Report]
Events
Bitcoin Oasis announces its 2nd edition
October 3-4, 2024 in Abu Dhabi, United Arab Emirates.
Swan announces the cancellation of the Pacific Bitcoin conference 2024 edition.
Reads
Here’s a list of our top recently published reads:
Understanding Bitcoin Adoption in the United States: Politics, Demographics, & Sentiment by The Nakamoto Project [Report]
The Power of Nostr: Decentralized Social Media and More by Lyn Alden [Article]
Taproot Assets on Lightning: The Global Financial Interoperability Layer by Ryan Gentry [Lightning Labs]
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)