Bitcoin Review Podcast BR075 - Bitcoin Core, COLDCARD, BitKit, RAMBO Attack, Chinese Hardware Backdoors, Nostr Censorship?! + MORE ft. Future Paul & Rijndael
I’m joined by guests Future Paul & Rijndael to go through the list.
Housekeeping
00:03:17 Coinkite launches a dedicated partners page with a focus on education and custody options. [Announcement]
New Coldcard Mobile Multisig Tutorial: how to setup a multisig wallet on two Coldcard Q’s and a Tapsigner using Nunchuk [Demonstration]
Vulnerability Disclosures
00:18:54 The RAMBO Attack: Exploiting air-gapped systems [Cyber Security News]
Researchers demonstrate the RAMBO attack, which exploits electromagnetic emissions from RAM to exfiltrate data from air-gapped systems. It uses malware to manipulate RAM, generating radio signals that encode sensitive information.
The attack employs Manchester encoding for data transmission, ensuring synchronization and error detection. It uses the MOVNTI instruction to maintain RAM bus activity, with a preamble sequence for synchronization.
00:27:50 YubiKeys vulnerable to sophisticated cloning attacks via side-channel exploits [ArsTechnica]
NinjaLab researchers reveal a vulnerability in YubiKey 5 Series security keys, caused by timing differences in the Infineon cryptographic library. Attackers with physical access and specialized equipment can exploit electromagnetic leakages to clone FIDO authentication keys.
Two-factor authentication and one-time passwords remain unaffected as they do not rely on the vulnerable ECDSA function. [Yubico Security Advisory YSA-2024-03]
00:29:05 SpyAgent: New Android malware targets crypto wallets through image recognition [McAfee Labs]
McAfee’s Mobile Research Team uncovers new Android malware targeting mnemonic keys by scanning device images. The malware disguises itself as trustworthy apps and steals text messages, contacts, and stored images.
SpyAgent is distributed mainly through phishing campaigns, tricking users into downloading malicious apps. It uses advanced techniques like OCR to extract text from images, aiming to steal cryptocurrency wallet recovery phrases.
00:30:16 Hardware backdoors detected in Chinese key cards allowing potential attackers to bypass authentication [Risky Biz]
The discovery highlights the vulnerability of these commonly used access control systems in sensitive industries and has prompted increased scrutiny over Chinese hardware and renewed debates on supply chain security in critical infrastructure sectors.
00:34:41 sedexp: stealthy Linux malware exploiting udev rules [Aon]
Active since 2022, it provides attackers with reverse shell capabilities while remaining undetected in online sandboxes. It manipulates memory to conceal its presence, leveraging udev rules to execute actions upon device events.
USP: Go program establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script)
Five dollar wrench attacks: Founder of cryptocurrency research platform forced by attackers, at gunpoint, to log into several crypto accounts and transfer funds [Victim’s Twitter post]
During the attack, the victim, his wife and son were threatened. The stolen funds included personal assets, company’s working capital, and funds.
Bitcoin
Software Releases & Project Updates
00:36:53 Bitcoin Core v28.0rc1 [Testing Guide]
Testnet4/BIP94 support: Support for Testnet4 as specified in BIP94 has been added
P2P and network changes:
Bitcoin Core will now fail to start up if any of its P2P binds fail
UNIX domain sockets can now be used for proxy connections
Additional flags “in” and “out” have been added to -whitelist to control whether permissions apply to incoming connections and/or manual
Transactions that are too low feerate will be opportunistically paired with their child transactions and submitted as a package
Mempool Policy Changes:
Transactions with version number set to 3 are now treated as standard on all networks
Pay To Anchor(P2A) is a new standard witness output type for spending, a newly recognised output template
Limited package RBF is now enabled
Updated RPCs:
Using
sendrawtransactionrpc, update help text from “Transaction already in block chain” to “Transaction outputs already in utxo set”The default mode for the
estimatesmartfeeRPC has been updated fromconservativetoeconomicalAn item of unspents, of
scantxoutset, has two new fields:blockhashandconfirmations
Updated REST APIs: Parameter validation for
/rest/getutxoshas been improved by rejecting truncated or overly large txids and malformed outpoint indices by raising an HTTP_BAD_REQUEST “Parse error”Updated settings:
When running with
-alertnotify, an alert can now be raised multiple times instead of just oncemempoolfullrbf=1is now set by default
Wallet: The wallet now detects when wallet transactions conflict with the mempool
00:41:58 COLDCARD release (coming Thursday)
Seed XOR:
XOR from Seed Vault (select other parts of the XOR from seeds in the vault). Restore geographically distributed SeedXOR without physically bringing the parts together.
[Q ONLY] Seeds can be scanned from SeedQR instead of typing them by hand.
Multisig:
OPT-IN multi(…) support. Needs to be enabled. Not recommended, BIP-67 is the standard
JSON wrapped imports to provide custom name instead of the filename. Most useful for USB and NFC imports which have no filename.
Descriptor checksum is no longer required upon import
[Q only] Create Airgapped (aka using CC as multisig coordinator) now works with BBQRs.
QR file Share:
Same as NFC file share, allows user to share any file from SD card via QR/BBQr.
Optimizations and speed:
libsecp256k1 bumped to latest 0.5.0 (point multiplication algorithm speed up, etc)
improvements in our signature grinding algo
updated libsecp plus our optimizations yield 30% improvement in signing speed over previous version (15% in overall signing speed as signing is not the only part of it (validation, change checks, etc.))
Security:
Improve side-channel protection: libsecp256k1 context randomization now happens before each signing session and more
00:48:06 Utreexod v0.4.0
wire, main, indexers: remove unconfirmed marker
indexers: only include positions that were found
Remove heap allocations when flushing the nodes or cached leaves
Make bridge nodes recoverable
00:48:44 BlueWallet v7.0.3
Add: Camera flip image
Add: Hide balance and Delete wallet from Manage screen
00:49:02 Nunchuk Android v1.9.50
New and improved Coin Collection settings
Refactored sign-in flow
00:49:16 Bitkey App v2024.68.0
Bitcoin Price: You can view the current bitcoin price and historical performance in the app.
Firmware Updates: Updates now include a link to view the firmware release notes.
00:49:32 Bullbitcoin-mobile v0.3.0 - Chain Swaps!
Move funds between Instant & Secure wallet
Send / Receive across Bitcoin/Liquid Network
00:51:49 SwissBitcoinPay v2.1.2
Add better support for underpaid onchain payments
00:51:56 BoltzExchange client
Project spotlight
1:07:26 Bitcoin Good First Issues: explore vetted FOSS projects and find your way in bitcoin open source
The new product collects beginner-friendly issues labeled Bug, Help Wanted, and Good First Issues from vetted Free Open Source Software Bitcoin projects. It aims to simplify contributing to Bitcoin FOSS.
1:09:22 StashPay: a Bitcoin wallet for freelancers and digital nomads [Announcement]
A TestFlight release for iOS is available for early testers
1:09:30 LiveWallet: An application to help estimate the effect of bitcoin transaction fees on invididual utxos and transactions containing multiple utxos. [Github]
Estimate UTXO fee burden at any fee rate
Estimate fee burden of a multi UTXO transaction
Estimate USD cost of a transaction at any USD/BTC price and fee rate
1:09:42 dlc dev kit: Application tooling for dlc contracts [Github]
“Application development kit incorporating both rust-dlc and bdk. It provides robust libraries for transport, data storage, and oracle clients, enabling seamless integration for application development.”
powcoins: Tool to obtain coins sent to PoW-faucet addresses on the Bitcoin signet network [Github]
1:09:50 Orqestra: lets businesses automatically convert portions of their sales to bitcoin
“Orqestra allows businesses to automatically convert a portion of their cash flow into bitcoin. You can transfer the bitcoin to an external wallet or convert back your funds to USD at any time.”
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
1:11:19 SimpleX v6.0.4
Reduce traffic and battery usage on unstable networks
Desktop: only offer the next versions for update, based on SerVer ordering
UI fixes
1:12:04 NomadNet v0.5.1
Add support for Reticulum key ratchets
Add support for LXMF stamps and tickets
1:12:51 Sideband
Add outbound stamp cost handling and generation
Add inbound stamp cost settings to preferences
Add message details dialog
Add message encryption information to message details
Add ratchet information to object details
Add stamp cost information to object details
Add delivery ticket information to object details
Sideband will now automatically include delivery tickets to trusted peers
Add inbound PTT audio queue
Add PTT playback block when recording a message
Add PTT activation by space key
Add battery temperature to telemetry
Improve database transaction concurrency handling on Android
Add PTT mode for audio messages (on Android and Linux)
Add command-line options to import and export Sideband settings for changing configuration on daemon-mode Sideband instances
Improve telemetry processing and sending
Improve notification handling
1:13:19 Mullvad VPN adds support for DAITA, on macOS and Linux, a defense against AI-guided traffic analysis [Blog post]
Despite VPN encryption, advanced traffic analysis poses privacy threats, recommanding the expansion of DAITA support.
Project spotlight
1:16:47 Cypherpunk Tools: comprehensive list of privacy tools with a selection hosted by privacy-focused VPS provider Mynymbox.io
1:16:59 The Resilient Anonymous Communications for Everyone (RACE) project by DARPA: distributed messaging system ensuring confidentiality, integrity, and privacy within a network.
RACE focuses on secure communication protocols and efficient, distributed tasking to resist attacks, even with limited compromises and deep packet inspection.
In August 2024, DARPA released a proof-of-concept code on [Github]
1:17:47 Katzenpost mix network: Post quantum anonymous communication network [Github]
Katzenpost develops software focused on mix network protocols, enabling anonymous communication systems resistant to traffic analysis.
Mix networks protect user anonymity by obscuring communication patterns, preventing adversaries from performing statistical analysis.
1:18:03 NymVPN: a decentralized VPN service masking users’ internet traffic through a mixnet [Github]
NymVPN is now freely available for users to beta test and experience the first commercially available application to run on a decentralized mixnet.
Lightning + L2+
Project spotlight
1:19:41 Full Phoenixd Stack: Self-custodial stack: phoenixd + letsencrypt + nginx + lnbits from your own domain name [Github]
How to run your full self custodial stack: phoenixd + letsencrypt + nginx + lnbits from your own domain name [Guide]
1:19:49 Zapin.me: an open-source platform where users can pin messages on a global map, with visibility determined by the amount of Satoshis paid via the Lightning Network. [Github]
Each message is paid for with Satoshis, and the visibility of the message on the map is determined by the amount of Satoshis spent.
1:20:03 lnwCash: A open-source Cashu wallet for anyone, anytime and anywhere. [Github]
lnwcash is a new Flutter project.
Alby Go: A simple lightning mobile wallet interface that works great with Alby Hub [Github]
Cowbolt: Mobile app to collaborate, cost split and settle in bitcoin
“A cost-splitting, team chat, and self-custody wallet combined into one easy-to-use product”
CashuSwift: a native library for building Cashu Ecash wallets on all of Apple’s platforms [Github]
This library provides basic functionality and model representation for using the Cashu protocol via its V1 API.
Lightning Bounties LLC: Platform to reward software developers for their contributions with Crypto currencies instantly.
Software Releases & Project Updates
1:25:53 CLN v24.08 - Steel Backed-up Channels
Highlights for Users
paynow checks for sufficient spendable capacity before computing a route and returns a clear error message if there isn’t enough capacityofferscan now self-fetch and self-pay BOLT12 offers and invoicesoffersautomatically adds a blinded path from a peer if we have no public channels, and supports setting a blinded path forinvoicerequestif we’re an unannounced noderenepaynow prunes the network by disabling undesired channels, un-reserves routes after use, and introduces a newexcludeoption for channels & nodes to be excluded from routingWhitespace at the end of (most) options will not complain anymore
I/O optimizations to significantly speed up larger nodes
Highlights for the Network
paycan now pay to bolt12 invoices if entry to blinded hop is specified as ashort_channel_idWe can now open unannounced channels with LND nodes again
Onion messages are now supported by default and can be forwarded using
short_channel_idWe now request all gossip from the first peer and immediately send updated gossip to current peers instead of waiting for reconnections
Recurring offers had incompatible changes, it will not work against older versions
Highlights for Developers
New experimental plugin
askreneaccesses min-cost-flow route calculationspayplugin now includes enhanced logging and improved error codes, and emits channel_hint_updated notifications to share inferred balances across paymentsNew
reckless-rpcplugin allows to issue commands torecklessover rpcPlugin manager
recklessnow supports installing Rust plugins, accepts JSON array input and, provides JSON output with the-j/--jsonoption flagbookkeepernow listens for two new custom events:utxo_depositandutxo_spend
1:25:58 rust-lightning v0.0.124 - Papercutting Feature Requests
API Updates
A new
lightning_typescrate was added which contains various top-level typeslightningnow depends onlightning-invoice, rather than the other way aroundConfirmationTarget has two new variants - a
MaximumFeeEstimatewhich can help to avoid spurious force-closes by ensuring we always accept feerates up to this value from peers as sane and aUrgentOnChainSweep, replacingOnChainSweepand only being used when the on-chain sweep is urgentAll ChannelMonitors are no longer persisted after each block connection, instead spreading them out over a handful of blocks to reduce load spikes
HTLCs will now be forwarded over any channel with a peer, rather than only the specific channel requested by the payment sender
Backwards Compatibility
BOLT 12 Offers created in prior versions are still valid but are at risk of deanonymization attacks allowing identification of the recipient node
BOLT 12 outbound payments in state
RecentPaymentDetails::AwaitingInvoicewill eventually time out after upgrade to 0.0.124 as any received invoice will be considered invalidBOLT 12 Refunds created in prior version with non-empty
Refund::pathsare considered invalid byChannelManagerThe format written by
impl_writeable_tlv_based_enum[_upgradable]for tuple variants has changed, only impacting LDK-external use of the macrosAn
Event::PaymentFailedwithout a payment hash will deserialize to a payment hash of all-0s when downgradingEvent::PaymentFailedreasons may be mapped to similar reasons that were available in previous versions on downgrade
Performance Improvements
Route-finding is 11-23% faster
lightning-block-sync now much better avoids lock contention during parallel requests for block data, speeding up gossip sync from multiple peers
Node Compatibility
0.0.123 contained a workaround for CLN v24.02 requiring the
gossip_queriesfeature for all peers. Since an updated CLN has now shipped which does not require this, the workaround has been reverted (#3172)LDK now supports BOLT 12 Offers without an explicit signing public key, allowing it to pay more compact offers generated by other nodes
LDK now supports BOLT 12 Offers without descriptions when no amount is present
1:26:03 BlixtWallet v0.7.0
New syncing nodes have been added in different regions around the world: Seattle, Germany, and Singapore. New wallets will automatically use these
Lightning Box can now be paid via @blixtwallet.com, with strict enforcement that the payment goes to the right payee
Add dropdown menu to channels on Lightning channels screen
Blixt Wallet now only accepts incoming anchor or taproot channels
Add support for fee bumping channel openings
Add the ability to hide amounts on Overview screen
Speedloader is now enabled by default for all new wallets
LNURL-pay desc hash check has been removed
Raise the maximum channel close commitment fee to 300 sats/vbyte
Remote channel reserve for new channels is now set to 360 sats
Long invoice descriptions are now trimmed in the transaction log
1:26:07 Phoenix Android/iOS v2.3.7
Support for custom PIN: The application can now be protected with a custom 6-digits PIN code specific to Phoenix.
Improve compatibility with BOLT12 payments
Phoenixd v0.3.4
Add an optional expiry for bolt11 invoices
Use lightning-kmp 1.7.3-FEECREDIT-11
Add a best-effort method for estimating liquidity fees
1:26:10 lnbits v0.12.11-rc1
x3 EXTRA funding sources Boltz, Breez and Nostr Wallet Connect:
Add boltz client fundingsource
NWC Funding source
Add Breez SDK wallet
Add bitpay and yadio fiat rate providers + increase precision of blockchain.info fiat rate provider
Set a maximium sleep time when retrying to connect to the funding source
Invoice creation UI: Replace input mask with pattern and inputmode
Show wallet names in dropdown
Add detailed CSV export option
BitBanana v0.8.6
Support for BIP353 e-mail like addresses (user@twelve.cash)
Update translations
Alby js-sdk v3.7.0
Parse nwc url lud16
Add metadata field to make_invoice
Cashu-ts v1.1.0
Added Token v4 Read/Write
Refactored types into a more organized hierarchy
Stronger type safety for cbor decode functions
Add token v4 to readme
CDK v0.3.0
In this release LNbits, Strike API, and LND were added as supported lightning backends for the mint. The strike api supports both bitcoin denomination as well as fiat currency.
Changed
cdk(wallet): fn send returns Token so the user can use the struct of convert it to a v3 or v4 string
cdk(wallet): Publicly export MultiMintWallet
cdk(cdk-database/mint): Get pending and spent proofs by ys or secrets instead of a single proofs
cdk(cdk-database/mint): Change add_blind_signature to add_blind_signatures
cdk(cdk-database/mint): Rename add_active_keyset to set_active_keyset
cdk(cdk-database/wallet): Change get_proofs to return Vec instead of Option<Vec>
Added
cdk(NUT-11): Add Copy on SigFlag
cdk(wallet): Add fn send_proofs that marks proofs as reserved and creates token
cdk(wallet): Add fn melt_proofs that uses specific proofs for melt instead of selecting
cdk-cli(receive): Add support for signing keys to be nostr nsec encoded
cdk-fake-wallet: Add Fake wallet for testing
Boosts
1:30:52 Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @Ape Mithrandir (7,777 sats) “Double boost. I got the latest Fountain. Does that mean this goes to Nostr now?”
@Ape Mithrandir (7,777 sats) “How do I get the latest APK for fountain? My Aurora store stopped working. It is open source? Can I use Obtainium, Accrescent or FDroid?”
@bradmillscan (13,337 sats) “About half way through this podcast there’s a wicked conversation about @fountain_app integrating with Nostr. Great convo @NVK& @merryoscar 👏”
@Marcellus (5,000 sats) “@merryoscar incredible job integrating Nostr. Am I right assuming that if we choose “global feed” we see in real time all the comments in @fountain_app in real time?”
@qxotk (4,224 sats) “Having a great day…and… Hot wallets are more vulnerable to social engineering - especially during the ignosecond between the time you hit broadcast on your transaction and the moment later when you realize you have fallen for the oldest trick in the book…no one is ever going to “doubke your bitcoin” - not even Michael Saylor. Keep your bags more than a few clicks from spending, way more.”
@vake (3,000 sats) “🤘”
Nostr
Project spotlight
1:38:33 Notepush by Damus: A Nostr relay for sending out push notifications [Github]
WIP: A high performance Nostr relay for sending out push notifications using the Apple Push Notification Service (APNS).
1:39:01 Nostrize: Browser extension that empowers any website with the Nostr experience [Github]
“Nostrize seamlessly integrates tipping and crowdsourcing capabilities through Bitcoin, making every interaction permissionless”
1:39:10 WoT Relay: archiving every note in your web of trust [Github)
WOT Relay is a Nostr relay that saves all the notes that people you follow, and people they follow are posting.
1:39:17 Fren Relay: A Relay that only your frens (people you follow) can post to using NIP42 Authentication [Github]
1:39:27 Anonostr: Send anonymous notes on Nostr [Github]
Anonostr allows users to send anonymous notes to the Nostr network without revealing their identity.
For each note submission, the app generates a new key pair, sends the note through select relays, and then securely burns the key pair.
1:39:53 The Wired: an anon agora, built upon the NOSTR protocol [Source code]
Employs Proof-of-Work (PoW) as a spam prevention mechanism, as opposed to Captcha, moderation or other verification methods
1:40:05 Yeghro Unfollow Tool: Nostr inactive users checker
The tool allow for the removal of inactive nostr users.
1:40:11 Gif Buddy: A gif companion app for nostr clients [Github]
Users can easily search for a GIF, copy its address, and paste it into their client for sharing.
Each copied GIF is uploaded to nostr.build, triggering a NIP-94 request, ensuring future accessibility across clients.
1:40:18 Why Nostr: comprehensive introduction to Nostr, listing learning ressources, clients and an exploration page of the ecosystem.
1:40:30 Bitcoin.Review nostr mini series (coming soon!)
Software Releases & Project Updates
Nostr Web Services (NWS) v0.1.0
Add HTTPS reverse proxy support
Implement reverse connection handling in SOCKS5 server
Add domain parsing for .nostr addresses
Reintroduce domain validation for .nostr domains
Add domain to certificate DNS name
Add public exit nodes with clearnet support
Use custom event kinds
Add default relay config
Add logging for error handling and connection status
Damus New Testflight
Create Highlights in Safari
Push notifications
Amethyst
v0.91.0 - Edge to edge feeds
Finish Edge to Edge transition for Android 15
Add compression settings to the media uploading screen
Add sliding animations in all inner screens
Add copy stack to clipboard for error messages that have an exception
Enable the use of hidden words for all visible properties of the user
Show relay ping with the relay icon
Enable decryption by nip04 and nip44 on NostrWalletConnect objects, NIP-51 lists and NIP-04 messages
Add basic support for NIP-46 events
Protect against empty nip04 content
Speed up the filter for NWC zap payments
v0.90.0 - Torrents and Outbox refactorings
Add support for NIP-35 torrents and their comments
Add a simplified sync Signer to the Quartz library
Add Default lists for NIP-65 inbox and outbox relays
Add Default lists for Search relays
Add local backup for UserMetadata objects
Add local backup for Mute lists
Add local backup for NIP-65 relays
Add local backup for DM Relays
Add local backup for private home relays
Improve caching of encrypted DMs
Update Twitter verification to X
Improve the rendering of QR Codes
Add support to Delete All Drafts
Lume v4.1.0
Lume now only focus on MacOS and Windows while a dedicated Linux native client is in the works.
New app icon for Windows and macOS
Improve support for Nostr Connect
Improve security, only save private key as ncryptsec format
Add “Stories” column to provide a quick way to keep up to date with the user’s contacts
Add “Search” column
Add “Notification” column
Add “Hashtag” column
Redesign “Thread” column
Voyage
Nos v0.1.26
Add nos.lol to the default relay list for new accounts and removed relay.snort.social
Show quoted notes in note cards
Add quote-reposting
Add a new image viewer that appears when you tap an image
Add a new gallery view that’s currently behind a feature flag
Remove the like and repost counts from the Main and Profile feeds
Remove wss:// from relay addresses in lists and removed the need to prepend relay addresses with wss://
Localize the quotation marks on the Notifications view
Add in-app profile photo editing
Internal changes:
Include the npub in the properties list sent to analytics
Replace hard-coded color values
Add a feature flag toggle for “Enable new media display” to Staging builds
Add a new gallery view to display multiple links in a post. Currently behind the “Enable new media display” feature flag
Add an overlay to GIFs that plays the animation when tapped. Currently behind the “Enable new media display” feature flag
Show single images and gallery view in the proper orientation. Currently behind the “Enable new media display” feature flag
Citrine
Nostrudel
Add “mark read” button to notifications view
Add support for NIP-49 (ncryptsec)
Display NIP-89 client tags on events
Add wiki pages
Add support for wiki links in text notes
Add simple article view
Show read status on notifications
Add blindspots discovery feed
Show individual zaps on notes
Show notifications on launchpad
Add Streams and Tools to launchpad
Add details tabs under thread post
Add Multi-threaded PoW Hashing
Add blossom media upload option
Add support for native android and ios sharing
Add support for NIP-51 search relay list
Add option to prune older events in wasm relay
Add menu to zap events
Add option to use nostr-wasm to verify events
Add NIP-46 connection initiated by client
Add No cache relay option
Add In-Memory cache relay option
Add support for @snort/worker-relay as a cache relay
Show timelines, subscriptions, and services in task manager
0xchat v1.3.3-beta
Add SOCKS proxy settings and .onion host options
Push notifications can now be received by connecting to at least one default general relay
nostr-filter-relay v0.4.0 - Compatibility bring various apps grow together
This release bring important change with NIP-32 compatibility (kind: 1985). Starting from this release, legacy custom event (kind: 9978) that were used for classification data in nostr-filter-relay has been deprecated.
NIP-32 compatibility and dependencies update
NIP-32 compatibility event structure
NIP-32 usage explanation in nostr-filter-relay
Max websocket message size setting in nostr-filter
Rate-limit support in nostr-filter
Relay concurrency limit setting in nostr-filter
Nostr-PHP v1.4.0
The library now provides separate relay response classes according to NIP-01
@kriptonix relay responses handling
Tech Tip of the Day
1:50:38 Don’t use Telegram.
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
Stratum v2 extension for fee revenue sharing: “Filippo Merli posted to Delving Bitcoin about an extension to Stratum v2 that will allow tracking the amount of fees included in shares when the shares contain transactions selected by an individual miner.”
OP_CAT research fund: “Victor Kolobov posted to the Bitcoin-Dev mailing list to announce a $1 million fund for research into a proposed soft fork to add an OP_CAT opcode.”
Mitigating merkle tree vulnerabilities: “Eric Voskuil posted to the Delving Bitcoin discussion thread about the consensus cleanup soft fork proposal … a request for an update given recent discussion on the Bitcoin-Dev mailing list.”
New Bitcoin Mining Development mailing list: Jay Beddict (VP of Research at Foundry) announced a new mailing list to “discuss emerging Bitcoin mining technology updates as well as the impacts of Bitcoin-related software or protocol changes on mining.”
News & Noteworthy
Bitcoin
1:51:03 Launch of the Bitcoin Dev Project, a step-by-step online program to onboard the next generation of Bitcoin developers with community support [Announcement]
1:51:07 The BDK Foundation invites proposals for a full-time Rust maintainer to aid in developing and maintaining the BDK open-source software suite [Announcement]
International Bitcoin dev conference organizer Bitcoin++ introduces bitcoin++ News Edition, a bi-weekly newsletter from the bitcoin++ universe [Announcement]
1:51:16 WasabiWallet backend servers are down [Lontivero’s Announcement]
“We’ve run out of funds sooner than anticipated. We’re working on fixing the issue ASAP, but it may take some time.”
Lightning
1:51:24 Strike now supports BOLT 12 offers [Blog post]
Business & Finance
1:51:27 Canadian bitcoin broker Bull Bitcoin expands to France [Press release]
The expansion follows Bull Bitcoin’s acquisition of Bitcoin Lyon, a longstanding French broker.
1:51:37 Zaprite introduces a Point-of-Sale app allowing businesses to accept bitcoin and card payments in person [Announcement]
1:51:43 Blockstream Mining launches third round of hashrate-backed BMN2 note [CoinDesk]
The BMN2 note locks in the hashprice for up to 48 months, providing protection from market volatility and mining-related risks. Blockstream targets $10 million in investment for this round, building on $7 million raised in previous rounds.
Hyperbitcoinization
1:51:52 Mastercard launches euro-denominated non-custodial Bitcoin debit card [Bitcoin Magazine]
Mastercard partners with Mercuryo to offer a euro-denominated debit card, enabling bitcoin spending from non-custodial wallets at over 100 million merchants globally. This allows users to retain full ownership of their digital assets without intermediaries.
1:52:39 Nasdaq seeks regulatory approval to launch and trade options on a bitcoin index. The U.S. Securities and Exchange Commission has not yet approved options on exchange-traded funds tied to spot bitcoin prices. [Reuters]
Cryptography
1:53:06 Discovery: “New record for the rank of elliptic curves over Q, due to Noam Elkies and Zev Klagsbrun, is 29!” [Andrej Dujella’s Website]
“The new curve was found by Zev Klagsbrun last week by a sieve search on a rank-17 fibration of the same K3 surface that I used to find the rank-28 curve, using the techniques we described in our ANTS-XIV (2020) paper” Noam Elkies
Funding
1:53:36 OpenSats announces:
Long-term support for Nostr contributors Alex Gleason and Daniele
Support grant for The Tor Project, a nonprofit organization dedicated to privacy and internet freedom since 2006.
Mining
1:54:55 Launch of the Bitcoin Mining Development Mailing List [Google Group]
The mailing list is a “focused public forum to discuss emerging Bitcoin mining technology updates as well as the impacts of Bitcoin-related software or protocol changes on mining.”
1:56:30 Bee Evolved launches M.O.E.M. (Mining Operation Environmental Monitor), a MineOps integrated device, providing comprehensive monitoring for mining operations environment [Announcement]
Privacy
1:56:40 Pavel Durov, founder of Telegram, faces 12 criminal charges in France, including enabling organized crime, facilitating illegal transactions, and providing unauthorized cryptology services [Press release]
1:57:09 A U.S. appeals panel questions the Treasury’s sanctions on Tornado Cash, highlighting that only three instances of North Korean money laundering were cited from millions of transactions. Judges express skepticism over the Treasury’s classification of Tornado Cash as a corporate entity. [Protos]
Hungary pushes for EU messenger mass surveillance despite privacy concerns [Patrick Beyer’s Blog post]
The Hungarian Council Presidency aims to pass the controversial “chat control” law, allowing automated bulk searches in private chats for illegal content. Despite removing mandatory AI-based scanning, users may be blocked from sharing media if they opt out of the monitoring.
Protocol
Bitcoin Core #30454 and #30664 respectively add a CMake-based build system and remove the previous autotools-based build system.
Bitcoin Core #22838: Be able to specify change and receiving in a single descriptor string [Merged]
LND #9009: implements banning for invalid channel announcements [Merged]
BIPS #1657: Add a PSBT per-output field for BIP 353 DNSSEC Proofs [Merged]
NIP-69 #1460: Static payment codes to replace LNURL-P [Open]
Government & Political
Qatar Qatar Financial Centre Issues QFC digital assets framework [Report]
Binance acknowledges freezing a number of Palestinian accounts linked to illegal activities, in compliance with Israel’s anti-terrorism laws [No BS Bitcoin]
Events
Bitcoin Oasis 2.1, organized by Bitcoin Association Arabia, is postponed to 2025 due to unforeseen circumstances [Announcement]
Reads
2:00:52 Here’s a list of our top recently published reads:
Threat models and Dark Skippy by @reardencode [Review]
The Beauty of ECash by Hal Finney [Nakamoto Institute]
Privacy and Pain: Craig Raw, Creator Of Sparrow Wallet, On Self-Custody [Bitcoin Magazine]
Nostr Revolution: Possible Solutions to the Mathematical Impossibilities of Voting Systems by SUPERMAX [Note]
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)