BR095 - OP_NEXT Recap, COLDCARD, Bitcoin Core, Ephemeral Dust, Ephemeral Anchors, Pay-to-Anchor outputs, Taplocks, Electrum, Cove Wallet, Mempool.space, Liana, ESP32.Review + MORE ft. Rob & Rijndael
I’m joined by guests Rob Hamilton & Rijndael to go through the list.
Housekeeping
00:01:09 OP_Next recap
Bitcoin
Software Releases & Project Updates
00:15:18 Coldcard
Shared Improvements - Both Mk4 v5.4.2 and Q v1.3.2Q
New Feature: Multisig transactions are finalized when sufficiently signed. Allows use of PushTX with multisig wallets
New Feature: Signing artifacts re-export to various media. Now you have the option of exporting the signing products (transaction/PSBT) to different media than the original source. Incoming PSBT over QR can be signed and saved to SD card if desired.
New Feature: Multisig export files are signed now
Enhancement: NFC export usability upgrade: NFC keeps exporting until CANCEL/X is pressed
Enhancement: Add Bitcoin Safe option to Export Wallet
Enhancement: 10% performance improvement in USB upload speed for large files
(Q only) Enhancement: Always choose the biggest possible display size for QR
Two New Heavyweight Features
CCC: COLDCARD can now Co-sign like collaborative multisig HSMs, no centralized servers needed
KeyTeleport: Send secrets on a video call to other COLDCARD! Securely move seeds, secure notes/passwords, multisig PSBTs, even full backups (full clone), between two Q using QR or NFC
00:42:53 Bitcoin Core v29.0
Notable changes
P2P and Network Changes
Support for UPnP was dropped
libnatpmp was replaced with a built-in implementation of PCP and NAT-PMP
When the -port configuration option is used, the default onion listening port will now be derived to be that port + 1 instead of being set to a fixed value
Upon receiving an orphan transaction, the node will attempt to download missing parents from all peers who announced the orphan
Mempool Policy and Mining Changes
Ephemeral dust is a new concept that allows a single dust output in a transaction, provided the transaction is zero fee
Updated RPCs
The RPC
testmempoolaccept
response now includes areject-details
field in some cases, similar to the complete error messages returned bysendrawtransaction
Duplicate blocks submitted with
submitblock
will now persist their block data even if it was previously prunedgetmininginfo
now returnsnBits
and the current target in thetarget
field. It also returns anext
object which specifies theheight
,nBits
,difficulty
, andtarget
for the next blockgetblock
andgetblockheader
now return the current target in thetarget
fieldgetblockchaininfo
andgetchainstates
now returnnBits
and the current target in thetarget
fieldthe
getblocktemplate
RPCcurtime
(BIP22) andmintime
(BIP23) fields now account for the timewarp fix proposed in BIP94 on all networks
New RPCs
getdescriptoractivity
can be used to find all spend/receive activity relevant to a given set of descriptors within a set of specified blocks
Updated Settings
The maximum allowed value for the
-dbcache
configuration option has been dropped due to recent UTXO set growthStarting with v28.0, the
-mempoolfullrbf
startup option was set to default to1
. With widespread adoption of this policy, users no longer benefit from disabling it, so the option has been removed, making full replace-by-fee the standard behaviorSetting
-upnp
will now log a warning and be interpreted as-natpmp
. Consider using-natpmp
directly insteadAs a safety check, Bitcoin core will fail to start when
-blockreservedweight
init parameter value is lower than2000
weight units. Bitcoin Core will also fail to start if the-blockmaxweight
or-blockreservedweight
init parameter exceeds consensus limit of4,000,000 WU
Build System
The build system has been migrated from Autotools to CMake
00:47:21 BDK v1.2.0
TxBuilder
add_recipient
function now accepts anything that implementsInto<ScriptBuf>
The wallet considers a coinbase output eligible for selection if it will mature in the next block
Wallets persisted with a
rusqlite::Connection
are checked to be thread-safeThe
bdk_chain
dependency is updated to version 0.21.1, plus a number of internal cleanups
00:48:12 Coinswap v0.1.1
Core Protocol & Performance Improvements
UTXO Management: A major source of latency due to frequent Core RPC calls have been removed by having custom in-memory UTXO indexes. These maps are also persisted in the disk, reducing wallet sync time.
Coin Selection: State of art coin-selection algorithms, similar to Bitcoin Core, is integrated, making various kind of tx creation more efficient.
Fidelity Management: Fidelity bond management tasks, like bond expiry checks, redemtion, recreation, is now automated in the maker servers. Reducing user responsibilities of managing Fidelity Bonds.
Taker Liveness: A new message WaitingFundingConfirmation have been introduced to mainatin swap connections between Takers and Makers to handle variable block confirmation delay
User Experience & Compatibility
Compatibility: The crate and the apps are now fully compatible with Mac
Tor: Tor operation is streamlined providing faster and more resilient tor connections. Tor addresses are now deterministically linked with the wallet seed, ensuring constant onion address across system reboots
UI/UX: Improved display of various user facing structures like, balances, utxos, offer data, fidelity bonds and overall improvements in system logs. Making the apps more fun to play with
API Design: Streamlined various transaction creation routines to use a single common API. Reducing technical debts and removing redundant code
Protocol Spec Documentation: Details how CoinSwap breaks the transaction graph and improves privacy through routed swaps and amount splitting. Includes diagrams for clarity
00:48:56 Electrum Wallet
Implements Nostr Wallet Connect (NIP47) plugin, which supports remote control of Electrum lightning wallet through Nostr protocol as a plugin with CLI and QT gui compatibility.
Users can set a 24-hour budget and connection expiry date when connecting Electrum as a funding source for clients like Amethyst, Alby, Bitbanana, and lnbits.
The next release of Electrum Wallet will make it possible to install plugins developed and distributed by third-parties.
00:52:45 BTCPay Server v2.1.0
Add better MultiSig flow when all users are using BTCPay Server
Remove ZCash and Monero from core code
Disable cold wallet creation by default
Add support for RBF and improve UX for CPFP
Greenfield: Add
refundBOLT11Expiration
to Get/Update store endpointGreenfield: Add
invitationLink
anddisabled
properties to user APIs
00:53:33 Nunchuk Android
00:54:04 Liana v10.0
This version does not introduce any breaking changes in the database schema
Two new features are implemented: Backup and Third party keys fetching during the install
Liana GUI
During the install process, the xpub of a key provider can be fetch from a Wizardsardine service by entering a token
This Xpub can be used as a “Safety Net”, a paid product where a third party keeps a recovery key for you in case you lose your access to your funds
We changed the default value of the “standard” recovery paths to ~1y, so the safety net can be quickly set with the maximum timelock without conflicting with an other recovery path
Due to rust-miniscript compiler changes, for the same keys setup the output descriptor may differ from one generated by a v9 Liana. Both descriptors are supported by Liana v9 and v10 versions
A new backup system for wallet configurations, including descriptors, has been introduced
Users can now back up their wallet configurations by downloading a file during the wallet creation process
They can also update their backup (for changes in labels, aliases, etc.) by downloading it from the Wallet settings
This backup file can be used to restore the wallet or keep it synchronized across different devices
This backup does not include hot keys (computer generated mnemonics)
A new “Export/Import” section will be available in the settings, consolidating all export and import options
This section will include the backup and restore wallet functions, as well as new features like “Export Labels” and “Export Descriptor.”
The export of labels adheres to the BIP329 standard, both in the wallet backup and the “Export Labels” function
Replace by fee action can now be executed on transactions without any related PSBT in the database
00:54:51 The Mempool Open Source Project v3.2.0
Highlights:
Support for v3 transactions
Support for anchor outputs
New UTXO bubble chart on the address page
DATUM miner tags
Tags to identify runestone messages and inscriptions
Package broadcast
Stratum job data visualizations
Taproot multisig labels
Transaction & PSBT preview feature
Address poisoning detection
And more
Cove v0.3.0
Upgrade BIP329
Check for the next 30 addresses for txns even if not revealed
TAPSIGNER setup initial pin
TAPSIGNER import already initialized card
TAPSIGNER change PIN
TAPSIGNER create download backup
Readable card ident
Sign PSBT using TAPSIGNER
Watch for changes on unconfirmed txns
00:57:01 BoltzExchange boltz-web-app v1.7.3
Include rescue key in backup
Add Portuguese translations
Improve UX for copying address/invoice on click
00:57:16 RoboSats v0.7.6
For Users
Dispute statement now requires a contact method to be submitted
Coordinator rating over nostr (BETA)
Token input now clears up blank spaces
Add some messages to the trade workflow to answer the most common questions
For Coordinators
Add cancel_status param to the cancel order action
00:57:21 Bitcoin Safe
Expand QR SignMessage Compatibility: SignMessage now supports all QR-UR-compatible hardware signers, including SpecterDIY, KeyStone, Passport, and Jade (additional to previous supported Coldcard Q)
Wallet Import via QR: Add the ability to import wallet-export-files via QR code, ensuring compatibility with Keystone’s latest firmware
Add Address poisoning detection and warning
Nostr sync&chat alias now also appears in share menu of the TX/PSBT
00:57:58 Blockstream Green
Android v4.1.8
Add Language preference in App Settings
Enable Android data backup for disaster recovery
Allow setting custom Electrum gap limit with default server
iOS v4.1.8
Rename L-BTC to LBTC
Improve notifications translations
Persist wallet list across app reinstallation
Reduce login time
Improve background lightning payments
00:58:08 Rust Payjoin v0.23.0
This release features a first-class persistence abstraction, wire protocol changes for RFC 9540 support, and better compliance with the BIP78 specification. It also pays back a whole bunch of tech debt including enhanced error handling, expanded functionality with new modules and additive features, and improved test infrastructure. There are breaking API and protocol changes as a result.
Changelog
Make features additive
Make receiver errors replyable to the sender
Introduce “directory” feature module
Accomodate updated BIP78 spec
Introduce experimental multiparty sender behind the “_multiparty” feature flag
Add support for RFC 9540
Add first-class persistence abstraction
Add many more tests, significantly improving test coverage
01:01:15 Zaprite v2025.04.14
Added
Client Updates: Add new messaging in the browser to alert users when a new version of Zaprite is available
API: Add a new disablePaymentNotifs option to our API Order creation fields
Changed
New Organizations: Add the Organization Name field to the New Organization form to make it easier to identify Organizations after being created
01:01:41 ESP Miner v2.6.1
New Features
Wi-Fi
SSID WiFi lookup
Expose Wifi RSSI to API endpoint
Init AxeOS AP mode
User Interface (UI)/Display
feat: add tooltip for pwm invert and flip screen by @WantClue (#709)
Add sorting switch to swarm page for hostname and ip
Show share reject reasons
Add asic failure status screen
Mining/Pool/Stratum
Keep old pool config synchronized until reboot
Add support for extranonce2_len<4
Improve pool fallback code
Update confusing connect to pool log message
Refactor Stratum code for Seamless Failover
Hardware/Power/Overclocking
Use url params to unlock overclock
Overclock url params
GammaTurbo support and HW abstraction
Create TPS546 VCORE alerts
Get combined current (power) for multi-phase TPS546
And more: API/Backend, Development/Build/Testing, Configuration/System, Documentation/Miscellaneous, and Fan Control.
01:01:48 Krux Update
Krux achieves first air-gapped PGP signature using secp256r1 NIST P256 curve, which requires a coordinator for metadata support.
The developer chose secp256r1 for “size and efficiency for running on microcontrollers” after abandoning RSA due to processing-intensive steps.
01:02:29 Iris Wallet Desktop v0.2.0
RLN Node Compatibility: The app now checks if the RLN node version is compatible at startup
Backup and Restore Improvements: Backup and restore now use a temporary folder, which gets deleted automatically after the process finishes
Error Reporting: Add an error dialog to report issues when unlocking the node
Data Directory Separation: Separate data storage paths for the application and the RLN node
Logs Cleanup: Remove unnecessary QProcess logs of the RLN node to reduce logs
GitHub Actions Update: Update GitHub Actions workflow to build the RLN node using a specific commit ID
01:02:46 Bitcoin Core Config Generator Update
Now compatible with Bitcoin Core v29.0
01:02:52 UTXOracle is Now live
Project spotlight
01:04:14 SwiftSync: Smarter synchronization with hints [Discussion]
SwiftSync provides near-stateless, fully parallelizable validation of the Bitcoin blockchain using hints about unspent outputs (<100MB total), verifying validity through a hash aggregate that equals zero when successful.
Unlike traditional Bitcoin Core validation, SwiftSync eliminates database lookups, reduces memory usage, and enables parallel processing.
01:04:43 PrivatePond: A Bitcoin Payjoin application to optimize transaction rails for services, such as deposits, withdrawals, and automated wallet rebalancing [Github]
Private Pond optimizes Bitcoin transactions by queuing withdrawals and processing them at fixed intervals, enabling batching while user deposits can fund withdrawals through Meta Payjoin, reducing hot wallet liquidity requirements.
01:05:00 JoinMarket Fidelity Bond Simulator: A tool for JoinMarket makers to evaluate their competitive position in the market based on fidelity bonds [Github]
Features include simulating maker selection probability using real orderbook data, calculating bond values based on amount and lock time, and comparing different bond strategies.
01:05:52 DahLIAS: Discrete Logarithm-Based Interactive Aggregate Signatures [Research paper]
DahLIAS allows multiple signers to produce a single constant-size signature that verifies all messages simultaneously.
The scheme features a two-round signing protocol with possible preprocessing and verification that is asymptotically twice as fast as batch verification of individual Schnorr signatures.
DahLIAS supports key tweaking for Bitcoin applications and is proven secure under the algebraic one-more discrete logarithm assumption in the random oracle model.
01:06:00 Satoshi Escrow (scrow): A Bitcoin non-custodial peer-to-peer dispute resolution using only Nostr keys [Github]
Satoshi Escrow offers Bitcoin transactions through 2-of-2 multisig addresses where buyers and sellers lock BTC using only their Nostr keys (nsec/npub)
The system utilizes Pay-to-Taproot multisig technology and can be used offline on air-gapped computers
01:06:12 Taplocks: Verifiable but Unspendable Tapleafs via Hashlock Mechanism
A recent proposal introduces Taplocks, a method to enforce unspendability of Taproot script paths containing OP_SUCCESS before opcode activation. The technique prevents premature spending while allowing smooth migration to new opcodes (e.g., CAT, CTV, or OP_WASM).
Key Mechanism:
Problem: Post-Taproot, OP_SUCCESS makes any script containing it immediately spendable, even before intended opcode activation.
Solution: A hashlock-like construct is applied over the script (not within it) using SHA-256 length extension.
The oracle pre-images a secret, which must be revealed to construct a valid spending script.
A ZKP (e.g., STARK) proves the script header contains only a data push and padding, ensuring no hidden malicious logic.
Benefits:
Eliminates manual UTXO migration post-activation.
Maintains security under the same trust assumptions as signing oracles.
Full technical details available on Github.
Censorship Resistance Threshold: A calculator estimating how many guerrilla miners are required to secure Bitcoin against censorship
The tool factors in existing guerrilla hashrate and calculates additional miners needed to reach the critical 51% threshold for censorship resistance.
01:15:48 bitcoin.softforks.org: Easily compare various features, facts, and figures for the many soft fork proposals under consideration [Github]
The website serves as a research database educating the Bitcoin community about active soft fork proposals and helping evaluate them comparatively.
01:15:52 CTV and CSFS Enabled Bitcoin Node: Mutiny Signet Docker Setup [Github]
“A Docker-based Bitcoin node configured with CheckTemplateVerify (CTV) and CheckSigFromStack (CSFS) capabilities enabled.”
“This node runs on a special signet (MutinyNet) that allows developers to test and build applications using these proposed Bitcoin protocol upgrades.”
01:16:03 UTXOscope: A text-only BTC price heatmap built only from UTXOs, inspired by UTXOracle [Github]
UTXOscope analyzes newly created UTXOs to visualize Bitcoin price trends without relying on external exchanges or price feeds.
01:16:13 Block Bitcoin Treasury: A visualization of Block’s Bitcoin treasury holdings [Github]
Block launches a bitcoin corporate holdings dashboard with BTC-to-USD real-time price quote API on GitHub, enabling companies to track bitcoin treasury assets.
01:16:47 Waye: A website to discover tools, programs, and support systems designed to help open-source developers thrive. Waye empowers builders to stay clear-headed, motivated, and aligned for long-term impact [Github]
The OS Waye Foundation operates as a 501(c)(3) nonprofit providing tools, research, and frameworks to support open-source developers in the decentralized ecosystem.
01:17:08 Sovereign Craft: A bitcoin-based Minecraft server offering an educational gaming experience
Sovereign Craft is a Minecraft server integrating Bitcoin as in-game currency that functions in the real world through custom wallets powered by LNBits
(Not) a Vulnerability Disclosure
01:17:17 Pay-to-Anchor outputs now exploited for blockchain spam [Twitter post]
Pay-to-Anchor outputs in Bitcoin’s Lightning Network, designed to allow fee adjustments for channel closures, are being used to spam the blockchain with low-value transactions.
Vulnerability Disclosures
01:18:10 CVE-2025-27840: New ESP32 vulnerability threatens Bitcoin security? [Daily CyberSecurity]
Researchers at Crypto Deep Tech discover a cryptographic vulnerability in ESP32 microcontrollers that could put of IoT devices and Bitcoin-related hardware at risk.
Six major flaws are identified, including invalid private key acceptance, weak random number generation, and signature forgery capabilities, with researchers demonstrating a successful attack recovering a private key from a wallet.
01:20:49 Breaking ECDSA with two affinely related nonces [Research paper]
Researchers demonstrate a new vulnerability in ECDSA where private keys can be compromised when two nonces have an affine relationship, even if they are distinct and used for the same message.
The attack method requires only two signatures and uses algebraic techniques without needing lattice reduction or brute-force searches when the relationship between nonces is known.
Additional resource: Why Schnorr signatures should be preferred over ECDSA [Schnorr vs. ECDSA]
01:21:02 Chinese SHOWJI phones contain pre-installed malware targeting cryptocurrency users [The Hacker News]
Cheap Chinese Android phones, particularly SHOWJI brand models, ship with pre-installed trojanized apps disguised as WhatsApp and Telegram that swap cryptocurrency wallet addresses during conversations.
The malware campaign has stolen approximately $1.6 million in cryptocurrency over two years, with attackers using about 30 domains and 60 command-and-control servers to manage the operation.
01:21:44 X users discover hidden data access beyond official API [Security Express]
Users access hidden X data through browser developer tools by filtering network requests for “UserByScreenName” responses, revealing comprehensive datasets for public accounts.
The technique exposes sensitive metadata including NSFW flags, regional restrictions, and “protected” account status, plus access to direct messages including from blocked or deleted users.
Audience Questions
Thanks to everyone who sent in questions. Remember to send yours to questions@bitcoin.review.
01:23:46 “How do we use open time stamps for transfer of assets using two party integrity between holders?” -@AVERAGE_GARY
01:24:50 “Does Cove have testnet4?” -@AVERAGE_GARY
01:25:15 “Can you explain like I’m 5 what opcodes are, how they are used on the network, and the level of optionality that applies to them?” -@anon
01:26:49 “Please discuss this idea: Block-based TOTP for bitcoin wallet passphrase validation [Note]” -@anon
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
01:28:48 Tor Browser v14.5
Connection Assist now on Android
Add Belarusian, Bulgarian & Portuguese
Improve log readability
Better performance when quitting the app
01:28:51 TailsOS
Update Linux to 6.1.133, which fixes multiple security vulnerabilities that may lead to a privilege escalation or information leaks.
Update perl to 5.36.0-7+deb12u2, which fixes a heap-based buffer overflow vulnerability, which may result in denial of service, or potentially the execution of arbitrary code.
Improve confinement technology used to protect files from possible security vulnerabilities in Tor Browser.
With Tails 6.14.1, you can safely access any folder in your Home folder or Persistent Storage from Tor Browser.
01:28:53 NymVPN v2025.6 - Rhubarb release
Connection
Connection times have been reduced by registering Wireguard keys entry and exit gateways in parallel to improve NymVPN connection times
An always-on kill switch toggle has been added to settings so you can be sure unprotected traffic is blocked
NymVPN for Linux, macOS and Windows will launch without network connectivity to improve connection time by using available networks and caching the network environment between app run times
Improve in-app assistance
Improvements to existing features
Linux and Windows: Auto-start for NymVPN and nym-vpnd at device startup
Mixnet mode enhancements: New changes to ensure privacy and improve performance in Anonymous Mode (e.g., with fixes to Poisson delays, backpressure, SURBs)
01:28:55 MapleAI [Update]
Maple AI chat product is now available as native apps for macOS and Linux users, offering end-to-end encryption, secure enclaves, and cross-device syncing.
Project spotlight
01:28:59 Git With Me: Peer-to-peer, encrypted, ephemeral Git collaboration (git daemon with encryption) [Code repository]
Git withme provides a way for a single host to invite numerous peers with short, one-time secure codes. The peers connect directly via Dilated Magic Wormhole channels, allowing collaborators to git clone git://localhost/.
Lightning + L2+
Project spotlight
01:29:17 Misty Breez: A hybrid Lightning and Liquid network wallet built with the Nodeless Breez SDK [Github]
The wallet supports multiple payment options including BOLT 11/12 invoices, LNURL-Pay, Lightning Addresses, BTC addresses, and offline payments via mobile notifications.
01:29:25 Sovereign Tools: A comprehensive Bitcoin and Lightning Network wallet comparison tool built with React, Express, and TypeScript [Github]
The platform currently evaluates 18 Lightning Network wallets across 43 features including platform availability, invoice compatibility, payment routing, and privacy features.
01:29:28 Silk Road on Lightning: A marketplace for legal items and services using Bitcoin on the Lightning Network
The platform requires no KYC for registration, withdrawals, or purchases.
Sellers receive all payments in Bitcoin through the Lightning Network, even when buyers pay in USD. The platform automatically converts USD payments to Bitcoin.
01:29:37 Cashu Token Decoder: A web tool for parsing and editing Cashu tokens
Software Releases & Project Updates
CLN v25.02.1 - Onion Packet Filler Accreditation II
Several bug-fixes were addressed in this release, including:
wallet: we could miss our own returned outputs on mutual closes if our peer didn’t support
option_shutdown_anysegwit
lightningd
now properly handles duplicate HTLCs on closing and no longer spams the logUnilateral closes now calculate fees with the correct HTLC timeout and no longer pay egregious fees
topology
crash on invoice creation if a peer had a really high feeratemake
cleans up the old clnrest directory prior to building and installing the new rust version of the plugin
LNbits v1.0.0 - Alan Bits
Key Highlights
LNbits now at v1.0.0: the software is stable, hardened, and production-ready
Vue 3 migration: a complete frontend overhaul for performance and long-term maintainability
WebSocket payments: faster and more efficient, replacing older SSE and long-polling methods
New lnbits.sh install script: simplifies setup and local deployment
Access Control Lists (ACL): token-based permissions for powerful role and scope control
Admin tools:
Admin payments overview
Toggle outgoing payments
View payments from deleted wallets
NWC (Nostr Wallet Connect) support
Login with Nostr or OAuth: expanding integration and authentication options
01:29:48 Zeus
NameDesc/bLIP-11 support: add receiver name to invoices
Locales: Hindi
UI: Add dynamic background/text colors to Android NFC modal
v0.11.0 - Rolling out to community sponsors and contributors
PR #2946 introduces support for Cashu
Add support for an optional Cashu ecash wallet for Embedded LND users
Add support for all backends to sweep Cashu tokens to self-custody
New Cashu Lightning addresses added alongside our existing Zaplocker address (switch between as you wish)
New ZEUS Pay+ service for premium features, incl. custom handles, web POS, early access, LSP discounts
Modal messages to prompt users to upgrade to self-custody
01:29:49 LDK v0.1.2 - “Foolishly Edgy Cases”
API Updates
lightning-invoice
is now re-exported aslightning::bolt11_invoice
Performance Improvements
rapid-gossip-sync
graph parsing is substantially faster, resolving a regression in 0.1NetworkGraph
loading is now substantially faster and does fewer allocations, resulting in a 20% further improvement inrapid-gossip-sync
loading when initializing from scratchChannelMonitors
for closed channels are no longer always re-persisted immediately after startup, reducing on-startup I/O burden
LNDg v1.10.0
Improve performance with LND using an updated forwards query
AutoFees now uses aggregated pubkey metrics for those that have multiple channels with the same peer
New metrics page: Unprofitable/Stuck Channels
Automates inbound fee updates when using AutoFees (enable with AF-InboundFees)
Batch Open Warnings
P&L Chart updated with on-chain costs
Advanced settings added for those who would like their channel db size to be read remotely (default remains local)
Alby
Js-SDK v5.0.0
In this release, we introduce a new LN class which makes it even easier to get quickly started sending and receiving bitcoin payments. We also add a NWCWalletService class which allows wallet developers to add NWC support without having to implement the low-level NWC code of creating and signing events, relay connection, etc.
Features
feat: add NWC Wallet Service
feat: add simpler LNClient class
Hub v1.16.0 - Rop Gonggrijp
Features
Alby pro subscriptions
Add bitrefill to app store
New sidebar
App store submission: ZEUS
Add lightning messageboard to app store
Improve settings pages UI
Add healthcheck alert
Add update button to what’s new widget
Show channel duration on open channel pages
Add funding txid and amount to LDK channel closed event
Show date on lightning messageboard messages
Go v1.12.0
Wallet switcher to swap wallets during payments, withdrawals, and connections
Enhance number formatting for locales that use decimal commas
Ark v0.5.4 - New SubscribeForAddress API, Fixes and Optmiziations
SubmitRedeemTx: remove useless extra PSBT decode
Add SubscribeForAddress explorer API
hotfix: TapscriptsVtxoScript.Decode returns an error in case array is empty
hotfix: GetTaprootTree use bytes.Contains instead of bytes.Equal
hotfix: CLTV locktime decoding
[Server] Move db write ops to background
Ark Labs HQ wallet-sdk
DefaultVtxo.Script
add default exit timelock
VtxoScript
abstractionMark as side-effect-free to allow Tree Shaking
Add
ArkNote
classReveal tapscripts in virtual transactions
SubscribeForAddress RPC + service worker database
feat: optimize ESM and CommonJS dual package support
ServiceWorker: support concurrent calls
Fedimint
v0.7.0 - Going Full-Stack
Highlights
Initial recurring payment support through LNURL (to be extended to BOLT12)
Integrated guardian and setup UI to simplify deployment
Beta support for running
fedimintd
behind firewalls and NAT routers without opening ports and registering domainsLower on-chain fees through better estimation
Allow overwriting blockchain API supplied to clients
Add parse_invite_code function in fedimint-client-wasm
Expose additional backup metrics via prometheus
Breez SDK v0.8.0 - Nodeless
Add WASM support (Node.js and Web)
Lower the minimum payment amount for sending
Enable fee payments in USDT
BlitzWallet v0.4.3-beta
Ecash Improvements
Increased eCash Limits: Users can now customize their maximum receive and balance amounts for eCash transactions. Previously, eCash payments were restricted below the minimum Boltz swap amount of 1,000 sats. Now, users can define:
Expanded Manual Swap Options: The manual swap page now supports:
Liquid to eCash transfers
eCash to Lightning transfers
eCash to Liquid transfers
Store Payments with eCash: Users can now pay for items in supported stores using eCash.
Wallet Balance Visibility: The remove wallet function now displays the entire eCash balance when enabled.
Payment Experience
SMS Payment Update Messages: Users receive SMS updates on payment progress, improving transparency of background progress.
Direct Tip Payments: Employees who use an LNURL or Blitz contact name can now be sent tips directly from the app.
Improved App Access with LN Issues: If the Lightning Network (LN) connection fails and LN is enabled, users can still access the app instead of being locked out.
Performance Optimizations
Optimized Transaction Sorting: Transaction processing has been improved for better app performance.
Bulk Requests for Contact Address Updates: Instead of making multiple single requests, the app now processes contact address changes in bulk, reducing network usage by 10x.
CDK v0.9.0
Features
Added
Amountless invoices NUT PR
create_time, paid_time to mint and melt quotes PR
cdk-mint-rpc: Added get mint and melt quotes ttl PR
Changed
cashu: Move wallet mod to cdk-common
Export Mint DB Traits PR
Move Mint and Melt quote to cdk commit from cashu PR
01:31:40 Minibits Wallet v0.2.2-beta.5
This is a new native Minibits release with huge amount of changes needed to adjust the project to the planned release on iOS devices. However, it still comes with useful features and fixes for Android as well, notably:
New feature to lock ecash to a receiver’s pubkey
Faster confirmations of ecash minting and payments thanks to websockets
Major upgrade of all libraries, switch to React native’s new architecture
Planned iOS release-related platform checks and changes for android
01:31:42 Hydrus v0.2.0
Channels routing policies adjustments= Channels routing policies are adjusted based on the channel state (capacity, local balance) and the amount of satoshis forwarded in the last activity period (agent.intervals.routing_policies).
CLI commands: Agent instructions and scores queries now have their own command to execute them separately. To run all agent tasks (open/close/updates) use the agent run command.
Built-in tasks scheduling: Choose how often to open/close channels or update routing policies without having to use systemd timers or cron jobs.
New open heuristic: This release introduces a new open channel heuristic called channels.block_height.
Nostr
Project spotlight
01:31:44 Atomic Signature Swaps over Nostr: A protocol for exchanging Schnorr signatures using Nostr events
The protocol supports applications like paid Nostr events, payment receipts, contract signing, asset exchanges, and credential access tokens through specific event kinds (455, 456, 457, and 30455).
The cryptographic mechanism allows two parties to swap signatures by having one party provide a public nonce and the other provide an adaptor signature, with safeguards needed for Taproot UTXOs and Cashu tokens.
01:31:51 Lantern: A layered annotations noting tool and emphasizer of readables on nostr [Code repository
“Lantern is a fork of Hypothesis that publishes page notes, annotations and highlights to Nostr.”
“URLs are normalized and we follow NIP-84 for Highlights and NIP-22 for replies, annotations and page notes. NIP-65 relay lists are used for publishing the events in the common case and NIP-51 relay sets for custom relay groups of annotations.”
01:31:59 Promenade: Provider of multisig for events on nostr and destroyer of encryption [Github]
Loudr: Reference client implementation that uses Atomic Signature Swaps over Nostr for sponsoring the publication of Nostr events [Github]
“A reference client that implements the Atomic Signature Swap NIP for sponsoring the publication of Nostr events in exchange for Cashu payments.”
01:32:09 Noauth-enclaved: A safe Nostr nip46 signer to be deployed on AWS Nitro Enclave [Github]
Noauth-enclaved is a NIP46 signer deployed in AWS Nitro Enclaves, providing isolated compute environments where clients can verify code integrity cryptographically.
Users can verify instance attestations containing code hashes and builder/launcher identities, manage app permissions through encrypted Nostr events, and communicate with the service using end-to-end encryption via Nostr relays.
01:32:27 GM Swap: Atomic exchange of GM notes using Schnorr adaptor signatures [Github]
“A proof of concept implementation of the Atomic Signature Swaps NIP. This project enables users to swap GM notes, ensuring that both parties’ signatures are exchanged simultaneously or not at all.”
Nostr Event Synchronizer: Syncs past events to your designated write and read relays based on NIP-65
The service synchronizes nostr events between relays using the outbox model, retrieving past events chronologically and republishing them only to relays where they’re missing.
Aegis: A simple and cross-platform Nostr signer that supports multiple connection methods [Github]
Morning Glory: A paid blossom server that only stores blobs for a day… just like the flower [Github]
Nostr4j: A high-performance Nostr library for the JVM, crosscompilable to javascript [Github]
Flotilla-Budabit: A fork of Flotilla which aims to provide a first class, git-centric community experience for developers [Github]
The platform offers eleven core features including repository browsing, branch views, issues tracking, patch threads, and real-time git chat for enhanced collaboration.
Zark: A tool to send sats to npub using Bark [Gitlab]
Nostr Game Engine: A game engine and framework for building games and applications integrated with the Nostr ecosystem [Github]
NGE is an open-source, royalty-free game engine designed for building games and applications integrated with the Nostr ecosystem
Bitcoin Calendar Bot: Archiving and relaying every Bitcoin milestone [Github]
Bitcoin Calendar Bot is an open source Go-based application that tracks and posts historical Bitcoin events daily to Nostr.
Software Releases & Project Updates
rust-nostr v0.41.0
Breaking changes
nostr: add optional relay URL arg to
Tag::coordinate
nostr: update
TagStandard::Label
andEventBuilder::label
nostr: update
custom
field type inMetadata
structpool: remove
Error::Failed
variantpool: returns
Output
instead of an error if the message/event sending fails for all relayspool: add
reason
field toAdmitStatus::Rejected
variant
Changed
lmdb: enable POSIX semaphores for macOS and iOS targets
ndb: bump nostrdb to 0.6.1
pool: extend unit tests
pool: better handling of
CLOSED
message for REQsrelay-builder: send
CLOSED
if all possible events have been served
Added
nostr: add NIP-C0 (Code Snippets) support
nostr: add
TagKind::u
constructornostr: derive
Copy
forHttpMethod
nostr: add
nip98::verify_auth_header
nostr: add
push
,pop
,insert
andextend
methods to theTag
structnostr: add
nip47::Notification
nostr: add
MachineReadablePrefix::as_str
methodnostr: derive
Hash
forEventBuilder
andMetadata
pool: add
Relay::ban
methodpool: add
AdmitPolicy::admit_connection
methodkeyring: add
NostrKeyring
Primal iOS v2.1.49
Support for animated GIF uploads
Resolve issues with zap.stream URLs
Improve deep linking to threads
Fix rendering of mentioned events with unknown kinds
Nostur v1.20.0
Add support for Lists (kind 30000)
Show preview of feed from list
Turn list into feed tab with 1 tap
Subscribe toggle to keep updating the feed from original maintainer, or keep list as-is
Share List: Toggle to make list public
Lists tab on Profile view
‘Add all contacts to feed/list’ post menu item
Discover tab now shows Lists shared by your follows
Enable manual ordering of custom feeds/tabs
New Top Zapped feed
New onboarding screens
New default color scheme/adjusted backgrounds
Lower delays and timeouts for fetching things
Improved hellthread handling
Support for comment on highlights (kind 9802)
Toggle to post to restricted/locked relay when starting post from single relay feed
Support relay auth for bunker/remote signer accounts
And more
Keychat App
Nostr PHP v1.7.0
Add support for NIP-19 encoding and decoding bech32-encoded entities with identifiers and metadata.
Features
Implement NIP-19
Notes on naddr decoder (NIP-19)
Support all encodings, especially naddr
Citrine v0.7.3
Improve performance when exporting events
Improve memory usage when downloading your events
Improve query performance
Pokey v0.1.6
Now notifications include NIP-05 mentions
Nstart Update
Nstart is now multilingual: Currently available in English, Español, Italiano, Français, Deutsch and 日本語.
Boosts
01:33:04 Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @Rod Palmer Bugle News (10,000 sats) “PODCONF ✅”
@pink monkey (1,000 sats) “Whoa! 🔥👌💯👏”
@btconboard (300 sats) “Happy to discover this AI and coding podcast”
@jespada (100 sats) “Feeding the show to DVM rn, then asking o1 to write the spec then cursor = profit 🥉”
@AVERAGE_GARY (200 sats) “Does ecash enable blinded auditing for bitcoin books? 🤔” “First 30min is 🤌🤝🔥”
@larryoshi finkamoto (100 sats)
Tech Tips of the Day
Hide My Email (with Cloudflare): A browser extension to create unique, random email addresses that forward to your real inbox [Github]
Create up to 200 anonymous emails
Instantly creates new mailboxes
Works on any OS
Terms of Service; Didn’t Read, a website that helps users decipher complicated ToS, has just released an Android app for mobile users
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
SwiftSync speedup for initial block download: Sebastian Falbesoner posted to Delving Bitcoin a sample implementation and performance results for SwiftSync
News
Educational and experimental-based secp256k1 implementation: Sebastian Falbesoner, Jonas Nick, and Tim Ruffing posted to the Bitcoin-Dev mailing list to announce a Python implementation of various functions related to the cryptography used in Bitcoin.
Changing consensus
Multiple discussions about quantum computer theft and resistance: several conversations examined how Bitcoiners could respond to quantum computers becoming powerful enough to allow stealing bitcoins.
Multiple discussions about a CTV+CSFS soft fork: several conversations examined various aspects of soft forking in the OP_CHECKTEMPLATEVERIFY (CTV) and OP_CHECKSIGFROMSTACK (CSFS) opcodes.
OP_CHECKCONTRACTVERIFY semantics: Salvatore Ingala posted to Delving Bitcoin to describe the semantics of the proposed OP_CHECKCONTRACTVERIFY (CCV) opcode, link to a first draft BIP, and link to an implementation draft for Bitcoin Core.
Draft BIP published for consensus cleanup: Antoine Poinsot posted to the Bitcoin-Dev mailing list a link to a draft BIP he’s written for the consensus cleanup soft fork proposal.
News & Noteworthy
Bitcoin
Bitcoin entropy puzzles: 68-bit challenge solved for 6.8 BTC [Twitter post]
The 68-bit puzzle was solved on April 7, 2025, by the same team that cracked the 67-bit puzzle in February, earning them 6.8 BTC.
Business & Finance
ACINQ resumes making its products available to customers in the United States, mentioning the “Ending Regulation By Prosecution” memo issued by the U.S. Deputy Attorney General [Announcement]
Bull Bitcoin launches in Mexico, allowing users to send pesos instantly to Mexican bank accounts using self-custodial BTC, LN, or Liquid wallets [Announcement]
Tether plans to implement OCEAN’s DATUM Gateway across global mining operations [Press release]
U.S.-based Bitcoin mining chip designer Auradine raises $153M in series C funding for Bitcoin and AI expansion [The Miner Mag]
Bakkt investors sue over revenue loss from non-renewed contracts [Coin Telegraph]
Investors file class-action lawsuit against Bakkt Holdings, alleging the crypto firm violated securities laws by failing to disclose its heavy dependence on Webull and Bank of America contracts.
BitGo and Voltage partner to scale Lightning Network for Bitcoin payments [Press release]
The partnership aims to bridge institutional security with Lightning infrastructure, allowing exchanges, neobanks, and fintech platforms to integrate instant Bitcoin payments.
Voltage announces Voltage Payments, a new API for bitcoin and stablecoin transactions [Announcement]
The service features flexible custody models, USD settlement options, and built-in compliance with SOC 2 Type II certification.
Bitcoin Keeper introduces Keeper Private, a premium self-custody service for high-net-worth individuals and organizations seeking long-term Bitcoin holdings guidance [Blog post] and Keeper Learn, a service offering a three-session educational program teaching Bitcoin fundamentals to beginners and teams.
Theya launches Bitcoin management solutions for businesses [Announcement]
The platform features flexible vault architecture supporting single-key or 2-of-3 multisig vaults for both cold storage and daily operations
Bitcoin on-ramp and custody service Magnolia completes Lightning Network implementation and will support it from launch, pending regulatory approval [Announcement]
Funding
OpenSats announces two new grant waves:
The Fourth Wave of Education Grants, supporting three projects that make Bitcoin education more accessible, practical, and useful: Librería de Satoshi, Crack the Orange, and FREE Madeira
The Eleventh Wave of Nostr Grants, supporting five projects focused on decentralized live streaming, off-grid connectivity, web-of-trust infrastructure, private messaging, and open tools for game development: Swae, HAMSTR, Vertex, Nostr Double Ratchet, and Nostr Game Engine
Brink announces supporting Bitcoin developer Sebastian Falbesoner (@theStack)’s transition to full-time open source work and that Eugene Siegel is joining Brink as an open source engineer for Bitcoin Core, bringing security experience from Lightning Network work and previous vulnerability disclosures.
Spiral announces @L0RINC as its newest grantee for his work on Bitcoin Core, “emphasizing performance benchmarking and optimizations, along with code quality enhancements, code reviews, block download time reductions, memory optimization, and code refactoring.”
Vinteum renews grant to now appointed BDK maintainer Leonardo Lima for his contributions to BDK and Fedimint [Announcement]
Einundzwanzig grants funding to Bitcoin Safe [Announcement]
Bitcoin Safe, created by former Specter developer Andreas Griffin, receives 1,000,000 satoshis funding to continue development of this open-source multisig wallet.
The Human Rights Foundation announces 1 billion satoshis in gifts from its Bitcoin Development Fund to support 20 projects worldwide: NetBlocks, TollGate, Vinteum, BTCPay Server, Africa Bitcoin Institute, Bitcoin Core Graphical User Interface (GUI), Rkrux, Elsat, Relay Wizard, Waye, Hashpool, Cashu KVAC, Brandon Black (Rearden), Tony Klausing’s Stable Channels, Bitsacco, The Core, Bitcoin Babies, East Asia Bitcoin Developer Apprenticeship Program, TalentLand 2025, Base58’s Bitcoin Live Action Role Play (LARP), BTCenEspañol, Bitcoin researcher Daniel Batten, and Bitcoin for Good.
Instant exchange eXch announces a 50 BTC open-source fund to support privacy-enhancing projects [Bitcoin Talk Announcement]
eXch is shutting down operations and changing owners on May 1st, 2025 after learning they are the target of a transatlantic operation aiming to prosecute them for money laundering and terrorism.
OpenCash Association offers a 2 million satoshi bounty for developing an open-source BTCPayServer plugin for Cashu payments
The plugin must include features to melt incoming tokens automatically to Lightning wallets and allow whitelisting of trusted mints to mitigate risks for merchants.
256 Foundation announces 2025 open-source Bitcoin mining grant projects: Ember One hashboard, Hydra Pool, Libre Board, and Mujina Firmware, each led by specialized developers.
Grant cycles for the projects begin in April/May 2025 with end dates ranging from September to December, while a fifth project called Block Watcher is paused.
BDK Foundation adds AnchorWatch, CleanSpark, and Proton Foundation as new corporate members for 2025, joining founding members Spiral and OpenSats [Announcement]
Corporate membership dues fund open source developers who maintain BDK libraries and related FOSS projects supporting Bitcoin technology.
Bitcoin Legacy Project: A new funding initiative for Bitcoin ecosystem by Unchained [Blog post]
Financial commitments include $50,000 to the Bitcoin Policy Institute, $150,000 for a university endowment at University of Austin, and up to $250,000 in research grants through the Bitcoin Scholars program.
Project Eleven launches Q-Day Prize offering 1 BTC to the first team that breaks bitcoin’s elliptic curve cryptography using Shor’s algorithm on a quantum computer before April 2026 [Bitcoin Magazine]
Mining
Bitcoin Mining Centralization in 2025: A new publication by researcher B10c reveals that six pools control 95% of the network
Currently, Foundry (30%) and AntPool (19%) dominate Bitcoin mining, with the top four pools controlling 75% of the hashrate compared to a more decentralized era in 2017.
When accounting for “AntPool & friends” proxy pooling, the centralization becomes even more extreme, with six mining pools mining 96-99% of all blocks in 2025.
Privacy
Gmail introduces simplified E2EE for business customers [Google Blog post]
Gmail offers end-to-end encryption without complex S/MIME implementation, allowing users to send encrypted emails with just a few clicks regardless of recipient.
UK Court rejects secret hearing in Apple encryption challenge [Open Rights Group]
The Investigatory Powers Tribunal rejects the Home Office’s application for a secret hearing in Apple’s challenge against UK Government demands to break encryption.
European Commission unveils ProtectEU, a strategy aiming to establish Europol as “a truly operational police agency” for investigating cross-border threats [The Record]
The Commission plans to create roadmaps for lawful access to encrypted data while “safeguarding cybersecurity and fundamental rights” despite potential controversy and member states’ reluctance to surrender sovereignty.
Security
CISA renews MITRE’s Common Vulnerabilities and Exposures Program contract hours before expiration [NextGov]
The CVE Program, a 25-year global standard for cataloging cybersecurity vulnerabilities, faces uncertainty as a subset of the CVE Board plans to form an independent CVE Foundation.
CISA faces potential budget reductions amid political scrutiny. Homeland Security Secretary Noem aims to make CISA “much more effective, smaller, more nimble, to really fulfill their mission.”
The European Union Agency for Cybersecurity launch its own CVE database, the [European Union Vulnerability Database (EUVD)]
It serves as a centralized platform for the collection, management, and dissemination of information regarding vulnerabilities in information and communication technology products and services.
Android adds auto-reboot security feature after three days of inactivity [TechCrunch]
Google updates Android with new security feature that automatically reboots phones locked for three consecutive days, following Apple’s similar implementation last year.
Protocol
Bitcoin Core #31363: cluster mempool: introduce TxGraph [Merged]
Bitcoin Core #31278: wallet, rpc: deprecate settxfee and paytxfee [Merged]
Rust Bitcoin #4302: Add push_relative_lock_time() and deprecate push_sequence() [Merged]
LND #9669: Downgrade to legacy coop close for taproot channels [Merged]
LND #9620: chain: add testnet4 support [Merged]
LDK #3670: Handle receiving payments via Trampoline [Merged]
LDK #3593: [RFC] Implement a way to do BOLT 12 Proof of Payment [Merged]
Eclair #3045: Optional
payment_secret
in trampoline outer payload [Merged]Eclair #2963: Use package relay for anchor force-close [Merged]
BOLTs #1242: Make payment_secret mandatory and ASSUMED [Merged]
NIPs #1881: Allow multi-user AUTH [Open]
NIPs #1875: Add Diff and Permalink kinds [Open]
NIPs #1873: Add guidelines tag to NIP-29 group metadata [Open]
Quantum
OpenSSL v3.5.0 introduces post-Quantum cryptography support [Cyber Security News]
OpenSSL v3.5.0 integrates three major post-quantum cryptography algorithms: ML-KEM, ML-DSA, and SLH-DSA
The update enhances TLS support with hybrid PQC Key Encapsulation Mechanism groups and adds server-side QUIC protocol support
Version 3.5.0 introduces new configuration options including no-tls-deprecated-ec and enable-fips-jitter, while changing default encryption from des-ede3-cbc to aes-256-cbc for some applications
Government & Political
Justice Department dismantles cryptocurrency enforcement team as part of Trump’s regulatory pullback [Fortune Crypto]
The DOJ disbands its National Cryptocurrency Enforcement Team (NCET), established in 2021 under Biden that prosecuted major crypto-related felonies including Tornado Cash and North Korean laundering operations.
Deputy Attorney General Todd Blanche calls for ending “regulation by prosecution,” but the memo contains numerous caveats that may still allow prosecution of developers if their services are deemed to facilitate criminal activity [The Rage]
Trump signs resolution to repeal IRS DeFi reporting requirements [Reuters]
President Trump signs H.J.Res.25, nullifying Biden-era IRS regulations that would have required non-custodial cryptocurrency service providers to file Form 1099 reports beginning in 2026.
Local authorities across China engage private companies to convert confiscated bitcoin into cash amid regulatory uncertainty [Reuters]
Panama City Council approves cryptocurrency payments for municipal services, including taxes, fees, and permits [Bitcoin Magazine]
Events
BTC Prague, Swan and GW University launch BTC in D.C., the Bitcoin conference in Washington D.C.
September 30 to October 1st, 2025 in Washington, D.C., U.S.
Chiang Mai approves Bitcoin Marathon and Festival, The World’s First Bitcoin Half Marathon
November 1-2, 2025 in Chiang Mai, Thailand
Bitcoin Designathon, a global online event organized by the Bitcoin Design Community to encourage designers and artists to collaboratively improve Bitcoin’s UX and accessibility through creative, open-source design projects.
May 4-18, 2025
Reads
Here’s a list of our top recently published reads:
A simple backup scheme for wallet accounts, by Salvatore Ingala [Delving Bitcoin]
Bitcoin Address Poisoning Attacks, by Jameson Lopp [Cypherpunk Cogitations]
A Brief History of Wallet Clustering, by @not_nothingmuch [The Scroll #3]
How Coinkite Defines Cypherpunk Bitcoin Security [Bitcoin Magazine]
Who pays for Bitcoin wallets?, by @Scoresby [Stacker News]
Three Staged Assassinations, by BitMEX Research [Blog post]
The Unwritten Rule, by Alekos Filini [Blog post]
DVMs were a mistake, by hzrd149 [Note]
Transacting with ecash while offline, by Gandlaf21 [Note]
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)