BR089 - Lark, Security Tradeoffs Masterclass, Bitcoin Quantum Risks, WabiSabi Deanonymization, Core Txn Broadcast, Better Wallet Migration, Scaling Bitcoin, Bullish Sentiments + MORE ft. Craig & Rob
I’m joined by guests Craig Raw and Rob Hamilton to go through the list.
Urgent Vulnerability Disclosures
00:01:18 Full Disclosure: Transaction-Relay Throughput Overflow Attacks against Off-Chain Protocols [Antoine Riard’s post]
A new transaction-relay jamming attack targets off-chain protocols, exploiting throughput limits in full-node algorithms.
The “high-overflow” variant exploits the sender-side fee-rate sorting algorithm. The “low-overflow” variant targets receiver-side processing limits but remains untested.
00:01:53 Vulnerability in WabiSabi coinjoin protocol exposes users to deanonymization risks [The Rage]
A flaw in the WabiSabi coinjoin protocol allows malicious coordinators to deanonymize users by correlating inputs and outputs.
The issue stems from malicious coordinators assigning unique maximum amount parameters, enabling tagging attacks to cluster wallets.
The vulnerability impacts Wasabi Wallet 2.2.1.0 and below, Ginger Wallet 2.0.13 and below, and BTCPay Server coinjoin plugin 1.0.101.0 and below. [GingerWallet’s Vulnerability Report]
Bitcoin
Software Releases & Project Updates
00:19:59 Rust Payjoin v0.21.0
This release enables transaction cut-through by allowing the receiver to add an arbitrary number of inputs and outputs, and allowing mixed input script types in Payjoin V2.
Allow receiver to contribute multiple inputs and outputs
Make
InputPairpublic to facilitate working with inputs in coin selection and input contributionsEnable receiver fee contributions in
apply_fee, which now requires a max_feerate parameterAllow mixed input scripts in Payjoin V2
Implement client end-to-end encryption using HPKE using bitcoin-hpke
00:32:48 Lark: Command line application for the Lark USB Hardware Wallet library [Github]
“The Lark application is a command line app for interacting with USB hardware wallets in Bitcoin related functions. It uses the Lark Java library, which in turn is a port of the Python library HWI.”
“The Lark command line application is designed to be a drop-in replacement for HWI, with a subset of commands implemented.”
Lark initial release v1.0.0
The following hardware wallets (for all models) are supported: Coldcard, Trezor, Ledger (current and legacy Bitcoin apps), BitBox02, Jade, and Keepkey.
Across the following platforms: Linux x86_64 and aarch64, macOS x86_64 and aarch64, and Windows x86_64.
01:12:40 Bitcoin Keeper
Mobile v1.3.0
Subscriptions: More features, reduced prices for all tiers.
Inheritance Planning: Inheritance Key now secured on the Bitcoin network using Miniscript. Convert any key into an Inheritance Key.
Attorney letters now include the Recovery Key and all added
Key Sharing: Share and sign keys remotely with any
Transactions: New history screen and support for sending unconfirmed
Desktop v0.1.4
Allow getting specific BIP44 accounts from a device
Add Taproot Key when getting device xPubs
01:13:23 Blue Wallet v7.0.5
Add Offline import
Add CoinControl sorting
Add AMD Fiat
Add RSD Fiat
Add Market Price intent
Add Reset currency alert
Add Notification shortcuts
Add Remove all recipients
Add Clear clipboard on import
Add Dark/Tinted iOS icons
01:13:33 Floresta v0.7.0
Async-std To Tokio: ends a major milestone of replacing
async-stdwithtokioas the async runtimeflorestad: expose assumeutreexo in lib mode
Feature: daemonize: On NIX environments, run
florestadin the background as a daemonWire: handle block filters out-of-order
ssl init: Adds support for SSL to our Electrum Server
Adds fuzz to
florestausingcargo fuzzwith a few targetsImprove connection
Update getutxo: Now the
gettxoutrpc only returns UTXOS that are cached by the walletImprove CI caching
Add criterion benches and restructure testdata
Add test-features recipe to justfile
Add floresta-cli to Docker image
01:13:44 Labelbase v2.2.3
UI: New, card based, label list view for small screens (mobile devices)
UI/UX: New, improved status and error messages
Rework Electrum background operations (UTXO lookup)
Add “Address Derivation” support for Testnet (tpub, upub, vpub)
Add Samourai Backup Import, allows you to import your samourai.txt
Add Donation page
01:14:17 BDK v1.0.0-beta.6
Final “beta” test release before a final bdk_wallet 1.0.0 version.
Changes include small bug fixes and API improvements plus an improved algorithm for determining which transactions are in the current best “canonical” block chain.
The new canonicalization algorithm processes the transaction graph in linear time versus the prior quadratic time algorithm.
01:14:26 FullyNoded v0.0.0.6
Quick Connect QR code url’s no longer contain real RPC credentials
Tweaks to JM config default fee settings to help increase chance of successful coinjoins (users can always add their own)
Obwatcher button added to Join Market so users can easily launch the order book to help trouble shoot failed coinjoins
Add auto refresh to Core Lightning
01:14:43 BTCPay Server v2.0.4
Add QR Code with link to invitation email
Add rate providers for Norwegian exchanges
Greenfield: Improve store users API
01:14:52 Zaprite
Add new View Contact page that displays Contact information and recent Invoices and Transactions
Add new View Recurring Invoice page that displays the Recurring Invoice Schedule summary and a list of Recent Invoices
Add new User Account Profile page, enabling Users to add avatars and display names
Add Coinos LNURL integration
Add LifPay LNURL integration
Add new View Invoice page which shows recent transactions and activity history
Add a ‘Discover’ carousel to the Home dashboard
01:14:54 Peach v0.5.2
Dark Mode Build
Match paymentdata fix
Always share device id hash when using contact form
01:14:55 Boltz boltz-web-app
01:14:56 ESP-Miner v2.4.1
Add support for eusolo stats for ckpool
Add Noderunners pool to quick links
Add 205 config and remove self test flag
api: add stratum difficulty
Don’t abandon the first mining.notify
Swarm styles, refresh on load, more combined stats, more info in table
01:14:58 Clams remote Update
Add support for BIP-353 usernames
01:14:59 Mempal v1.3.0
Elapsed time since latest block displayed on dashboard and widgets
Number of blocks to clear mempool displayed on dashboard and widgets
Tor connection indicator now displays on dashboard when connected over Tor
Set specific block height alerts for notifications
Widget update frequency option in settings
Add tap to refresh widget feature and double tap to open Mempal app
01:15:07 Kyoto v0.6.0
Pass FeeFilter to client
Add Signet and Bitcoin checkpoints
01:15:20 LifPay
Introduces Reusable Payment QR Codes with fixed amounts, allowing users to create a QR code with a fixed amount that can be scanned and reused multiple times. [Stacker News]
Project spotlight
01:16:09 Specter Shield Lite: Low Cost Secure Element Backed Security for DIY Bitcoin Hardware Wallet [Announcement] [Github fork]
01:16:17 Covenants support: A dedicated covenants support page on the Bitcoin Wiki, listing developers’ current support positions.
01:18:08 Kibo: An open source Bitcoin Core data extractor and visualizer [Github]
01:18:20 Saving Satoshi: The world’s first interactive, practice-focused game to teach you bitcoin development.
“Saving Satoshi is a light-hearted, first point of contact for developers of all ages that want to learn how bitcoin works.” [Github]
01:18:28 Fully Noded Server: A one click Bitcoin Core, Core Lightning and Join Market server to connect to Fully Noded apps. [Github]
01:18:30 Timestamp: A platform that enables both accredited and non-accredited investors to invest in Bitcoin and open-source companies with low minimum investments.
01:18:49 Satoshee: Winners’ club. Carefully curated gift cards, discounts, loyalty program.
Satoshee is platform offering gift cards, exclusive discounts, and Loyalty Programs, which support the creation and distribution of open-source media.
01:19:06 hass-miner: Control and monitor your Bitcoin Miners from Home Assistant.
Great for Heat Reusage, Solar Mining or any usecase where you don’t need your miners running 24/7 or with a specific wattage.
Works great in coordination with ESPHome for Sensors (like temperature) and Grafana for Dashboards.
Support for: Antminers, Whatsminers, Avalonminers, Innosilicons, Goldshells, Auradine, BitAxe, IceRiver, Hammer, Braiins Firmware, Vnish Firmware, ePIC Firmware, HiveOS Firmware, LuxOS Firmware, Mara Firmware
01:19:12 Entropy: A collection of open-source bitcoin workshops, projects, hackathons, and software, by D++.
01:19:20 PlebDevs launches [PlebDev Starter Course], a free starter course aimed at complete beginners to learn basic coding or webdev skills, covering code editors, Git/Github, HTML, CSS, and JavaScript.
Vulnerability Disclosures
01:19:29 Droidbot targets banking and crypto apps across Europe [Cleafy’s disclosure]
The malware impersonates apps like Google Chrome to steal credentials for 77 banking and cryptocurrency platforms across Europe, and uses Accessibility Services to log keystrokes, overlay fake login pages, and intercept SMS OTPs.
DroidBot employs MQTT, typically used in IoT, for stealthy data exfiltration. It encrypts and compresses data before transmission, complicating detection.
01:19:36 DaMAgeCard: SD Express Card vulnerability exposes memory access risks in laptops and consoles [CyberInsider]
Positive Technologies researchers identified a vulnerability in SD Express cards, leveraging the Direct Memory Access (DMA) feature to bypass system protections. Modified cards can exploit gaps in securing the transition between SDIO and PCIe modes.
01:19:47 Web3: Malicious versions of Solana’s web3.js npm library expose private keys [The Hacker News]
Researchers uncovered two malicious versions (1.95.6 and 1.95.7) of the popular @solana/web3.js npm library, which harvested private keys to drain crypto wallets.
The attack is believed to have stemmed from a phishing incident targeting the npm package maintainer, allowing the hacker to publish compromised versions.
Encrypted communications service ‘Matrix’, dismantled by international police operation [Europol]
A large-scale investigation, lead by French and Dutch authorities involved in a joint investigation, lead to the interception of 2.3 million messages in 33 languages over a monitoring period of three months, dismantling more than 40 servers.
Uganda confirms central bank hack, downplays extent of the loss of 62 billion shillings ($16.8 million) [Reuters]
The hacking group, ‘Waste’, based in Southeast Asia, transferred funds abroad, including to Japan. The central bank has recovered over half of the stolen amount.
Audience Questions
01:24:05 How do NVK and the guests feel about Google’s Willow quantum chip? Is Bitcoin at risk?
01:30:01 Can NVK and the guests comment on James OB’s recent Tweet? “Very simple scenario for you: Tomorrow gov announces that by EOW, all exchanges must move held bitcoins over to a one-way hardfork that adds “monetary policy tools” and OFAC compliance Can bitcoin support an exit for everyone who wants out? This is why scaling matters.” What are your general thoughts, and also how would a “one-way hardfork” work?
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
The Tor Project replaces its legacy BridgeDB system with Rdsys, a modular and adaptable bridge distribution system. [Blog post]
Rdsys supports flexible distribution channels, such as Telegram, enhancing user accessibility and bypassing restrictions without relying on outdated captchas.
Tor Browser v14.03
This version includes important security updates to Firefox.
NomadNet v0.5.5
Add Checkbox and Radio Group fields to Micron
Fix invalid LXMF link handling in browser
Sideband
Sideband now includes Liam Cottle’s RNode flasher in the internal repository
Updated message color scheme for better readability and theme consistency
Updated theme and user interface defaults for new installations
Added signal stats to the announce stream (if available from interface)
Added ability to render rich markup in messages
Added per-object live-tracking mode for telemetry-enabled peers
Added ability to add any number of interfaces via the Advanced RNS Configuration option
Added Utilities section
Added support for the repository server on desktop operating systems
Add ability to add message attachments from sharing intent on Android
Add ability to add message attachments with drag-and-drop on desktop
Add user interface scaling option
Update RNS and LXMF to latest versions
Tails v6.10
Fix support for Trezor hardware wallets in Electrum
Disable saving telemetry data in Thunderbird
Update Tor Browser to 14.0.3. and Thunderbird from 115.16.0 to 128.4.3
Lightning + L2+
Project spotlight
PeerSwap: enables Lightning Network nodes to balance their channels by facilitating atomic swaps with direct peers [Github]
PeerSwap enhances decentralization of the Lightning Network by enabling all nodes to be their own swap provider. No centralized coordinator, no 3rd party rent collector, and lowest cost channel balancing means small nodes can better compete with large nodes.
Voltz Tip Bot: An easy-to-use Lightning Network Telegram Bot designed to facilitate tipping sats right within your Telegram groups [Announcement]
Liquid Horse: Liquid Sidechain Statistics. Provides statistics and analytics for the Liquid Network.
It tracks data such as block production, sidechain transactions, functionary uptime, and federation wallet balances. It also highlights the operational status of block signers and other technical metrics related to network performance
awesome-liquid-network: A curated list of Liquid Network resources, libraries, tools and applications
Macadamia: A native iOS client for cashu [Github]
Macadamia supports standard Cashu operations such as: Minting of tokens, sending and receiving, melting tokens, restoring your wallet balance using a 12 word mnemonic seed phrase backup.
v0.2.0: This version is a complete rewrite, segregating cashu logic to its own library and implementing a database model in SwiftData.
Strata Bridge: Alpen Labs is developing a bitcoin bridge to its Strata platform, enabling 1 BTC on Strata to match 1 BTC on bitcoin with minimal trust assumptions. [Announcement]
The Strata bridge is based on the BitVM2 paper by Robin Linus, incorporating optimizations and advanced research to improve efficiency and robustness.
Software Releases & Project Updates
Core Lightning v24.11 - The lightning-dev Mailing List
Highlights for Users:
xpayis a new, experimental plugin for payments. It’s rewritten from the ground up, on top of another plugin calledaskrene, which provides advanced routing advice for paymentsPaying and receiving offers (bolt12 send and receive) are enabled by default
hsmtoolgeneratehsmcan now accept all the parameters on the command line
Highlights for Developers:
cln-grpc(our rust plugin to provide a GRPC interface) is enabled by defaultThere’s a new dev-splice command which lets you provide a splice script for describing complex moves
Improve tracing infrastructure
Highlights for the Network:
We gossip harder: we try to stay connected to 10 nodes
Connectd will connect faster on startup, maintaining up to 10 outgoing connection attempts in parallel
LND v0.18.4-beta.rc1
Minor release which ships the features required for building custom channels, alongside the usual bug fixes and stability improvements.
Features: The main channel state machine and database now allow for processing and storing custom Taproot script leaves, allowing the implementation of custom channel types in a series of changes.
Functional Enhancements:
A new
protocol.simple-taproot-overlay-chansconfiguration item/CLI flag was added to turn on custom channel functionality.Compatibility with bitcoind v28.0 was ensured by updating the version the CI pipeline is running against.
Eclair v0.11.0
This release adds official support for Bolt 12 offers and makes progress on liquidity management features (splicing, liquidity ads, on-the-fly funding). We also stop accepting channels that don’t support anchor outputs and update our dependency on Bitcoin Core.
Implement full support for Bolt 12 payments
Improve implementation of splicing, by relying on the now official quiescence feature and adding RBF support
Include an early prototype for liquidity ads
Update minimal version of Bitcoin Core (v27.2)
Incoming obsolete channels will be rejected
HTLC endorsement for channel jamming
On-the-fly funding: introduces implementation of proposed protocol to negotiate an on-the-fly liquidity purchase
Zeus v0.9.3
Improved channels UI: including reserves
Invoice Settings: Display requested amount on invoice
Embedded LND: Troubleshooting menu
Bitcoin denominated amounts: display with spaces
ZEUS Pay: UX improvements
Ark v0.4.0 - New address encoding, Notes and Market Hours
New Address Encoding: Instead of encoding user and server public keys, we now encode the VTXO output script (Taproot key) and server public key
Ark Notes: a feature designed for users who may not be online frequently
Clients can share a Nostr public key (profile) for each of their VTXOs
When users go offline, the Server will print notes worth their unspent swept VTXOs
Users can restore their off-chain balances when they come back online in the future
Market Hours:
Introduce specific periods during which the server will offer lower service fees for users joining rounds
Allow users to schedule their settlements at predetermined times in the future, potentially saving on fees
Server Improvements:
Connection of the internal Bitcoin wallet to bitcoind with ZMQ
Support for restoration of the internal Bitcoin wallet
Auto-unlock feature for the internal wallet
Increase testing surface for improved reliability
Consolidation of APIs
Alby
lightning-browser-extension v3.10.0 - Ice Clouds over a Red Planet
Version v3.10.0 introduces the Alby Hub Connector and a notification banner for upgrading shared wallets to Alby Hub. It also replaces “Citadel” with “Nirvati” and includes multiple translation updates.
Alby-go v1.7.2
LNURL-withdraw support
Improve currency selection
Boostagram info in transaction details
Delete contacts in address book
Enhance QR code readability
bitcoin-connect v3.6.3
Add currency selector UI
Breez SDK v0.6.5
Increase reliability for trampoline payments
Lightning Terminal v0.14.0-alpha.rc1
This first Release Candidate of Lightning Terminal (LiT) ships the first non-experimental version of Taproot Asset Channels
Taproot-assets v0.5.0-rc1
Database Migrations:
tapdv0.5.0 contains non-revertible database migrations. After runningtapdv0.5.0, these database migrations prevent downgradingtapdto a previous release. Create backups oftapddatabase state, before upgrading totapdv0.5.0.Breaking changes:
Downstream Projects -
litd:litdv0.14.0-alpha enhancements require both channel peers to upgrade to alitdversion >= v0.14.0-alpha to continue Lightning Channel functionality.
tapdv0.5.0 changes:Oracle RPC: The RPC protobuf definitions for the Price Oracle have changed. Asset exchange rates are now expressed as
FixedPointto achieve better precision.Configuration changes: The configuration value (
universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean
Torq v2.1.0
Bitcoind wallet as a node type (Torq now has on-chain wallet support for CLN, LND and bitcoind)
Bitcoind existing on-chain address listing
Management of UTXO locking
Improve transaction output visualizations (and backend)
Improve transaction output linking to channels (funding/closing transactions)
LND: sweep transaction output linking to channels -Torq gRPC (BETA feature):
New call SubscribeBlockHeight
New call PayOnChain
New call DecodeInvoice
New call GetInvoiceStatus
Polar v3.1.0
This minor release is needed to support the latest released versions of litd v0.14.0-alpha.rc1 and tapd v0.5.0-alpha.rc1.
Features:
Add Description field when creating a new network
Add full support for decimal display for TAP assets
CLBOSS v0.14.1 - Hand at the Grindstone
Contrib Script Enhancements:
Add
--lightning-diroption to the contrib scriptsAdd Nix Support
Stack Unwinding Support:
Implement
libunwindfor stack unwindingReplace the use of
program_invocation_namewith a custom global variable to store the program name, improving portability to systems like FreeBSD and other Unix-like systems.
Configurable Exception Backtrace Support:
Add the
--disable-exception-backtraceoption toconfigureThe
Util::BacktraceExceptionclass now provides a no-op wrapper when exception backtraces are disabled via--disable-exception-backtrace
Minibits Wallet v0.1.10
This native update brings sole but important architectural change: all Nostr wallet (NWC) commands are now processed using Android’s foreground service.
Cashu-ts v2.0.0
NUT-05: description for invoice, integration test without bolt11 decode
DX: Enforce explicit type annotations on function parameters
NUT-18: Payment requests
Add pipeline to build RC from staging branch
Add fees and coin selection
Streamline blinding
Wallet: Remove bip39 dependency
Support for NUT-12
Nostr
Project spotlight
Myriad: A simple personal blossom server for your own files [Code repository]
Cherry Tree: Chunked files stored on blossom servers [Github]
“An experiment to see if its possible to re-create torrents on top of blossom servers and nostr” [Explanation]
Condenser: A nostr bot built using the mistral api which summarizes all notes from the news.utxo.one relay [Github]
“A script that fetches the last 6 hours of events from news.utxo.one and summarizes them using the Mistral API.”
Mostr: An immutable nested collaborative task manager, powered by nostr [Github]
Robosats Nostr Sync: Scrappers to publish to nostr orders from other platforms [Github]
The tool can display non-kyc exchange HodlHodl offers on Robosats’ client [Note]
The Bullish Bulletin: An app powered by Nostr Wallet Connect to post all sorts of messages like job ads or announcements
Users can choose a note type, enter their message and pay via Bitcoin Connect to publish their post.
Vpnstr: A new VPN service with 53 locations and unlimited bandwidth, can be paid with Bitcoin on the Lightning Network
Software Releases & Project Updates
Rust Nostr v0.37.0
Add support to NIP17 relay list in SDK (when
gossipoption is enabled)Add NIP22 and NIP73 support
Fix Swift Package
From this release all the rust features are be disabled by default (except
stdfeature innostrcrate).
Primal
iOS v2.0.134
Improve onboarding
Profile screen improvements
Feed rendering improvements
App shell cosmetic improvements
Android v2.0.28
Implement:
Profile avatar and cover image viewer in profile details screen
Rendering highlights and generic events in feeds
Tap QR code to copy addresses on profile QR code viewer
Follow/unfollow approvals if contact list is not found
Onboarding follows customisation and zaps introductions
Premium badge on profile details screen
New avatars designs
Support for primal legend avatars across the app
Primal premium check into profile editor
Web v2.0.11
Profile screen improvements
Feed rendering improvements
Damus Notedeck Alpha is now available for Purple subscribers [Announcement]
Lightning fast: Built from the ground up with an ultra-fast database made exclusively for nostr, leveraging several state-of-the-art performance techniques not available on web clients
Custom feeds: Add timeline, hashtag, and notification columns of any nostr public key. Which means you can see the nostr landscape through other peoples’ eyes
Add account switching
Notedeck Update
Update user relay-list via polling
Add user mute list sync via polling
Skip muted content
debug: add crate features which enable egui DebugOptions
Amethyst
Move to NIP-22 to reply to Interactive Stories
Add amount and personalization labels to the DVM feed
Improve performance of the Hex encoder
Improve the layout of the discovery feed items
Update Jackson, secp256k1, and AGP
v0.93.0 - Blossom, Olas, Around Me feeds and Interactive Stories
Add support for displaying NIP-63 Interactive Stories
Add support for Blossom media servers
Add support for Olas’ Image feeds
Add support for Around Me feed with posts that only show up in that location
And many more new features
Chronicle v0.3
Add workaround to stop saving duplicate events
Olas
Snort v0.3.0
Drop NIP-04 support for DM’s
Profile link QR selector (npub/nprofile)
Relay up time reporting (via nostr.watch NIP)
New note designer media attachment UI
Media browser via NIP-96 server list
NIP-89 support (App handlers for unknown events)
WoT filter for replies
Drop NIP-04 support for NIP-46 bunkers (NIP-44 only)
NIP-55 Amber signer support
YakiHonne Update
Mobile:
All-in-One Content Hub: Create notes, articles, videos, curations, and smart widgets all in one place
New Media Servers: Added support for NostrMedia.com (npub18jn…59kc), Nostr check, and more
Thread Timeline Enhancements: Smoother and clearer thread viewing
Nip 44 Gift Messages: Now enabled by default
App-Wide Improvements: Faster, smoother, better
Web:
Upgraded Note Editor: GIFs, emojis, and real-time previews to enhance your creativity
Enhanced Long-Form Content: A fresh design to make writing a joy
Custom Media Uploaders: Support for more media options and servers
Expanded Search: Find more notes, media, and users with ease
Browsing Suggestions: Discover new notes, media, users, and more
Nostrmo v2.9.4
Remove metadata cache when start and change wot reload method
Add support to sync user’s local events to relays
Add support to send long form
Add a json viewer to event json copy
Trace router query add tempRelays support
Keychat v1.22.2
Support Large Group Chat with OpenMLS Integration
New Bot Identity: Support Ecash Payments for ChatGPT-4o and ChatGPT-4o-mini Interaction, pay per message
Breaking change: Adopting nip17 to send signal hello message and use new signature scheme
0xChat App
Voyage
Don’t allow saving empty lists
Treat empty list pairs as deleted
Features:
Create polls
Filter HomeFeed by roots, cross and polls
Show poll end time in post details
Improvements:
Force nip22 usage when replying with 5 or less characters
Set t tags when nip22-replying hashtags
Adjust scroll behaviour
Nos.social
Add support for user setting and displaying pronouns
Add display of website URLs for user profiles
Update note header UI to make it more readable
Citrine
Move database view to a new screen
Don’t send received events to the same connection that sent them
Performance improvements when deleting events
Check if there’s a newer version of the event before saving the event to the database
Add a option to fetch your events from relays
Add a delete all button
Feed by kind
Pokey
Amber v3.0.0
New design (still a work in progress)
Open the permissions page with the correct account
Option to setup a custom pin for the app
Button to copy your public key
Better check for valid relays
Support for secret when using nostrconnect
Zapstore v0.1.7
Performance: Faster, background downloads
Feature: Full screen app images
Feature: Remember trusted signers
Feature: Show certificate mismatch before installing
Cashu nip60 wallet and payment with nip61 nutzaps: multimint payments, mint exploration, manual and automatic backup and resync mechanisms
Rendering of nostr URI-s
Boosts
Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @forest (3,500 sats) “👊”
@tac_btc (1,000 sats) “Thank you”
@Hugh Janus (200 sats) “https://media.tenor.com/OdfwhhIoccAAAAAC/i-see-south-park.gif”
@edblock “Great Episode joined by guests Stephan Livera, Rijndael & Ben Carman about apps for Bitcoiners.”
Tech Tip of the Day
Surveillance Self-Defense: Tips, Tools and How-tos for Safer Online Communications, a project from the Electronic Frontier Foundation
A guide providing practical guides, tips and strategies to help individuals and organizations protect their privacy and security online.
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
Transaction censorship vulnerability: Antoine Riard posted to the Bitcoin-Dev mailing list about a method for preventing a node from broadcasting a transaction belonging to a connected wallet.
Continued discussion about consensus cleanup soft fork proposal: Antoine Poinsot posted to the existing Delving Bitcoin thread about the consensus cleanup soft fork proposal
Lisp dialect for Bitcoin scripting: Anthony Towns made several posts about a continuation of his work on creating a Lisp dialect for Bitcoin that could be added to Bitcoin in a soft fork.
bll, symbll, bllsh
Implementing quantum-safe signatures in symbll versus GSR
Flexible coin earmarks
News & Noteworthy
Lightning + L2+
ZEUS Pay cuts lightning address fees and lowers minimum limit [Blog post]
ZEUS Pay announces zero fees for receivers, previously charged 2.5-10% depending on the payment amount. The minimum amount receivable has been reduced to 1 satoshi, previously set at 10 satoshis.
Non-Custodial Ecash: A Trust-Minimized Payment System by Luke Childs [Proposal]
The proposal details a protocol leveraging Spillman payment channels, allowing users to hold self-custodial credits redeemable for ecash tokens during transactions. Custodial risk would only exist during payment processing.
You can now buy a Vpnstr VPN with Cashu, making it the first VPN to accept ecash.
Business & Finance
Casa announces Praetorian by Casa, an offering for governements willing to secure their national bitcoin reserves with self-custody protocols, removing reliance on third-party custodians [Announcement]
Strike introduces Bill Pay for U.S. customers, allowing them to automate bill payments using either bitcoin or cash directly from their Strike accounts. [Blog post]
BitGo launches BitGo Retail, a retail platform offering trading, custody, staking, and wallets with institutional-grade security and regulatory compliance. [Business Wire]
Fold now allows primary account holders to add up to three authorized users, each with their own Fold card. [Blog post]
This feature enables families to collectively earn bitcoin rewards on eligible purchases under one account.
Rumble’s Board of Directors approves allocating up to $20 million of excess cash reserves to Bitcoin, supporting its expansion into cryptocurrency. [Press release]
The company will determine Bitcoin purchases based on market conditions and business needs, with the strategy subject to change at any time.
Swan customers are being charged up to $125 for a Fortress ‘Admin Fee’, after the company moved all Fortress Trust accounts to new services providers. [Announcement]
The company will cover up to $250 of purchase fees for impacted users in the first half of 2025.
DMM Bitcoin, a Japanese exchange, announces its closure following a 4503 BTC ($300 million) hack earlier this year. [Announcement]
The company agrees to transfer customer accounts and custodial assets to SBI by March 2025.
MARA acquires a 240 MW interconnection wind farm in Hansford County, Texas, featuring 114 MW operational wind capacity. The project plans to leverage sustainable resources for near-zero energy cost and enable broader renewable energy deployment [Press release]
Quantum
Google introduces Willow, a quantum chip with breakthroughs in reducing errors exponentially as more qubits are added. [Press release]
In benchmark tests, Willow solves computations in minutes that would take leading supercomputers over 10^25 years.
Funding
OpenSats renews grant to 9 projects advancing the ecosystem on various fronts: BTCPay Server, Stratum V2, Raspiblitz, LNbits, Vexl, Blixt, Krux, Bitaxe, and Labelbase.
Spiral announces two new grants to Bob McElrath, for his work on Braidpool, and Rachel Rybarczyk, core developer at Stratum v2 project.
Bitcoin Dev Kit Foundation announces grants to Wei Chen, newest BDK’s full-time Rust maintainer, Evan Lin, part-time Rust maintainer, and Nymius, a new project grantee contributing to Silent Payments and general project maintenance.
OCEAN Pool now allows miners to donate rewards directly to the P2PRights fund for Samourai Wallet’s legal defense. [Atlas21]
Mining
U.S. Customs and Border Protection is holding shipments of Bitmain’s Antminer S21 and T21 ASIC miners at ports, following a request from the Federal Communications Commission. [BlockSpace]
Seven U.S.-based bitcoin mining companies report delays of up to two months. Other ASIC manufacturers, such as MicroBT and Canaan, are not affected.
Bitmain introduces a new production line in the U.S. to improve response times and efficiency for North American customers. [Announcement]
The Public Utility Commission of Texas requires crypto mining facilities consuming over 75 MW to register with ERCOT, detailing their location, ownership, and power usage. [Texas Tribune]
Bitcoin mining pool issues rewards in ecash, without an account being required. Miners can then withdraw ecash to the Lightning Network or on-chain [Note]
Privacy
U.S. agencies, including the FBI and CISA, encourage Americans to adopt end-to-end encrypted messaging apps in response to ongoing cyber threats [ArsTechnica]
U.S. officials reveal an ongoing breach targeting global telecom systems, attributed to the Chinese hacking group “Salt Typhoon”, which has compromised at least 8 U.S. telecom providers, more than initially reported.
The attack, which began in spring 2024, exploited vulnerabilities in over 80 telecom companies, compromising sensitive data such as call metadata and private communications of political and government-linked individuals.
EU scrutiny on encrypted messaging: The High Level Group on Data Access highlights challenges law enforcement faces with “over-the-top” (OTT) messaging services like Signal, WhatsApp, and Telegram. [Heise]
They advocate “lawful access by design” to enable real-time access to encrypted communications while ensuring court oversight for serious crimes.
Coinbase advises users against using VPNs and ad blockers, citing that its risk models associate them with malicious activity. Product Director Scott Shapiro states these tools often raise security flags, even for legitimate users. [Twitter post]
Protocol
Libsecp256k1: Safegcd’s implementation formally verified by Blockstream Research [Bitcoin Magazine]
The safegcd modular inversion algorithm, implemented in libsecp256k1, was formally verified using the Coq proof assistant. This verification ensures its correct termination and accuracy in 256-bit inputs.
Bitcoin Core #30039: dbwrapper: Bump LevelDB max file size to 32 MiB to avoid system slowdown from high disk cache flush rate [Merged]
Bitcoin Core #31122: cluster mempool: Implement changeset interface for mempool [Merged]
Provides a changeset interface for the mempool, enabling a node to evaluate the impact of proposed changes on its state
Bitcoin Core #30708: rpc: add getdescriptoractivity [Merged]
The RPC command scanblocks helps retrieve blockhashes with relevant activity for specific descriptors.
Eclair #2935: Add force-close notification [Merged]
NIP #1551: Instagram feeds [Merged]
NUT-19 Cached responses: The NUT adds idempotency to key endpoints, enhancing the reliability of the Cashu protocol. [Merged]
Government & Political
Brazilian Congressman Eros Biondini introduces RESBit, a bill for a national bitcoin reserve, suggesting an allocation of up to 5% of Brazil’s $372 billion international reserves. [The Block]
The bill aims to diversify financial assets and strengthen Brazil’s resilience against currency fluctuations and geopolitical uncertainties.
El Salvador considers adjusting bitcoin policy to secure IMF loan [Financial Times]
A proposed legal change would allow merchants to choose whether to accept bitcoin. This adjustment is part of conditions set by the IMF for a $1.3 billion loan, alongside $2 billion from other international lenders.
Czech Republic removes capital gains tax on digital assets held for over 3 years, starting December 2024 [The Block]
Fifth Circuit overturns Tornado Cash sanctions, citing overreach by OFAC [The Rage]
The court rejected the government’s claim that Tornado Cash operates as a service, explaining that its smart contracts are lines of code, not human-driven services. It also clarified that Tornado Cash cannot control its immutable contracts, distinguishing them from mutable, user-controlled systems.
Damian Williams steps down as U.S. Attorney for the Southern District of New York after overseeing Samourai Wallet and Tornado Cash cases [Press release]
The Canton of Bern, in Switzerland, approves a feasibility study to explore Bitcoin mining’s potential within its energy framework. [Atlas21]
The study focuses on identifying surplus energy, collaborating with Swiss miners, and evaluating mining’s impact on grid stability.
Operation Choke Point 2.0: U.S. regulators’ actions against crypto activities revealed in FDIC letters [CoinDesk]
The FDIC’s “pause letters” dated back to March 2022, with officials advising banks to halt crypto services until further risk assessments were made.
Russia’s president signs a law recognizing digital currencies as property, enabling taxation of mining and transactions. [The Moscow Times]
Cryptocurrency mining and sales are exempt from VAT but subject to income tax at tiered rates. Corporate entities face a 25% tax starting next year.
A database of government-approved miners was launched in November. Another law permits the Central Bank to pilot cross-border cryptocurrency transactions.
Morocco’s central bank is adopting a draft law to regulate cryptocurrencies, which have been banned since 2017. [Reuters]
Bank Al Maghrib is also considering the development of a central bank digital currency (CBDC) to enhance financial inclusion.
Taiwan’s Financial Supervisory Commission (FSC) enforces stricter AML rules for digital assets service providers starting November 30, 2024. [The Block]
FSC officials emphasize fraud prevention and tighter oversight, including regulations on fiat custody, data security, complaint handling, and record-keeping.
Events
Central America’s premier Bitcoin conference, uniting global leaders, technologists, and entrepreneurs.
January 30-31, 2025 in San Salvador, El Salvador
The first ever Bitcoin Medellin Conference
January 17-18, 2025 in Medellin, Colombia
Reads
Here’s a list of our top recently published reads:
Erosion of the Meaning of Custody, by Nicolas Dorier [Blog post]
Buckets of blind signatures, by Callebtc [Blog post]
Financial surveillance in the United States: How the Federal Government weaponized the Bank Secrecy Act to spy on Americans [Report]
Privacy in Public Part 3: Cash and Bitcoin, by BPI Fellows Andrew Bailey, Bradley Rettler, and Craig Warmke [Bitcoin Policy Institute]
Understanding Liability for Unlicensed Money Transmitting Businesses under § 1960, by Daniel Barabander, Amanda Tuminelli and Jake Chervinsky [Paper]
Hodlers: an apology, by the Financial Times [Article]
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)