BR094 - COLDCARD KeyTeleport, Harbor, Ark, Cove, Zaprite, BTC Core, OMEMO, Knots, Vibe Coding, Trezor Safe 3 Attack Vector, Coinbase Phishing Campaign, Bitcoin Business Software + MORE ft. Rob & Paul
I’m joined by guests Rob Hamilton & Future Paul to go through the list.
Housekeeping
00:01:09 Nostr DVM Playground: Test out Nostr Data Vending Machines from DataMachine
Choose between Text Summarization, Text Generation, People Discovery, and People Search.
00:26:33 Bitcoin Security Guide updated
00:27:23 Looking for more beta testers for Cove, iOS Beta on TestFlight
00:33:19 COLDCARD Key Teleport
Purpose: Send a small quantity of very secret data between two COLDCARD Q systems, with no risk of anything in the middle learning the secret.
Method: ECDH and AES-256-CTR plus an extra wrapping layer, transmitted over a mixture of NFC, passive websites, and QR/BBQr codes.
Urgent Vulnerability Disclosures
00:29:04 “Designated seed phrase”: A new email phishing campaign is out, targets Coinbase users [Twitter post]
Bitcoin
Software Releases & Project Updates
00:44:33 Bitcoin Core v29.0rc2 - Bitcoin Core 29.0 release candidate 2
Bitcoin Core 29.0rc2 is a release candidate for the next major version [Testing Guide]
00:45:52 Fulcrum v1.12.0
Add support for UPnP
Add support for bitcoind’s ZMQ
pubhashtxmessageImprove Fulcrum’s mempool model efficiency by adding parent/child links for txns
Add support for Unix domain sockets in ZeroMQ notifications
Fix a rare and esoteric bug where Fulcrum would announce its TCP/SSL/WS/WSS port(s) to peers even if it was actually listening on a loopback interface for those ports
00:46:06 Blue Wallet v7.1.5
Add market android widget
Allow app to run in Vision Pro
Allow quick tap to copy address- Bitcoin Keeper
Mobile v2.1.0
Add Emergency Key to vaults for recovery in emergency situations
Update the Server Key with Spending limits and security delays
Send batch transactions to multiple recipients at the same time
Purchase hardware wallets with discounts
Single Key support for Portal
Improve wallet migration flow on key changes
Significant improvements to wallets syncing
Multiple UI updates and performance improvements
Desktop v0.2.1
Support subscription purchases using Bitcoin, powered by BTCPay Server.
00:46:27 Bitcoin Safe
Interlude: OMEMO
00:48:54 OMEMO
Bitcoin (Cont.)
Software Releases & Project Updates
00:53:28 Bitcoin Knots v28.1.knots20250305
P2P and Network Changes
Add support for Testnet4
UNIX domain sockets can now be used for proxy connections
Transactions having a feerate that is too low will be opportunistically paired with their child transactions and submitted as a package
Mempool Policy Changes
Topologically Restricted Until Confirmation (TRUC) parents are now allowed to be below the minimum relay feerate
Pay To Anchor (P2A) is a new standard witness output type for spending
Limited package RBF is now enabled, where the proposed conflicting package
GUI Changes
Add basic block visualizer to the Window menu
Signed Messages
Verifying BIP 137, BIP 322, and Electrum signed messages is now supported.
When signing messages for a Segwit or Taproot address, a BIP 322 signature will be produced
00:53:59 BoltzExchange
boltz-backend v3.10.0 - Rescue mission
Support for rescue files that allow swaps to be refunded with only the refund keys
Nested fee premiums to allow referrals to add extra fees
Discount CT on Liquid mainnet
boltz-web-app v1.7.0
Swap recovery rescan
Download rescue key in settings
Adjust network fee when RIF is needed
Defer swap creation after backup is done
00:54:01 Blockstream Green QT v2.0.22
Add option to request an email containing the user’s nLockTime transactions
00:54:58 FullyNoded v0.1.0-beta
This update removes all functionality related to Lightning and Bitcoin Knots by commenting out the related code
The focus for the first proper release is going to be on Bitcoin Core and Join Market only
00:55:11 BullBitcoin Mobile
00:55:19 RoboSats v0.7.5-alpha
For Users
When Javascript is disabled a box appears to help the user to enable it
Users will now be advised when they select a coordinator not offering swamps in order creation
For Coordinators
Now orders stay public even if there is a non-confirmed Taker, allowing multiple robots to try to take the order
00:55:24 Bisq 2 v2.1.7
New features
Official Bisq mediators and moderators can now be identified by the badge next to their nickname
Add a splitpane to calibrate sizes between offerbook chat and offer list
Improvements
The Bisq Easy protocol has been enhanced to protect against triangular scams. Now, when the buyer does the Fiat transfer, trade ID must be set as “Reason for payment”.
Splash screen now shows the loading progress for each required step: Starting Tor, publishing onion service, connection to P2P network and, finally, data inventory request.
Improve Trade process, Message delivery, and Mediation (more details in release notes)
00:55:26 Zaprite v2025-03-17
Global Tags: Add a Tags feature that allows merchants to add tags and categorize incoming Transactions for reporting
Invoices: Add a Total column to the Invoices table, which shows the calculated total amount due after discounts taxes
Recurring Invoices: Add a Biannual option to Recurring Invoice schedule options
API Orders: Add a new expiresAt field to the POST /order endpoint
API Orders: Add a new metadata field to the POST /order endpoint
00:56:38 Bitcoin Jungle App v1.3.6
Includes the ability to add a backup recovery email to your account in case you lose access to your phone number
Adds beta support for Bolt Cards- a protocol enabling you to link a contactless card to your wallet that lets you pay without your phone
00:57:22 SRI v1.3.0
This release migrates the old CI system based on Message Generator into the new SRI Integration Tests Framework.
Main changes (amongst many):
New integration test framework and tests
Enhanced APIs for role development
Core low-level crates now support
no_std
00:57:57 Stratum.work Update
New visual on stratum.work displays precise timing data for block template reception from pools, making it easier to spot similarities between pools
00:58:46 Braiins OS
Toolbox now supports DPS Boost–introduced in the Braiins OS 25.01 update.
Users can now detect Avalon miners, both via CLI and GUI. Additionally, you can perform actions such as pause, resume, reboot, and change pool config for these miners. Please note that this feature is available in beta testing.
CSV exports have been enhanced. The export functionality now allows for filtering, sorting, column visibility, and the order set in the GUI’s device list.
Extended Pool Username Variables now include , which represents the miner’s IP address with an “x” separator, instead of a dot.
Full support for Antminer S21 Imm. and Antminer S21 XP Imm. with AML control board now available
Logs are now persistent across all control boards
DPS now has two modes—Normal and Boost. DPS Boost has been recently added
Customizable MIN/MAX fan speed ranges can now be set in the GUI and API
Fans on Braiins Mini Miners will now run quieter
00:58:50 Coinselect
Project spotlight
Grid: An interactive tool designed to analyze and visualize Bitcoin mining data
Users can customize metrics and miner groupings to explore various aspects of mining pools and their activities.
For example, the tool allows analysis of specific miner groups such as “AntPool & friends,” which includes AntPool, BTC.com, Binance Pool, WhitePool, and SECPOOL.
CTV Playground: A native Android implementation and demonstration of Bitcoin’s proposed OP_CHECKTEMPLATEVERIFY (CTV) soft fork, including a CTV Vault implementation. [Github]
Bitcoin PSBTv2 Explorer: A quick and dirty PSBTv2 parser and converter [Github]
This tool aims to provide an updated version of the tremendously useful bip174.org compatible with modern PSBT features.
Fuzzamotto: Holistic Fuzzing for Bitcoin Protocol Implementations [Github]
Fuzzamoto framework enables coverage-guided fuzzing of Bitcoin full nodes through external interfaces like P2P and RPC, functioning as “Functional Fuzz Tests” rather than using in-process testing methods.
The system uses snapshot fuzzing with afl++’s Nyx mode for deterministic and performant testing of multiple node instances simultaneously, with future integration possibilities for other snapshot fuzzing tools.
Bitcoin Humanitarian Alliance: A global initiative leveraging Bitcoin to support freedom, financial inclusion, and humanitarian causes
The alliance aims to unite activists and humanitarian groups worldwide who use Bitcoin, educate nonprofits on integrating Bitcoin into their work, and host events to share strategies for financial freedom.
BetterStrike: Strike Tor Web Wallet [Gitlab]
Strike Wallet functions as a web-based Bitcoin wallet interface that uses Strike API and Tor technology to enable both Lightning and on-chain transactions.
Coinbase MPC: Coinbase open sources its MPC cryptography library [Announcement]
The library provides cryptographic protocols using secure multiparty computation, and is derived from Coinbase’s internal system but modified for general-purpose public use.
The library includes practical examples like HD-MPC, threshold EC-DKG for ECDSA-MPC, and ECDSA-MPC with threshold backup implementations.
Branta Core: A multi-platform app you to guard your clipboard on Mac, Linux and Windows [Docs]
Branta Guardrail: A tool to verify invoices and checkouts before sending Bitcoin or Lightning [Docs]
Satoshi Forex: A straightforward forex page listing the sat value of each unit of currency.
The website compares Bitcoin’s value to the world’s top 30 currencies in real-time, using data from CoinGecko and the IMF World Economic Outlook database (2024).
Antidote: London’s first Bitcoin startup incubator hub
Antidote is a startup studio and collaborative workspace for entrepreneurs, developers, investors, hackers and anybody building on or around bitcoin.
Satsify: A Chrome extension that converts Amazon product prices from USD to satoshis [Github]
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
01:18:13 Sideband v1.5.0
Added the ability to make and receive LXST voice calls
Add basic voice call UI
Add option to configure audio devices for LXST voice calls
Add option to block non-trusted callers
Add support for sharing any file type as attachment on Android
Add link stats to object details
Add a BME280 telemetry plugin example
Add button on Android to quickly go to full RNS interface status
Improve map initialisation time
Reticulum MeshChat v1.21.0
Migrated to using micron-parser from NPM
01:18:23 Mullvad VPN
Release of DAITA v2 for all platforms [Blog post]
DAITA version 2 introduces reduced traffic overhead by more carefully inserting dummy packets, cutting their number by half while maintaining defense levels and improving connection speed.
The new dynamic configurations feature randomly assigns different rules to VPN connections, making two clients visiting the same webpage produce different data streams and helping resist targeted attacks.
Multihop feature now available on Android [Blog post]
Users can now route traffic through two servers instead of one in the Android app version 2025.1 and newer, allowing the selection of entry and exit servers in different jurisdictions
01:18:33 NymVPN officially launches its privacy solution built on a Noise Generating Mixnet technology [Press release]
The system uses zero-knowledge proofs to prevent linking payment information to online activity, with no logging by design and censorship resistance features.
Vulnerability Disclosures
01:18:42 Ledger Donjon conducts a security analysis of Trezor’s hardware wallets and reveals Trezor Safe 3 is susceptible to physical supply chain attacks [Security Audit]
Trezor Safe 3 and Safe 5 products incorporate Secure Elements (Infineon Optiga Trust M) that safeguard user PINs and secrets.
Donjon details the remaining security considerations:
Critical cryptographic operations still occur on the microcontroller, not the Secure Element, creating potential vulnerabilities if an attacker modifies the microcontroller’s firmware.
Ledger Donjon demonstrated they could bypass firmware verification measures to run modified code that could “lead to the remote recovery of all the user’s funds.”
The newer Trezor Safe 5 uses an STM32U5 microcontroller that offers improved security against fault injection attacks compared to the TRZ32F429 used in Safe 3.
nRootTag: Turning a Bluetooth device into an Apple AirTag without root privileges [Research paper]
Researchers discover “nRootTag” vulnerability allowing attackers to convert any Bluetooth device into an AirTag-like tracker without root privileges.
Attack exploits address confusion in Apple’s Find My network, using over 1.5 billion iPhones as unwitting tracking agents.
Attack requires malicious app installation, Bluetooth capability, and proximity to Apple devices participating in Find My network.
Apple released patches in December 2024 (iOS 18.2 and other system updates) to address this vulnerability.
Eavesdropping on black-box mobile devices via audio amplifier’s EMR [Research Paper]
Periscope is a proof-of-concept system demonstrating how electromagnetic radiations (EMR) from mobile devices’ audio amplifiers can be exploited to recover audio sounds.
Headphones connected to devices act as antennas that enhance EMR signals, making them measurable at distances up to 15m with a miniaturized prototype similar in size to hidden voice recorders.
The attack successfully recovers private audio with a word error rate as low as 7.44% across 11 mobile devices and 6 headphones, producing results intelligible to both human hearing and speech-to-text tools.
Microsoft discovers StilachiRAT, a sophisticated trojan targeting credentials and crypto wallet information [The Hacker News]
The malware targets at least 20 cryptocurrency wallet extensions in Chrome, including MetaMask and Coinbase Wallet, and can execute 10 different commands from its command-and-control server. [Microsoft Analysis]
Android apps are covertly tracking users through Bluetooth and WiFi [Cyber Insider]
Study reveals 86% of analyzed apps gather sensitive data, including device identifiers and WiFi scan results, often bypassing Android’s privacy controls.
Next.js discloses critical authentication bypass vulnerability (CVE-2025-29927) with CVSSv3 score of 9.1 in middleware layer, exploitable through an extra HTTP header [runZero Blog post]
Remote attackers can bypass security checks including authentication mechanisms by exploiting this vulnerability.
Clevo boot guard keys leak threatens system security [Security Express]
Binarly confirms discovery of leaked private Boot Guard keys in Clevo firmware packages. The keys were found in a publicly available BIOS update containing BootGuardKey.exe with private keys that could be used to bypass security measures.
Investigation identifies 15 affected firmware packages across 10 unique Clevo-manufactured devices, including several Gigabyte laptop models. The compromised keys remain in use on “actively supported products, thereby elevating the severity of the threat.”
Five dollars wrench attacks:
41-year-old man assaulted and robbed of HK$318,000 in cash in Hong Kong after completing a cryptocurrency trade [The Standard]
The victim received the cash from a cryptocurrency trade and was heading to his home when the robbery occurred at around 11pm.
Turkish man carrying €5 million cash for cryptocurrency trading is attacked in Hong Kong by knife-wielding assailants [Dimsum Daily]
Victim fights off attackers, suffers 10-centimetre knife wound to forehead, but retains his money bag. Police arrests four men.
Four men and one woman arrested after the kidnapping of a cryptocurrency investor in Paris over a failed €10,000 cryptocurrency investment that collapsed [Le Parisien]
The 20-year-old victim was forced into a car trunk during what appeared to be a setup meeting with a 19-year-old woman. Kidnappers demanded €40,000.
South Korean prosecutors request 10-year sentence for a man who stabbed Haru Invest CEO in the neck during a court hearing in August 2024 [The Block]
The attacker, surnamed Kang, lost 100 BTC in Haru Invest, which allegedly defrauded around 16,000 investors of nearly $962 million after suspending operations in June 2023.
Interlude (Rob’s Corner)
01:21:05 Coinbase is open-sourcing their multiparty computation (MPC) cryptography library [Accouncement]
01:21:35 Mempool.space now supports address poisoning detection
Privacy & Other Related Bitcoin Projects (cont.)
Project spotlight
Voca: A privacy-focused Text-to-Speech (TTS) app for Android that respects system language settings and provides a clean, simple interface [Gitea]
Users can configure language through system TTS settings, with all processing done locally without data collection.
Voca is FOSS and operates on a value for value model [Npub]
Silkpad Computers: Privacy-focused refurbished computers, focuses on older Thinkpads models
Silkpad Computers offers refurbished devices emphasizing privacy and security through auditable firmware (IME disabled) and open-source software.
Lightning + L2+
Project spotlight
LN-spam-prevention: Fee-based protocols for preventing spam on the Bitcoin Lightning Network [Github]
The project introduces protocols to assign and collect fees for Lightning services, aiming to reduce network spam by charging for all significant costs incurred.
The collection system uses griefer-penalization where both parties lose comparable funds in griefing attempts, protecting users who select self-interested partners [Research paper]
Hydrus: Lightning automated liquidity management agent [Github]
Hydrus automatically opens and closes Lightning Network channels based on network graph analysis and performance metrics.
The system selects nodes using weighted heuristics including capacity, centrality, routing policies, and connectivity.
Alby Lite: A minimal Lightning address server powered by NWC [Github]
ngx_l402: An Nginx module that enables pay-per-request authentication using the L402 protocol [Github]
An L402 authentication module/plugin for Nginx that integrates seamlessly into your web server, enabling Lightning Network-based monetization for your REST APIs
It supports invoice generation through LND, LNURL, and NWC
LNVPS: A bitcoin powered VPS provider
LNVPS is a VPS provider based in Ireland that specializes in integrating Bitcoin’s Lightning Network for payments
Sig4Sats Script: Atomic exchange of Cashu payments for Nostr event signatures using Schnorr adaptor signatures [Github]
A simple script demonstrating how to atomically exchange Cashu payments for Nostr event signatures using Schnorr adaptor signatures.
nut-bridge: Bridging the gap between NIP-57 and NutZaps [Github]
“nut-bridge is bridging the gap between NIP-57 Zaps and NIP-61 NutZaps by providing a LNURL server that will receive payments via a Lightning Address and then turn them into a nut zap.”
Software Releases & Project Updates
01:22:46 LDK announces Versioned Storage Service (VSS)
VSS provides server-side storage for non-custodial Lightning Network and Bitcoin wallets, which enables fund recovery after a device loss as well as future multi-device access.
The service ensures real-time synchronization of wallet states, and prevents loss of funds by securing every state change as it occurs rather than relying on periodic backups.
VSS is designed with privacy features including client-side encryption and can be self-hosted or cloud-deployed, with integration already available in LDK Node v0.4.x as alpha support.
Eclair v0.12.0
This release adds support for creating and managing Bolt 12 offers and a new channel closing protocol (option_simple_close) that supports RBF.
We also add support for storing small amounts of (encrypted) data for our peers (option_provide_storage).
Phoenixd v0.5.1
Use ubuntu for docker runtime image
Add
parent_idlink for first outgoing payment part
Breez SDK v0.7.2 - Nodeless
Add seed support to ConnectRequest
Improve realtime sync and restore
Alby
Go v1.11.0
Add support for NWC deep linking and NWA
BTC rates now refresh every 5 minutes for up-to-date pricing
Improve branding with Alby Go logos on success screens
Update wallet removal copy for better clarity
Ark v0.5.2 - Handle RBF transactions
Telemetry: Go runtime metrics
SDK: Detect rbf txs while listening for boarding utxos
Ark Labs HQ wallet-sdk
BitBanana v0.9.3
Significantly enhanced channel rebalancing interface
Nostr Wallet Connect support
Channel sorting
UTXO sorting
Exposed timeout setting for backend communication and lightning payments
BlitzWallet v0.4.2-beta
eCash Revamp: More Flexibility & Security
Deterministic Proofs: eCash proofs are now linked to your Blitz Wallet seed phrase
New SQL Storage System: Moved from encrypted database storage to a local SQL database
Cross-Wallet Portability: Upload and migrate eCash proofs between compatible wallets
Laying the Groundwork for Higher Limits: Preparing to increase the eCash storage limit beyond the current 5,000 sats cap
Manual Migration Required: Existing eCash proofs must be manually migrated via Settings > Experimental Features
Point-of-Sale Enhancements:
Customizable Currency Display: Toggle between sats or fiat, with proper regional formatting
Integrated Tipping System: Employees can now enter their name during PoS transactions, and business owners can track tips for proper distribution
CDK v0.8.0
Add redb feature to mintd in order to meet MSRV target
cdk-sqlite: In memory sqlite database
Add
tos_urltoMintInfocdk: Add tos_url setter to
MintBuilderAdd optional “request” and “unit” fields to MeltQuoteBolt11Response NUT Change
Add optional “amount” and “unit” fields to MintQuoteBolt11Response NUT Change
Compile-time error when no lightning backend features are enabled
Add support for sqlcipher
Payment processor
Payment request builder
Sends should be initiated by calling Wallet::prepare_send
A SendOptions struct controls optional functionality for sends
Allow Amount splitting to target a fee rate amount
CashuBTC Update
Add the ability to use tap-to-pay with eCash, enables Bitcoin payments via NFC without internet or delay
The system supports payments from any mint and integrates with the Lightning Network
Cashu-ts
Export OutputData
Remove dleqValid from proof and expose verification api
Extract from- and to- raw request functions
Handle specific errors cases in request.ts
Add method for automated batch restoration
NUT-18 is implemented, updating README.
NUT-15 MultiPath Melt Quotes
NUT-20 Signed Mint Payloads
Nutstash v2.0.4
Switch qr code lib to @paulmillr/qr
Feature: Offline tokens
Nostr
Project spotlight
GM.family: Send a ‘GM’ note to @fiatjaf by the press of a button
Nostringer: JavaScript library providing unlinkable ring signatures (SAG) for Nostr pubkeys [Github]
The library draws inspiration from Monero’s Ring Signatures using Spontaneous Anonymous Group signatures (SAG) and implements ring signatures using Ed25519 elliptic curve and Keccak hashing.
Igloo: Frostr keyset manager and remote signer [Github]
“Desktop-based key management and signing device. Options to import an existing nsec, or generate a new one. Allows you to manage and rotate shares, plus recover your nsec using shares. Can be used online for remote signing, or offline for key management only.”
Frost2x: Notes and other stuff signed by an extension, using the powers of FROST [Github]
Fork of the popular nos2x extension
Uses the Bifrost library for encryption and signing of events
Allows FROST-based signing for any website that supports NIP-07
Permafrost: Ephemeral relay and remote signing server for the FROSTR protocol [Github]
Server-based signing device and personal ephemeral relay
Includes a NIP-07 based web portal for managing your server
Options to run as a node service (using bun) or inside a docker environment
23GMT: A specialized Nostr relay with time-based constraints
23GMT is a specialized Nostr relay with some constraints:
Only accepts posts from 23:00 to 24:00 GMT
Deletes its database at 01:00 GMT
Only accepts events with kind 1 (text notes)
Only accepts events with a NIP-70 “-“ tag
Runstr: A motion tracking app built on top of Nostr [Github]
Runstr aims to offer an open source, privacy-focused alternative to platforms like Nike Run Club or Strava
Current features include Nostr login, run tracker, global running feed, and Wavlake music
EnterTheNostr: Matrix-themed Nostr note composer
Aside from the nostr extension sign up, it features a “Load Smith” function that creates anonymous, one-time identities for users to post without a signer extension
POWR: Proof Of Workout over Relays [NIP-101e: Workout Events]
POWR is a local-first, open-source fitness app for Android and iOS supercharged by Nostr [Announcement]
Nostr NIP Repository Extension: Opens the NIP repository in your browser [Github]
“This extension provides quick access to Nostr NIPs (Nostr Implementation Possibilities) documentation directly from Kunkun. It allows you to open Nostr-related repositories and browse specific NIPs with ease.”
Dezh DSR: A repository containing a set of Nostr relays designed to be used for specific purposes [Github]
Notebin: NIP-95: Decentralized code snippets with Lightning tips [Github]
The proposal defines a new Nostr event kind specifically for code snippets, separate from regular text notes.
Code snippets include specialized metadata such as programming language, file extension, and other code-specific attributes.
Sats.gg: A Nostr client focused on live streaming [Github]
Sats.gg helps content creators monetize their work on platforms like Twitter, Ghost, Substack, Squarespace, and Nostr
The platform supports integration with LNURLPay and Lightning Address, facilitating seamless payment processes for users
Yumyume: A FOSS social bookmarking client built on the Nostr protocol, distributing bookmarks across multiple relays [Gitlab]
Yumyume supports self-hosting, and operates client-side but requires a local web server for full functionality.
Postr For Nostr: Share your WordPress Posts to Nostr with Postr For Nostr [Github]
This plugin provides the ability to postr content from WordPress to Nostr.
Flightless2: A terminal-based user interface client for Nostr direct messaging DM [Github]
Nostr Components: Take Nostr content beyond Nostr clients - embed it anywhere on the internet [Github]
Nostr Components makes it easy to embed Nostr profiles, posts, and follow buttons in any website.
Hello Nostr: A collection of Nostr educational resources
This site serves as a companion through the Nostr universe, helping users from downloading their first client to running relays and using self-custodial Lightning wallets.
Nostr MCP Server: A Model Context Protocol (MCP) server that provides Nostr capabilities to LLMs like Claude [Github]
The server supports both hex public keys and npub formats, and implements five tools for interacting with the Nostr network: getProfile, getKind1Notes, getReceivedZaps, getSentZaps, getAllZaps
Bookstr: Bookstr is a Goodreads or Storygraph alternative built on Nostr built with Lovable AI [Github]
Software Releases & Project Updates
rust-nostr v0.40.0
Add NIP-38 and NIP-62 support
Add nostr parser, to easily parse any text and extract nostr URIs, URLs and more
Extend Tags capabilities (i.e., add deduplication support)
Add admission policies, to selectively select which events to allow receiving and which to reject
Add Mac Catalyst support for Swift package
Coracle v0.6.9
Quote addressable events by address rather than nevent
Bump nostr-tools to fix nostrcheck uploads
Show error when DM fails to send
Nostur v1.19.0
Faster feed loading
Improve fullscreen image viewer
Prefetch images when swiping in gallery
Add blur hash metadata when posting images
Keep scroll position improvements
Show connecting thread lines in full width image mode
Multiple picture select for regular posts
Better m3u8 video stream detection
Show own npub in sidebar + copy
Nostr PHP v1.6.0
Allow verification of Event objects
Add NIP-04 and NIP-44 encryption
Yana v0.16.0
NWC alby go 1-click connection
Outbox relay set calculation progress
Upload media using blossom
Video player fullscreen
NIP-42 Relay Authentication
Gossip v0.14.0
Zappers and amounts are now shown
Reactions and who reacted are now shown
UI: Side panel contains less so it can be thinner. Bottom bar added.
UI: frame count and spinner (optional)
Relay UI: sorting by score puts important relays at the top.
Relay UI: add more filters so all the bits are covered
Image and video loading is much faster
Subject in draft (when replying) can be edited
DM feeds automatically update, and note order is fixed
Logging to stderr by default
Relay errors and fetch errors are now considered as warnings
Citrine v0.7.2
Add a button to delete events by kind
Change the delete all button color and separate it from the other buttons
Download events just with a npub
Change the relays when downloading events
0xChat App Desktop v1.0.2
Supports NIP-104 MLS secret chat
Supports copying images from the clipboard
The desktop client will remain running after the window is closed.
nostr-relay-tray v2.0.0
Support one-click to expose the relay to the internet
Add ability to delete events based on specific conditions
Breaking Change: Improved event rules structure for better control
Pokey v0.1.5-alpha
Zap notifications now displays zapper’s profile
Pokey will skip notifications for events containing more than a configurable amount of tagger users (Hell Threads)
Nostr-zap v1.3.0
Introduce data-naddr property as alternative to data-note-id
Electrum 4.6 will feature built-in Nostr support with a custom aionostr library developed specifically for this purpose [Announcement]
Nostr integration aims to decentralize previously centralized services, enabling users to become liquidity providers for submarine swaps and replacing central servers for PSBT cosigning.
Developers are also currently working on a NWC plugin to further improve on connectivity options.
Boosts
01:26:33 Thanks to everyone who streamed sats, and shoutout to our top boosters:
[🏆 TOP BOOSTER] @pink monkey (1,000 sats)
@Anonymous (1,000 sats)
@jespada (100 sats) “I need to sleep more often, please keep shipping”
@. (350 sats)
@Anonymous (350 sats)
@Anonymous (350 sats)
@btconboard (200 sats) “⚡️⚡️👍🏻👍🏻”
@AVERAGE_GARY (100 sats) “Roastr exists.” “ed25519?”
@alanStacksSats “Good tech content away from the usual price and macro talk alot of podcasts focus on.”
Tech Tip of the Day
No Ghibli Chrome Extension: A Chrome extension that helps you identify and filter out Studio Ghibli-related content from Twitter [Github]
Bitcoin Optech Newsletter
Highlights from recent Bitcoin Optech Newsletters
LN upfront and hold fees using burnable outputs: John Law posted to Delving Bitcoin the summary of a paper he’s written about a protocol nodes can use to charge two additional types of fees for forwarding payments
Discussion of testnets 3 and 4: Sjors Provoost posted to the Bitcoin-Dev mailing list to ask whether anyone was still using testnet3 now that testnet4 has been available for about six months
Plan to relay certain taproot annexes: Peter Todd announced to the Bitcoin-Dev mailing list his plan to update his Bitcoin Core-based node, Libre Relay, to begin relaying transactions containing taproot annexes if they follow particular rules.
Discussion of LND’s dynamic feerate adjustment system: Matt Morehouse posted to Delving Bitcoin a description of LND’s recently-rewritten sweeper system, which determines the feerates to use for onchain transactions. See #### Lightning…
P2P traffic analysis: developer Virtu posted to Delving Bitcoin an analysis of the network traffic generated and received by his node in four different modes: initial block download (IBD), non-listening (outbound connections only), non-archival (pruned) listening, and archival listening.
Research into single-path LN pathfinding: Sindura Saraswathi posted to Delving Bitcoin about research she conducted with Christian Kümmerle about finding optimal paths between LN nodes for sending payments in a single part.
Probabilistic payments using different hash functions as an xor function: Robin Linus replied to the Delving Bitcoin thread about probabilistic payments.
News & Noteworthy
Bitcoin
CISA: Cross-Input Signature Aggregation research paper released
HRF sponsors research paper on Cross-Input Signature Aggregation, a Bitcoin protocol enhancement that combines multiple Schnorr signatures into a single, smaller signature.
CISA aims to reduce Bitcoin transaction sizes and storage requirements, lower transaction fees, and improve bandwidth efficiency.
Lightning + L2+
LND’s Deadline-Aware Budget Sweeper: A new approach to Lightning transaction fee management [Matt Morehouse]
LND v0.18.0 introduces a completely rewritten sweeper subsystem that dynamically adjusts transaction fees based on HTLC deadlines and fee budgets.
The new approach makes replacement cycling attacks uneconomical by allocating up to 50% of HTLC value for fees when necessary.
This deadline-aware strategy provides better security than existing methods while reducing reliance on potentially inaccurate fee estimators.
Second launches its Ark protocol implementation on signet, inviting developers to test it before mainnet release [Second Blog post]
The company provides signet faucet and test store to facilitate testing.
Exodus announces end of Lightning wallet support on May 30, 2025, after which users cannot access Lightning wallets or funds [Announcement]
Users must withdraw their entire LN balance before May 30, 2025 to avoid losing access to their funds.
Business & Finance
Chinese automobile financing platform Cango set to become Bitcoin mining proxy for Bitmain through Antalpha connection [The Miner Mag]
The connection between Antalpha, Antpool, Bitmain, and EWCL suggests Cango was positioned as a mining proxy for Bitmain from the beginning, explaining Cango’s recent purchase of 32 EH/s hashrate from Bitmain despite limited cash reserves.
Bitcoin financial firm NYDIG to acquire Crusoe’s bitcoin mining business [Blockspace]
NYDIG is negotiating to purchase Crusoe Energy’s 270 MW bitcoin mining portfolio across 20 sites, including 135 employees. The acquisition allows NYDIG to expand mining operations while leveraging potential synergies with parent company Stone Ridge Holding’s 10 GW natural gas assets.
Crusoe Energy is pivoting away from bitcoin mining to focus on AI infrastructure, including a 1.6 GW datacenter project in Texas.
LōD Technologies, an IoT-driven energy intelligence provider, now operates across all Bitfarms datacenters globally [Press release]
The platform enables Bitfarms to track electricity markets, respond to grid conditions, and optimize power costs while maximizing demand response revenue potential.
Bitcoin mining hardware manufacturer Canaan Inc. secures $200 million through a Series A-1 Preferred Shares financing [The Miner Mag]
The funding supports R&D, production expansion, and digital mining infrastructure in North America.
DLC Markets announces addition of options booking and settlement to their platform, automating margin calls, liquidation, and settlement processes [Blog post]
Funding
OpenSats
Announces the Tenth Wave of Bitcoin Grants, supporting six projects advancing the Bitcoin ecosystem:
First-time project grants for Bitcoin Safe, Stable Channels, and Waye.
And renewed project grants for Floresta, Krux, and Krux-Installer.
Reveals the recipients of the Tenth Wave of Nostr Grants, comprising of seven innovative projects that showcase the growing versatility of the nostr ecosystem:
The four first-time project grants in this wave are: Chachi, Zapstore, HyperNote, and Nostr Epoxy.
In addition, OpenSats has renewed project grants for: Futr, Npub.cash, and Notedeck.
Announces its support to OpenSats-like organizations, focusing on a specific domain, namely: 2140, OpenCash, Bitshala, Summer of Bitcoin, Bitcoin Dev Launchpad, and Foundation Formation Kit
Vinteum announces its fellowship program, a structured phase of onboarding new open-source contributors, selecting seven fellows which are starting a six-month journey:
Luis Schwab (BDK)
João Leal (Floresta)
Lucas Balieiro (PlebLottery and StratumV2)
QLRD (Krux and Floresta)
Erick Cestari (Rust-Bitcoin)
Moises Pompilio (LDK)
Lucad70 (Floresta)
Btrust awards Q1 2025 Starter Grants to Brandon Odiwuor, active Bitcoin Core contributor, and Itoro Ukpong, contributor to Bitcoinj and BDK-FFI.
Btrust Builders launches five structured learning tracks to train African developers in Bitcoin open-source development [Announcement]
The pathways include Mastering Bitcoin, Bitcoin Core CLI, Rust for Bitcoin, Programming for Bitcoin, and Start Your Career in BOSS.
Mining
Foundry mines 9 blocks in a row on March 29th, from block 889982 to 889990
Block 888989: First public-pool block mined by self-hosted user
A Bitcoin block with hash 00000000000000000000a517d87e63ea04c7ec3dd51d20926e82cca5466dccaf was successfully mined on a self-hosted public-pool.
DMND launches Stratum V2 mining pool [Blockspace]
DMND, backed by Trammell Venture Partners, opens applications for its Stratum V2 mining pool, offers miners a 0% fee for two months.
Bitdeer introduces the A2 Pro Bitcoin miner with 14.9 J/TH efficiency, improving upon the original A2’s 16.5 J/TH and matching Bitmain’s Antminer S21 Pro [Press release]
The A2 Pro comes in two versions: air-cooled (255-270TH/) and hydro-cooled (500-530TH/s), with Bitdeer projecting total production of 35 EH/s of SEALMINER units by October.
Auradine unveils the Teraflux AH3880, the first U.S.-engineered hydro-cooled Bitcoin miner, delivering up to 600 TH/s with 14.5 J/TH efficiency, marking the first U.S.-engineered hydro-cooled Bitcoin miner [The Miner Mag]
Privacy
GSMA introduces end-to-end encryption for cross-platform messaging [Cyber Insider]
GSMA announces RCS standard upgrade with end-to-end encryption using the Messaging Layer Security protocol, marking the first large-scale interoperable encryption system between different clients.
Apple confirms involvement, with spokesperson Shane Bauer stating: “End-to-end encryption is a powerful privacy and security technology that iMessage has supported since the beginning.”
U.S. Officials misuse Signal app for Yemen strike coordination, accidentally include journalist [Cyber Insider]
National security team members under Trump administration mistakenly add Atlantic editor Jeffrey Goldberg to a Signal group chat coordinating military strikes in Yemen.
Officials including VP Vance, Defense Secretary Hegseth, and Secretary of State Rubio exchange classified tactical information on commercial smartphones using an unauthorized platform.
Switzerland considers expanding its surveillance law to include VPNs, messaging apps, and social networks with over 5,000 users or $100 million turnover [TechRadar]
The amendment creates “three types of information and two types of monitoring” that would force privacy-focused companies to modify encryption and identification practices.
Mullvad VPN provides details on why its iOS app doesn’t enable Apple’s ‘includeAllNetworks’ flag despite its potential privacy benefits [Blog post]
The Swedish VPN provider discovers that enabling this feature causes critical system failures during app updates, resulting in complete network loss on iOS devices.
Protocol
Bitcoin Core #31407: guix: Notarize MacOS app bundle and codesign all MacOS and Windows binaries [Merged]
BIPs #1800: Consensus Cleanup BIP draft [Open]
BDK #1839: This PR allows the receiving structures (bdk_chain, bdk_wallet) to detect and evict incoming transactions that are double spent (cancelled). [Merged]
LND #9620: Adds
testnet4support tolnd[Merged]LDK #3624: Support scalar tweak to rotate holder funding key during splicing [Merged]
LDK #3649: Add BOLT12 support to bLIP-51 / LSPS1 [Merged]
LDK #3608: Correct and update confirmation target constant definitions [Merged]
LND #9458: multi+server.go: add initial permissions for some peers [Merged]
BTCPayServer #6581: RBF and UX improvement to fee bumping [Merged]
Eclair #3044: Remove amount-based confirmation scaling [Merged]
Eclair #3026: Support p2tr bitcoin wallet [Merged]
BOLT #1233: Check for preimage before failing back missing HTLCs [Merged]
NIP #1822: Add B0 NIP for Blossom interaction [Open]
NIP #1826: A way for relays to be honest about their algos [Open]
Tutorial
Liana Simple Inheritance Taproot Miniscript Wallet with Krux [Guide]
This guide details how to set up a Taproot miniscript wallet using:
Krux: For key creation, backup, and transaction signing.
Liana Wallet: For creating a “Simple Inheritance” wallet that uses the keys generated on Krux.
Setting up a Strfry Nostr Relay as a TOR Hidden Service [0xtr’s Guide]
This guide will walk you through setting up your own Strfry Nostr relay on a Debian/Ubuntu server and making it accessible exclusively as a TOR hidden service.
Cryptography
GPU advancements in cryptographic brute force attacks [Research paper]
Researchers optimize implementations of KASUMI, SPECK, and TEA3 algorithms on GPUs, achieving 235.72, 236.72, and 234.71 keys tested per second on a single RTX 4090.
The KASUMI implementation shows 15x improvement over previous work, reducing requirements for breaking GPRS/GSM from 2400 RTX 3090 GPUs to just 142 RTX 4090 GPUs.
Government & Political
DeFi Education Fund publishes coalition letter asking Congress to correct DOJ’s interpretation of money transmission laws as applied to software developers [Announcement]
The letter challenges DOJ’s August 2023 legal theory that expands criminal liability to developers, which signatories believe contradicts FinCEN guidance and threatens the U.S. blockchain ecosystem.
Coalition maintains money transmitting businesses require “possessing & transmitting funds on behalf of others” and urges policymakers to “protect U.S. software developers from regulatory overreach.”
France rejects encryption backdoor mandate [EFF]
The rejected proposal would have implemented a “ghost participant model” allowing law enforcement to silently join encrypted chats, undermining private communication security.
The FAIR Act aims to protect bitcoin holders from civil asset forfeiture [Bitcoin Magazine]
The Fifth Amendment Integrity Restoration (FAIR) Act seeks to reform civil asset forfeiture laws, requiring clear and convincing evidence before the government can seize property, thereby offering stronger protections for Bitcoin holders.
U.S. Treasury removes Tornado Cash from sanctions list and issues warning to users [The Rage]
OFAC has officially lifted sanctions against Tornado Cash, removing it from the SDN List after the Fifth Circuit ruled the designation unlawful in November.
Update: Treasury files notice to prevent Texas district court from issuing final judgment on Tornado Cash sanctions reversal, attempting to retain power to list software on OFAC’s SDN list.
Despite removing Tornado Cash from sanctions list, Treasury seeks to avoid binding court order that would prevent it from sanctioning similar privacy software in future, signaling continued focus on cryptocurrency privacy services.
US government prosecutors allegedly withhold evidence showing Chainalysis incorrectly attributed 300 million to North Korea in the Roman Storm case where they claimed 1 billion was laundered through Tornado Cash [Twitter post]
The defense argues prosecutors violated the Brady rule by failing to disclose evidence that “undermines a core allegation” despite prosecutors claiming the material “stretch[ed] beyond recognition what constitutes Brady material.”
Chainalysis sued by bankruptcy debtors for facilitating fraud in Celsius network collapse [The Rage]
The lawsuit claims Chainalysis “knowingly and willfully fueled one of the biggest cons in cryptocurrency history” by validating inflated asset figures calculated using methodology designed by Celsius founder Alex Mashinsky.
Samourai Wallet developers attend fourth pre-trial hearing [Bitcoin Magazine]
The court establishes pre-trial motion schedule starting May 9, with prosecution responses due June 6.
Expert disclosures are scheduled for July 15 (prosecution) and August 8 (defense). The trial is officially scheduled to begin on November 3, 2025.
U.S. IRS sharing tax data with immigration agencies for deportation purposes [The Rage]
The IRS has agreed to share confidential tax records with ICE and DHS to help locate and deport immigrants who have removal orders.
This marks the second major increase in financial surveillance under the Trump administration, following Treasury’s lowering of reporting thresholds along the Mexican border from $10,000 to $200
The European Central Bank plans to finish the digital euro testing phase by October 2025 [CoinDesk]
ECB board members are actively campaigning with European Parliament, Council, and Commission stakeholders to advance the digital euro project.
Events
December 7-9, 2025 in Mérida, Mexico
BTCAzores 2025 edition is canceled [Announcement]
The next edition is scheduled for 2026
Reads
Here’s a list of our top recently published reads:
Cashu: Bitcoin freebanking, by Juraj Bednar [Blog post]
Wallet Clustering Basics, by Spiral [The Scroll #2]
Bitcoin’s Duplicate Transactions, by BitMEX Research [Blog post]
Nostr Security: Account Hacks, by Odell [Note]
Comprehensive Analysis and Proposed Solutions for Mitigating Sybil Attacks on Nostr, by PPQ Deep Research [Note]
The bitcoiner’s guide to physical security, by Jameson Lopp [Casa Blog post]
Bitcoin and the Rise of Cypherpunks: A Historical Timeline, by Craig [On Bitcoin]
Episode submission ideas
We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
Nostr & LN ⚡nvk@nvk.org (not an email!)