BR003 - Twitter data breach, Nunchuk, Robinhood bech32, Sphinx signer & MORE ft. Justin Moon & Odell

This week for Episode 3, our guests Justin Moon and Matt Odell return to help me read the list. I should mention the overwhelming feedback is that we have failed at being boring, so we should try to do better. This week for Episode 3, our guests Justin Moon and Matt Odell return to help me read the list. To send Bitcoin related questions, just go to and click submit story at the top right.

Listen to the Episodes

Listen on: Fountain, Spotify, Apple, Amazon, Google, YouTube

Vulnerability Disclosures

  • 01:36 Twitter data breach exposes contact details for 5.4M accounts; on sale for $30k
    • twitter user names, emails, and phone numbers
    • vulnerability was disclosed in January and patched
  • 05:55 ActiveCampaign database leak (shiftcrypto and others affected)
    • Name or alias, Email addressm IP address
  • 09:49 BlueWallet transaction data vulnerability

Software Releases & Project Updates:

  • 10:42 Nunchuk 1.9.9
    • Add support for NFC keys (Tapsigner)
    • Collaborative wallet recovery
    • Bug fixes and improvements
  • 12:19 Nunchuk CKTAP C++ lib
  • 17:59 BDK 0.20.0
    • Highlights for this release include bug fixes for the ElectrumBlockchain and descriptor templates, new transactions building feature to discourage fee sniping, and new transaction signing options. Also with this release MSRV is now 1.56.1 and AddressValidator is deprecated. A big thanks to our past and latest new contributors. See below for all the details.
  • 21:45 COLDCARD Mk4 5.0.5 - July 20, 2022
    • Enhancement: BIP-85 derived passwords. Pick an index number, and COLDCARD will derive a deterministic, strong (136 bit) password for you. It will even type the password by emulating a USB keyboard. See new areas: Settings > Keyboard EMU and Settings > Derive Seed B85 > Passwords.
    • Documentation: added docs/ documenting new BIP-85 passwords and keyboard emulation.
    • Enhancement: BIP-85 derived values can now be exported via NFC, in addition to QR code.
    • Enhancement: Allow signing transaction where foreign UTXO(s) are missing. Only applies to cases where partial signatures are being created. Thanks to @straylight-orbit
    • Enhancement: QR Codes are now easier to scan in bright light. Thanks to @russeree for this useful fix!
    • Bugfix: order of multisig wallet registration does NOT matter.
    • Enhancement: Support import of multisig wallet from descriptor (only sortedmulti, BIP-67). Also support export of multsig wallet as descriptor.
    • Enhancement: Address explorer can show “change” addresses for standard derivation paths for both single and multisig wallet.
    • New tutorial: 2of2 multisig with 2x Coldcard signing device, and bitcoin-qt as coordinator, see docs/
    • Enhancement: OP_RETURN is now a known script and is displayed in ascii when possible
    • Bugfix: allow unknown scripts in HSM mode, with warning.
  • 26:08 Robinhood
    • supports bech32
  • 28:26 Seed Tool v2 by SuperPhatArrow
    • Introducing Predictive Seed Word Input, Single Address Tool and Multisig Address Derivation 🎉
  • 32:33 Tor Browser v11.5 Released
    • automatic censorship detection and circumvention
    • redesigned network settings including streamlined bridge options
    • https only by default
  • 37:28 Joinstr: Coinjoin implementation using nostr
    • uses the nostr protocol for coordination
  • 39:36 bot updated


  • 40:30 Fedi update about funding (
  • 50:04 Tapsigner now shipping 39 bucks and SATSCARD shipping soon.
  • 01:02:06 Sphinx announces VLS signing device: The Sphinx team announced a hardware signing device interfacing with Validating Lightning Signer (VLS).
  • 01:04:55 Border Wallet
  • 01:07:59 Keet p2p comms by Bitfinex and Theather (
  • 01:14:16 James O’Beirne summarizing mempool research (
  • 01:23:00 Bitcoin Core updates (unreleased)
    • h/t Optech; Bitcoin Core #24148 adds watch-only support for output script descriptors written in miniscript. For example, a user can import wsh(and_v(v:pk(key_A),pk(key_B))) to begin watching for any bitcoins received to the P2WSH output corresponding to that script. A future PR is expected to add support for signing for miniscript-based descriptors.
    • h/t Optech; Bitcoin Core GUI #471 updates the GUI with the ability to restore from a wallet backup. Restoring was previously only possible either using the CLI or by copying files into particular directories.
  • 01:27:47 BitcoinTreasuries Updated with Elons booboo
  • 01:32:18 Bitcoin Meshnets article by L0LA L33TZ (
  • 01:40:08 Gloria Zhao Added as a Bitcoin Core Maintainer, she now has commit access to the Bitcoin Core repo on github
  • 01:44:04 Bitcoin OpTech News Letter


Bitcoin Events

  • 01:47:24 Bitcoin Park Nashville Events
  • 01:49:12 TAB Conf
  • 01:50:14 BitBlockBoom (
  • 01:50:32 Baltic Honeybadger (

Get in touch with the pod

  • Podcast Twitter:
  • NVK Twitter:
  • Telegram:
  • Email:

Did I get anything wrong above? Help me correct it