BR004 - JoininBox, Tornado Cash, Swan & Casa data leaks, Square HWW & MORE ft. Justin Moon & Odell

Hello and welcome to the Bitcoin Review podcast. The podcast where we fail at boringly reading the latest release notes and discuss project updates. This week for Episode 4, I’m joined by guests Justin Moon and Matt Odell to help me read the list. To send Bitcoin related questions, just go to and click submit story at the top right.

Listen to the Episodes

Listen on: Fountain, Spotify, Apple, Amazon, Google, YouTube

Software Releases & Project Updates

  • 00:02:35 Sparrow 1.6.6, Aug 4 2022 (
    • Authentication via Auth47 & LNURL-auth links
    • Improved performance for very deep wallets
    • Change from notification txes is spent last
    • Copy labels from deposit UTXOs into badbank
  • 00:03:20 JoininBox v0.7.0, Aug 7 2022 (
    • New, automatically generated SDcard image for the RPi4&3 (
    • Connect @FullyNoded with a QRcode to the @joinmarket API
    • Add custom labels to addresses
    • Add joinmarket-api.service to TOOLS
  • 00:08:27 Electrum 4.3.0, August 5, 2022 (
    • Introduces a set of UI modifications that simplify the use of Lightning. The idea is to abstract payments from the payment layer, and to suggest solutions when a lightning payment is hindered by liquidity issues.
    • Invoice unification: on-chain and lightning invoices have been merged into a unique type of invoice, and the GUI has a single ‘create request’ button. Unified invoices contain both a lightning invoice and an onchain fallback address.
    • The receive tab of the GUI can display, for each payment request, a lightning invoice, a BIP21 URI, or an onchain address. If the request is paid off-chain, the associated on-chain address will be recycled in subsequent requests.
    • The receive tab displays whether a payment can be received using Lightning, given the current channel liquidity. If a payment cannot be received, but may be received after a channel rebalance or a submarine swap, the GUI will propose such an operation.
    • Similarly, if channels do not have enough liquidity to pay a lightning invoice, the GUI will suggest available alternatives: rebalance existing channels, open a new channel, perform a submarine swap, or pay to the provided onchain fallback address.
    • A single balance is shown in the GUI. A pie chart reflects how that balance is distributed (on-chain, lightning, unconfirmed, frozen, etc).
    • The semantics of the wallet balance has been modified: only incoming transactions are considered in the ‘unconfirmed’ part of the balance. Indeed, if an outgoing transaction does not get mined, that is not going to decrease the wallet balance. Thus, change outputs of outgoing transactions are not subtracted from the confirmed balance. (Before this change, the arithmetic values of both incoming and outgoing transactions were added to the unconfirmed balance, and could potentially cancel each other.)
  • 00:20:30 Nunchuck iOS 1.9.12 / Android 1.9.18
    • Bug fixes and improvements
    • Adds SATSCARD integration (
  • 00:21:50 Blockstream Green 3.8.6
    • iOS Aug 4 2022
      • Display firmware hash during Jade firmware update
      • Login with BIP39 Passphrase
      • Display the receive address in transaction details
      • Display the net amount without fees in transaction details
      • Handle connection failure during wallet discovery
    • Android July 29 2022
      • Login with BIP39 Passphrase
      • Trezor & Ledger singlesig address display
      • Faster Jade firmware update with binary delta
      • Improve Ledger support
  • 00:36:14 Embassy OS, July 27 2022
  • 00:39:21 Raspiblitz 1.8.0, July 29 2022
  • 00:40:38 BDK #645 adds a way to specify which taproot spend paths to sign for. Previously, BDK would sign for the keypath spend if it was able, plus sign for any scriptpath leaves it had the keys for. (
  • 00:44:42 Kotlin Multiplatform Tor (a.k.a. kmp-tor)


  • 00:45:04 New self custody redundancy service “”. Upstart service for passphrase and multisig users. Acts as an internet-accessible “location” in the context of redundant seed backups. Seeds are sent obscured over multiple channels and stored offline.
  • 00:51:15 Foundry, the Largest Mining Pool, Provides Grant to Open Source Stratum V2 Developer. Stratum V2 aims to reduce mining censorship risk by giving individual miners the ability to choose which transactions are in a block rather than pool operators
  • 00:55:33 Nix-Bitcoin 0.0.74 released. nix-bitcoin is a collection of Nix packages and NixOS modules for easily installing full-featured Bitcoin nodes with an emphasis on security. Submitted message: “Nix-Bitcoin is designed for security by default but I found Nix-Bitcoin is also v”ery customizable if you know Nix. The Matrix support is fantastic if you get stuck. l’Il be converting my node and other services to Nix-Bitcoin ASAP. Fedimint/minimint and Samourai Doo maybe in the future for Nix-Bitcoin! Nix is also used for managing build dependencies for minimint.”
  • 00:59:59 - “Hardware Wallets” are not Bitcoin wallets, they are signing devices.
  • 01:01:39 Tornado Cash Github Repo Taken Down, Lead Dev’s Account Frozen.
  • In response to Tornado Cash Github Repo being Taken Down, Start9 added the Gitea service to the Embassy Marketplace, and released a short video on how to mirror a repo, such as Bitcoin. On the OS side (EOS v0.3.1.1)
  • 01:10:59 Swan & Casa Data Leaks
    • Swan email provider data leak - An employee and identified that the employee’s login had been compromised as a result of a phishing attack.
    • Casa Discloses Data Breach of the Casa Store. Leaked data includes names, emails, phone numbers, shipping and billing addresses, and product(s) ordered
  • 01:21:19 ETH vs BTC differences in capturable attack surface
  • 01:25:08 Open Sats launches legal defence fund, which aims to support free speech and defend open-source Bitcoin contributors from lawsuits regarding their activities in the Bitcoin & FOSS ecosystems by directing donations to fund legal fees related to these contributions. The fund will support hodlonaut and other open source contributors facing lawsuits.
  • 01:32:30 Replicant: Reproducing a Fault Injection Attack on the Trezor One (
  • 01:39:11 Square Hardware Wallet
  • 01:42:38 A new way to do DLCs - Cryptographic Oracle-Based Conditional Payments
  • 01:47:08 BIP Proposal: Receiving and Change Derivation Paths in a Single Descriptor
  • 01:48:08 Taproot Adoption

Tech tip of the day

  • 01:49:04 Have Tor always running on the mac using brew services and having most of your applications Proxy through it.
    • brew install tor
    • brew services start tor
    • brew services list
    • Now go into your application ie Electrum and set the proxy to port 9050
  • 01:51:45 MacOS key repeat
  • 01:52:43 Hosted VPN Using Lightning with Mullvad (
  • 01:53:33 Matt’s suggestions for throwaway phone providers. (,,,

Get in touch with the pod

  • Podcast Twitter:
  • NVK Twitter:
  • Telegram:
  • Email:

Did I get anything wrong above? Help me correct it