I’m joined by guests Steve Lee, Future Paul, Odell & Rijndael to go through the list.

Listen on your favorite podcast app:

I’m joined by guests Steve Lee, Future Paul, Odell & Rijndael to go through the list.

Listen on your favorite podcast app:


  • 00:02:49 Coinkite is looking for a very-very-technical technical writer to update and maintain COLDCARD’s docs. This would be a partime gig for someone looking to own them for years. Apply to jobs at coinkite.com with work samples and links.

Vulnerability Disclosures

  • 00:32:32 SATAn: Air-gap exfiltration attack via radio signals from SATA cables [ArXiv]
    • The researchers demonstrate how data can be exfiltrated from isolated computers using SATA cables, affecting even systems within virtual environments. [YouTube]
  • 00:35:45 Mullvad: possible DNS traffic leak outside VPN tunnel [Blog post]
    • Under certains conditions, DNS traffic can leak from Android devices regardless of the “always-on” option, stemming from bugs in Android OS.
  • 00:37:28 U.S. Federal officials alert on active exploitation of [CISA]
    • The active vulnerability allows account hijacks via password reset emails, and is still being exploited since its disclosure in January 2024.
  • 00:43:23 Coordinated attacks on Docker Hub via malicious repositories [JFrog Blog post]
    • Increase in cyberattacks targeting Docker, where attackers create millions of malicious repositories to distribute malware and orchestrate phishing scams.
  • 00:44:11 Cuckoo: Persistent macOS spyware/infostealer [Kandji Blog post]
    • Operates as a hybrid of spyware and infostealer, targeting targeting both Intel and ARM-based Macs, through deceptive software installations.
    • Employs modified application bundles and ad-hoc signatures to bypass security measures and perform unauthorized activities such as collecting system information and creating persistence on the host device.

Quick fire discussion topics

  • Miner centralization
  • 00:16:16 Ossification
  • 00:18:39 Dev funding


Software Releases & Project Updates

  • 00:48:24 Sparrow Wallet v1.9.0
    • Remove Whirlpool client, and other Soroban related features and dependencies
  • 00:50:04 COLDCARD
    • Shared Improvements - Both Mk4 and Q
      • Add Nunchuk and Zeus options to Export Wallet
      • View Identity shows temporary seed active at the top
      • Can specify start index for address explorer export and browsing
      • Allow unlimit ed index for BIP-85 derivations. Must be enabled first in Danger Zone
    • Q v1.2.0Q
      • Allow export of multisig XPUBs via BBQr
      • Import multisig via QR/BBQr - both legacy COLDCARD export and descriptors supported
      • Status bar text is sharper now
      • Added ability to write signed PSBT/txn to lower (B) SD slot when both cards inserted
    • Mk4 v5.3.0
      • When providing 12 or 18 word seed phrase, valid final word choices are presented in a new menu.
      • Move dice rolls (for generating master seed) to Advanced submenu.
      • Using “Verify Address” in NFC Tools menu, allows entry of a payment address and reports if it is part of a wallet this Coldcard knows the key for. Includes Multisig and single sig wallets.
        • searches up to the first 1528 addresses (external and change addresses)
        • stores data as it goes to accelerate future uses
        • worst case, it can take up to 2 minutes to rule out an address, but after that it is fast!
  • 00:52:16 Secp256k1 v0.5.0
    • New function secp256k1_ec_pubkey_sort that sorts public keys using lexicographic (of compressed serialization) order.
    • Changed:
      • The implementation of the point multiplication algorithm used for signing and public key generation was changed, resulting in improved performance for those operations.
      • The related configure option –ecmult-gen-precision was replaced with –ecmult-gen-kb (ECMULT_GEN_KB for CMake).
      • This changes the supported precomputed table sizes for these operations. The new supported sizes are 2 KiB, 22 KiB, or 86 KiB (while the old supported sizes were 32 KiB, 64 KiB, or 512 KiB).
  • 00:57:51 Umbrel v1.1.1
    • Add support for x86 devices
  • 00:58:10 Blockstream Green
    • iOS v4.0.27
      • Support push notification to receive lightning payments
      • Empty lightning account
      • Export lightning logs
  • 00:58:23 BlueWallet v6.6.3
    • Add privacy manifest for Apple
    • Number in widget should be formatted to be a decimal
  • 00:58:34 Nunchuk: Finney
    • Desktop v1.9.33
      • Add support for multiple subscriptions per account
      • Add the ability to seamlessly change types of keys (For subscribers)
    • Android v1.9.45
      • Add Ultra-High QR setting
      • Add support for multiple subscriptions per account
      • Add the ability to seamlessly change types of keys (For subscribers)
  • 1:03:58 Theya Inc. Bitcoin wallet
    • Single-key vaults: Create mobile vaults with optional encrypted iCloud backups [Announcement]
    • New web app [Announcement]
  • 1:06:46 10101
    • v2.3.0
      • Use correct leverage for trader liquidation price
    • v2.2.3
      • Automatically add app for review in testflight
      • Create release and add APK to CI release
      • Remove unused environment variable in CI
      • Do not hog chain_monitor lock during periodic_check
  • 1:06:52 BTCmap-android
    • v0.7.3
      • Remove sync progress indicator from the map screen
      • Add place directions
      • Add share location button
      • Add companion app warnings for the minority of places which require it
    • v0.7.2
      • Notify user of new places nearby
      • Perform daily sync in background
      • Handle API rate limiting
  • 1:07:10 Braiins Toolbox v24.04
    • Braiins OS: When installing Braiins OS, custom configuration of the firmware is now available in just one step
    • IP Range: Users can now enable or disable IP ranges in “Device Management”
    • Toolbox CLI: Users can bypass prompt messages on certain commands to conveniently use Toolbox in scripting

Project spotlight

  • 1:07:18 BBQr-rust: Rust implementation of the bbqr specification by @PraveenPerera [Github]
  • 1:08:40 Awning: a dockerized Bitcoin + LND + BTCPay node [Github]
    • “Something like Umbrel but lighter and portable. Something like RaspiBolt but easier and automated.”
  • Bitcoin Troubleshoot: App for bitcoiners to troubleshoot each other’s technical issues for sats, using nostr. [Github]
  • 1:09:47 GroupHug: Bitcoin transactions batching server [Twitter post]
    • The service does not provide any kind of privacy, allows participants to bump transaction fee at no extra cost [Github]
  • 1:09:54 Hodlboard: Freedit fork [Website]
    • Simple forum with “Inns” (a bit like subreddits) and “Solo” (for microblogging).
    • Access to the forum requires ownership of a single utxo greater than 500K sats.

Privacy Software

Software Releases & Project Updates

  • 1:10:25 Unleashed.Chat [Note]
    • Add beta web search (also charged for sats per generation)
    • Replacement of Mixtral 7B with 22B in progress

Project spotlight

  • 1:10:40 Emessbee: Unstoppable Coinjoins with No Coordinator by @super_testnet [Stacker.news]
    • The project initially started as a coinjoin-workshop at Btc++ 2024 [Github]
  • FOSS password manager Bitwarden launches new authenticator app for iOS and Android [Announcement]

Lightning + L2+

Software Releases & Project Updates

  • 1:20:24 LND v0.18.0-beta.rc1
    • Add experimental support for inbound routing fees
    • Add new config value sweeper.maxfeerate
    • Add support for pathfinding and payment to blinded paths
    • Add new config value, http-header-timeout
    • Update watchtowers to be Taproot ready
    • Add routerrpc.usestatusinitiated
    • Add helper command for collecting and encrypting useful debug information
    • Add mempool acceptance check prior to broadcasting
    • Introduce fee bumper
  • 1:20:47 Mutiny Node v0.6.7
    • Liquidity alpha3
    • Remove max federation invoice amount
    • nwc fixups
    • Better fedimint update streams
    • Better convert fedimint errors
  • 1:33:39 Breez SDK v0.4.0
    • Change background redeem swap notification message
  • 1:33:46 Blockstream Green iOS v4.0.27
    • Support push notification to receive lightning payments
    • Empty lightning account
    • Export lightning logs
  • 1:34:29 BoltzExchange boltz-backend v3.6.0
    • Add capability to connect to multiple Elements nodes with different transaction relay policies and selectively decide which one to use
  • 1:35:35 SwissBitcoinPay v2.0.13
    • Add com.google.android.gms
    • Use zxing qr scanner
  • 1:35:39 LNp2p Bot v0.10.2
    • Implement wizard on /setinvoice
    • LN Address support
  • 1:35:45 Geyser v0.8.0
    • Feature/boltz swap
      • on-chain contributions are swapped to lightning with no intermediaries, no custodians and low fees

Project spotlight

  • 1:36:10 clArk, an implementation of the Ark second-layer payment protocol for Bitcoin [Github]
  • 1:36:28 Helm Wallet: The lightning wallet even your grandma can use [Twitter post]
    • “Helm is a Liquid wallet that uses Boltz submarine swaps to disguise itself as a Lightning wallet” [Github]
    • All transactions must go on-chain, incurring both a network and operator fee (Boltz)

Vulnerability disclosures (cont.)

  • 1:37:15 “NPR CEO Katherine Maher is chairman of the board for Signal messaging app. But her history as a US-backed regime change operative and her opposition to a “free and open” internet have led some critics to fear that Signal may be compromised.” [City Journal]


Software Releases & Project Updates

  • 1:40:16 Primal
    • iOS v1.6.7
      • Top zaps
      • Note reactions
      • Thread view revamp
      • Lightning invoice rendering
    • Android v0.98.5
      • Implemented:
        • Top zaps on Threads screen
        • Note zaps screen
        • Videos in the Feed and Media Gallery
        • Support for GIF images
        • New screen transitions
        • Auto-adjust dark theme feature
        • Content Display settings
        • Copy text feature on highlighted note on Threads screen
        • Dark theme only media gallery
    • Web v0.105.1
      • Top zaps!
      • Thread view revamp
      • Expanded note reactions: added note mentions
  • 1:42:50 nos2x Note
    • NIP49 support
    • Display redirecting button to options page on first install, let users generate or setup new key
    • Display link to nosta.me, set up a profile right after key setup
  • 1:43:32 Mostro v0.11.6
    • Remove other unwraps and minor cosmetics
    • NIP40 expiration event

Project spotlight

  • 1:43:46 Iris Docs: collaborative document, canvas and chat on Nostr [Website]
    • Proof-of-concept collaborative tool featuring docs, canvas and an explorer for the underlying IrisDB data structure.
  • 1:43:53 ROASTr, Fedimint module for signing Nostr events using ROAST [Github]
    • ROAST is a robust threshold signing algorithm for producing Schnorr signatures.
    • Inspired by Nick Farrow’s Frostr
  • 1:44:09 Magstr, Nostr-based publication platform [Github]
    • Magstr aims to address industry challenges such as high costs and risks associated with content that does not resonate with users.
    • The platform utilizes a codebase built on Next.js, deployable on Vercel, and uses the Nostr network to fetch and display long-form content.
  • 1:44:28 NostrDVM: Nostr NIP90 Data Vending Machine Framework [Github]
    • This framework provides a way to easily build and/or run Nostr NIP90 DVMs in Python.
  • 1:44:49 NosDrive: Experimental Google Drive relay [GitLab]
    • NosDrive is a Nostr Relay that saves your events to Google Drive.


  • 1:53:22 Thanks to everyone who streamed sats, and shoutout to our top boosters:
    • [🏆 TOP BOOSTER] @apemithrandir (7,777 sats) “First they came for DMNs And I did not speak out Because I did not use DMNs Then they came for KYC-free CEX And I did not speak out Because I did not use KYC-free CEX Then they came for Custodial Mixers And I did not speak out Because I did not use Custodial Mixers Then they came for Coinjoins And I did not speak out Because I did not use Coinjoins Then they came for me And there was no one left To speak out for me”
    • @loke (4,500 sats) “I don’t know”
    • @jcdenton (3,125 sats) “great panel as always”
    • @vake (3,000 sats) “Another boring week in bitcoin”
    • @2ndbreakfast (720 sats) “Great group therapy session”
    • @bendthefed (521 sats)
    • @tmakerman (500 sats) “thank you NVK, Ben, Rob, and Rijndael 🙏”

Tech Tip of the Day

  • 1:54:58 ASCIImoji: A small library which replaces certain keywords in texts with ASCII emoticons [Github]

Bitcoin Optech Newsletter

  • Highlights from recent Bitcoin Optech Newsletters
  • 300
    • CTV-like exploding keys proposal
      • Tadge Dryja introduces a proposal for a more efficient version of CTV. The method involves paying to a public key constructed from a MuSig2 aggregation, which commits to specific transaction details without requiring additional signatures.
    • Analyzing a contract protocol with Alloy
      • Dmitry Petukhov publishes a specification using the Alloy language on Delving Bitcoin, analyzing a simple OP_CAT-based vault.
      • Alloy is utilized to identify modifications and highlight critical constraints for potential implementors of the contract protocol.
    • CoreDev.tech Berlin event: many Bitcoin Core contributors met in person for a periodic CoreDev.tech event last month in Berlin. Transcripts

News & Noteworthy


  • 1:55:38 Ocean launches Lightning payouts for Bitcoin miners using BOLT12 [Announcement]
  • Lightning Labs CTO @Roasbeef announces first mainnet asset keysend payment with Taproot asset channels [Roasbeef Twitter post]
    • “This demo showcase direct keysend payments […], in order to take advantage of the network effects of the Bitcoin Backbone of the LN multi-hop is a necessity […]” [Github]
  • Coinbase integrates Bitcoin’s Lightning Network in partnership with Lightspark [Announcement]


  • 1:56:40 NIP-104: Double Ratchet (End-to-End Encrypted) DMs
    • Nostr contributor JeffG announced having found a way to bring E2EE DMs on Nostr, “in a way that is both forward and post-compromise secure AND doesn’t require any centralized servers” [Note]
  • 2:00:50 LightningTipBot and ln.tips are retiring [Note]
    • Developer Callebtc mentions the growing human and financial cost in running the bot as well as the cost attached to running a node in a high fee environment as the main reasons for turning off the bot.

Business & Finance

  • MicroStrategy introduces inscription-based Bitcoin DIDs [Bitcoin Magazine]
  • zkSNACKs is discontinuing its coinjoin coordination service as of June 1st, 2024 [Announcement]
  • Acinq has removed Phoenix Wallet from the US app stores on May 3rd, 2024 [Announcement]
  • Tether to implement Chainalysis monitoring system for secondary market activity [Blog post]
  • Custodia Bank appeals for Federal Reserve master account [TFTC]
    • Wyoming-based full-reserve cryptocurrency bank has filed an appeal against a court ruling that upheld the Federal Reserve’s decision to deny its application for a master account.
    • MicroStrategy announces a new platform named MicroStrategy Orange, which includes an open source protocol did:btc for managing decentralized identities (DIDs). [Github]
  • Block Inc. implements a bitcoin dollar cost average purchase program [Press release]
    • Throughout 2024, Block will be investing 10% of its gross profit from bitcoin products into bitcoin purchases.


  • 2:06:27 OpenSats receives an additional donation of $21M from #startsmall [Blog post]
    • “This donation will top up our funds and operations budget, with $15,000,000 going to our General Fund, $5,000,000 to The Nostr Fund, and $1M to our operations budget.”
  • 2:09:21 OpenSats grants long-term support for Shashwat Vangani [Blog post]
    • “This LTS grant will enable Shashwat to focus on the deployment of BOLT-12 within LDK, with a particular focus on blinded paths, invoice overpayments, and retrying invoice requests.”
  • 2:09:29 Spiral renews grants to @BitcoinZavior and Matt Morehouse
  • Bitcoin Berlín SV launches an incubator program [Announcement]
    • The 12 week long program aims to support existing and future local businesses with branding, projections, marketing and sales pitch.


  • PayPal’s initiative for ESG-compliant Bitcoin mining [Announcement]
    • The plan includes routing transactions to miners who use low-emissions energy, rewarding them with a locked Bitcoin bonus, accessible via a multisig script.
    • Miners can earn a “Green Proof” certification by achieving a high “Clean Energy Score” or “Grid Impact Score”


  • Elliptic: The Shape of Money Laundering [Research paper]
    • Blockchain analysis firm Elliptic collaborates with MIT-IBM Watson AI Lab to improve detection of money laundering in Bitcoin transactions [Announcement]


  • Bitcoin Core #27679: allows notifications sent using the ZMQ dispatcher to be published to a Unix domain socket [Merged]
  • Core Lightning #7240: adds support for retrieving required blocks from the Bitcoin P2P network if the local Bitcoin node has pruned them [Merged]
  • Eclair #2851: begins depending on Bitcoin Core 26.1 or greater and removes code for ancestor-aware funding [Merged]
  • LND #8627: now defaults to rejecting user-requested changes to channel settings that require above-zero inbound forwarding fees [Merged]
  • Libsecp256k1 #1058: changes the algorithm used for generating public keys and signatures [Merged]
  • BIPs #1068: swaps two parameters in BIP47 version 1 reusable payment codes to match an implementation in Samourai wallet [Merged]

Government & Political

  • DoJ opposes dismissal of Tornado Cash indictment [The Block]
    • The DoJ argues that Tornado Cash acted as a money transmitting business and that “The definition of ‘money transmitting’… does not require the money
  • Craight Wright discontinues UK libel proceedings against @hodlnaut [Hodlnaut Twitter post]
  • Roger Ver indicted with mail fraud, tax evasion and filing false tax returns [Press release]
    • Ver has been arrested in Spain based on the U.S. criminal charges. The U.S. plans to seek his extradition to face trial there.
  • Binance founder and former CEO CZ sentenced to 4 months in prison [CoinDesk] transmitter to have ‘control’ of the funds being transferred” [Court filling]
  • FBI warns Americans against using cryptocurrency money transmitting services that are not registered as Money Services Businesses [Notice]
  • Federal prosecutors are examining financial transactions at Block, owner of Cash App and Square [NBC News]
  • U.S. Senator Elizabeth Warren claims Iran is exploiting Bitcoin mining to evade sanctions and support terrorism [The Hill]
    • The senators are seeking details on how extensively Iran uses cryptocurrency, and inquire about the steps the administration is taking to counteract these activities.
  • New EU rules to combat money-laundering adopted [Press release]
  • Nigeria’s National Security Adviser classified crypto trading as a national security issue [Techcabal]
    • “That designation means a new crypto regulation that will ban peer-to-peer trading of cryptocurrencies is in the works”


  • Adopting Bitcoin El Salvador announces 2024 edition [Announcement]
    • November 15-16 in San Salvador, El Salvador
  • Financial Freedom Track at the Oslo Freedom Forum [Announcement]
    • The Human Rights Foundation announces the seventh annual Financial Freedom Track aimed at highlighting financial repression by authoritarian regimes and showcasing global resistance through open-source solutions
    • June 5, 2024 in Oslo, Norway
    • On June 3 and 4, HRF will conduct a Bitcoin 101 for Activists workshop series to educate nonprofit leaders on the secure and effective use of Bitcoin


  • Here’s a list of our top recently published reads:
    • BOLT12 has Arrived by Jeff Czyz [LDK Blog]
    • War of Attrition by Alex Bergeron [Bitcoin Magazine]
    • Nostr is Identity for the Internet [Hivemind]
    • “ASICs optimized for heat, not efficiency, will decentralize mining” [Braiins Blog]

Episode submission ideas

  • We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod

Did I get anything wrong above? Help me correct it producer@coinkite.com