I’m joined by guests Future Paul, Rob Hamilton & Rijndael to go through the list.

Listen on your favorite podcast app:

Quote of the Day

“The only exfil limits are your imagination” - addBTC

Housekeeping

  • 00:02:31 Entrepreneurial editor wanted for a new Bitcoin media publication project for technical and industry topics [NVK’s Twitter post]
  • 00:03:11 New COLDCARD website!
  • 00:03:18 COLDCARD Q is now available in the EU [ColdHodl]
  • 00:03:32 Updated Docs at coldcard.com/docs
  • 00:03:46 Call for People to get off their ass and get into Amateur radio if they really care about decentralized comms
  • 00:03:59 New boost email for questions questions@bitcoin.review
    • Also works as actual email to us

Vulnerability Disclosures

  • 00:04:35 Dark Skippy: a new method for a malicious signing device to leak secret keys [Announcement]
    • Dark Skippy is a new attack that can exfiltrate secret keys from compromised signing devices using malicious firmware. It utilizes altered signing functions to embed the master secret seed within transaction signatures.
    • The attack involves using weak, low-entropy nonces derived from parts of the secret seed. By analyzing affected signatures in transactions, attackers can reconstruct the full seed.
  • 00:38:32 “Free Relay” attack taking advantage of the lack of Full-RBF in Bitcoin Core [Bitcoin Development Mailing List Discussion]
    • Peter Todd discloses Bitcoin Core vulnerability allowing “free” relay attacks by broadcasting uneconomical transactions that Bitcoin Core nodes propagate but miners reject. This exploit highlights Bitcoin Core’s indifference to free relay issues.
  • 00:39:35 Mac Malware posing as popular apps like LedgerLive, Chrome, Safari and Firefox [9to5Mac]
    • The malware is promoted through legitimate-looking Google ads and phishing emails and can potentially access and drain victims’ cryptocurrency wallets.
  • 00:46:03 Five dollar wrench attacks:
    • Foreigner abducted and killed in Kyiv for bitcoin [Censor.Net]
      • Four men in Kyiv abducted and killed a 29-year-old foreigner, stealing nearly UAH 7 million (~$170,000) in bitcoins. They prepared by tracking his address and assaulting him at night.
    • 00:47:09 Thai police arrest five Russians accused of kidnapping a compatriot for a $900,000 cryptocurrency ransom in Pattaya [Bangkok Post]
      • The victim, held for three days, was released after paying in various digital currencies. The police recover the ransom amount during the arrests.
  • 00:48:27 Accessing deleted and private repository data on GitHub [Truffle Security]
    • A guide by Truffle Security shows how data from deleted forks, repositories, and private repositories on GitHub can still be accessed indefinitely, intentionally designed that way.
    • This presents a significant security risk for organizations using GitHub, leading to the introduction of the term “Cross Fork Object Reference (CFOR).”
    • A CFOR vulnerability occurs when data from one repository fork, including private or deleted ones, can be accessed by another fork using commit hashes, similar to Insecure Direct Object References.
  • 00:49:44 Telegram zero-day exploit allows malicious APKs to be sent as videos [Bleeping Computer]
    • This exploit only affected Telegram’s Android version and has since been patched.
  • 00:51:27 Data breach at bank linked to Coinbase exposes customer data [Atlas21]
    • A security breach on July 11 at a bank associated with Coinbase exposed the personal data of 154 customers. Exposed data includes customer names, bank account numbers, and routing numbers.
  • 00:53:08 Fractal ID, a web3 identity solution provider, suffers a data breach, affecting 0.5% of its users [Post mortem]
    • An external party gained unauthorized access and retrieved personal data, including names, emails, and phone numbers.
  • 00:53:23 Indian crypto exchange WazirX confirms a security breach resulting in $230 million loss [TechCrunch]
    • WazirX’s statement points out attacker likely exploited a discrepancy between data on the interface and the actual transaction. The payload is suspected to have been altered to grant the attacker wallet control.
    • The stolen assets represent 45% of WazirX’s holdings. The platform has decided to temporarily halts all withdrawals until further notice.
  • 00:56:07 Exchange dYdX website hacked in DNS hijack attack [Bleeping Computer]
    • The attack involves altering DNS records to reroute dYdX’s domain, redirecting users to a fraudulent site.

Bitcoin

Software Releases & Project Updates

  • 00:57:18 secp256k1 v0.5.1
    • Added: Add usage example for an ElligatorSwift key exchange
    • Changed:
      • The default size of the precomputed table for signing was changed from 22 KiB to 86 KiB. The size can be changed with the configure option --ecmult-gen-kb (SECP256K1_ECMULT_GEN_KB for CMake)
      • “auto” is no longer an accepted value for the --with-ecmult-window and --with-ecmult-gen-kb configure options (this also applies to SECP256K1_ECMULT_WINDOW_SIZE and SECP256K1_ECMULT_GEN_KB in CMake). To achieve the same configuration as previously provided by the “auto” value, omit setting the configure option explicitly
    • Fixed: Fix compilation when the extrakeys module is disabled
  • 00:58:25 BDK v1.0.0-beta.1
    • Allow user provided RNG, make rand an optional dependency
    • Use Psbt::sighash_ecdsa for computing sighashes
    • Use Weight type instead of usize
    • Remove usage of blockdata:: from bitcoin paths
    • Calculate DescriptorId as the sha256 hash of spk at index 0
    • Change tx_last_seen to Option<u64>
    • Add support for custom sorting and deprecate BIP69
    • Update bdk_electrum to use merkle proofs
  • 1:04:51 Nunchuk
    • Desktop v1.9.36
      • Support for automated wallet rollover
      • Key replacement for unassisted wallets
    • Android v1.9.48
      • Automated wallet rollover
      • Portal device integration
    • Automated Wallet Rollover feature [Announcement]
      • Independent rollover feature:
        • Transfer between any wallet types (single-sig to multi-sig, vice versa, or between different multi-sig configurations).
        • Preserve coin segregation strategy during transfers.
        • Enhance privacy further through randomized broadcast of the rollover transactions.
      • Advanced coin control during rollover:
        • Preservation of existing tags and collections, maintaining the separation of coins based on origin, purpose, or other criteria.
        • Enhanced privacy by preserving your original coin management strategy.
  • 1:06:02 Libwally-core v1.3.0
    • Add support for fetching the CSV block count for Green CSV scripts
    • Add support for finalizing Green CSV inputs
    • PSBT: Do not serialize witness data for input non-witness UTXOs, in order to match the current behavior of Bitcoin core.
  • 1:07:18 Bitcoin Keeper
    • v1.2.12 - Cloud backup auto triggered with any vault changes
    • Custom fees now enabled for auto-transfer - Assisted Keys can now be hidden
      • Signing device history screen now shows more information
    • v1.2.10
      • Introducing companion Keeper Desktop app
      • Now you can also connect with Trezor for your multi-key setups
      • Inheritance Planning Documents updated
      • Use file transfer for all signers, useful for devices not supporting NFC or QR scanning
  • 1:07:48 Boltz Exchange
    • web-app v1.4.1
      • Show cooperative refund error on broadcast fail
      • Add reckless mode
      • Add warning to download filenames
    • boltz-backend v3.7.2 - Stability is boring
      • Add features for API clients:
        • Overpayment protection which means swaps that send too much onchain will be failed
        • Custom descriptions for invoices created for Reverse Swaps
      • Sanity check invoice memos
      • Custom reverse swap invoice description
      • gRPC server SSL encryption and authentication
      • Allow lowball lockup transactions in API
      • Onchain overpayment protection
      • S3 compatible backup provider
      • ListSwaps gRPC method
  • 1:08:02 Blockstream Green
    • iOS v4.0.31
      • Rescan lightning swaps
      • Set electrum TLS for custom electrum server
      • Improve lightning account deletion
    • Android v4.0.31
      • Allow disabling TLS on Personal Electrum servers
  • 1:08:26 Bitkey v2024.63.0
    • Feature callouts: Badges now appear to note new features
    • Improved price comparisons: See more detailed price comparisons across exchanges when buying bitcoin in the app
  • 1:09:51 Padawan Wallet v0.13.0 - Swift Speeder
    • Now use Signet instead of Testnet3
    • Translation to portuguese
    • Improve screen for tutorials
  • 1:11:14 ESP-miner v2.1.9
    • Add Overheat_mode
    • Add Multi-chip support without the need of nvs
    • Small optimization and code refactor:
    • Add quick link to stats when mining on CKPool
    • Add Recovery Page

Project spotlight

  • 1:12:04 ProtonPrivacy launches ProtonWallet, an open-source, E2E-encrypted, and self-custodial Bitcoin wallet [Github]
    • Proton Wallet’s Bitcoin via Email feature uses PGP-signed addresses, aims to reduce error risk by verifying emails instead of 26-character Bitcoin addresses.
    • Users in over 150 countries can buy Bitcoin easily through Proton Wallet using credit cards or bank transfers.
    • Each bitcoin via email transaction uses a different address, in order to protect user privacy and to make transaction linkage difficult.
  • Bitcoin Safe: Long-term Bitcoin savings made Easy
    • Easy Multisig-Wallet Setup
      • Step-by-Step instructions with a PDF backup sheet
      • test signing with all hardware signer
    • Simpler address labels by using categories (e.g. “KYC”, “Non-KYC”, “Work”, “Friends”, 
)
      • Automatic coin selection within categories
    • Sending for non-technical users
      • 1-click fee selection
      • Automatic merging of small utxos when fees are low
    • Collaborative:
      • Wallet chat and sharing of PSBTs (via nostr)
      • Label synchronization between trusted devices (via nostr)
    • Multi-Language
    • Fast:
      • Electrum server connectivity
      • planned upgrade to Compact Block Filters for the Bitcoin Safe 2.0 release
    • Secure: No seed generation or storage (on mainnet).
      • A hardware signer/signing device for safe seed storage is needed (storing seeds on a computer is reckless)
      • Powered by BDK
  • 1:20:56 lastseed: CLI tool to calculate last seed words and entropies [Github]
    • “Display the possible last seed words from 11, 14, 17, 20 or 23 words. Entropy is also displayed and can be pasted into Ian Coleman bip39 or similar tools.”
  • 1:21:17 Dictionnaire de Bitcoin: Comprehensive guide to Bitcoin terminology [Github]
    • LoĂŻc Morel authors a comprehensive dictionary of Bitcoin technical terms, available for free digitally on GitHub and for purchase in print from late 2024.
  • 1:21:24 Octojoin: Payjoin with no interaction between sender and recipient [Announcement]
    • It uses multiple inputs, some swapped off-chain, making it hard for analysts to link all inputs to a single user.
    • Users need to label UTXOs as “octojoin,” use silent payment addresses, and create transactions with multiple outputs to enhance privacy.
  • 1:21:35 Argon BWG: Border wallet generator [Live demo]
  • 1:21:41 BitForge Nano: innovative, open-source Bitcoin miner designed for home use [Geyser page]
    • “Utilizing 2 of the BM1368 ASIC chip, BitForgeNano aims to deliver over 1 TH/s of mining power.”
  • 1:21:51 Bitaxe Satellite: About Research and Development into an integrated system that will allow a Bitaxe BTC Miner to communicate via satellite with Public Pool [Github]
    • Bitaxe Satellite is an open-source project on GitHub designed to facilitate Bitcoin mining through satellite communication.
  • 1:23:50 PyBLOCK: New solo mining pool
    • PyBLOCK is a not-for-profit project charging a 0.4% fee and does not require registration/KYC.
  • 1:24:15 Roxom: Bitcoin denominated markets for stocks, ETFs, commodities and more
    • View all global asset in Bitcoin terms, along with direct trading with bitcoin coming soon.

Privacy & Other Related Bitcoin Projects

Software Releases & Project Updates

  • 1:24:54 reticulum-meshchat
    • v1.8.0
      • Add new notification for incoming calls
      • Add a red indicator to show if a conversation has messages that failed to send
      • Add buttons to quickly open folder containing Reticulum config file and MeshChat database file
      • Add button to app version section to quickly go to MeshChat releases
      • Add dismissible section to interfaces tab with suggested community servers
    • v1.7.2
      • Add new settings UI
      • Add setting to allow auto resending failed messages when the intended destination announces
      • Add setting to prevent auto resending failed messages if they have attachments
    • v1.7.1
      • Add support for viewing and managing TCPServerInterface
      • Add support for viewing and managing UDPInterface
      • Improve some UI for mobile sized screens
      • Sending a message will now attempt to find a path for unknown destinations instead of immediately failing
  • 1:25:28 M17-Project Module_17 Rev1.0
    • Complete board redesign intended for use in an Hammond aluminum extruded case
    • New user interface board for the enclosure, with capacitive touch buttons and larger screen
    • Redesigned AF audio amplifier
    • Added OHIS
    • Added the option to use either digital or analog potentiometers to improve parts availability
    • License updated from TAPR to CERN-OHL-W-V2

Project spotlight

  • 1:28:36 El Tor: Incentivized high bandwidth Tor network using the Lightning Network
    • The system incentivizes Tor relays with LN payments, improving decentralization and security. Users earn sats by running entry guards, middle relays, or exit relays.
    • El Tor uses Bolt12 offers for payments, with clients paying relays out of band and verifying payment proofs before building circuits. This ensures each relay is compensated.

Lightning + L2+

Software Releases & Project Updates

  • 1:30:33 Mutiny Wallet is shutting down [Blog post]
    • “Our company is exploring alternative products, we’ll be shutting down the wallet at the end of the year but you can still self host.”

Project spotlight

  • 1:44:15 Fedi: “The World’s First Community Superapp”
    • Fedi, Inc., a U.S. based developer of community-empowering financial and data technology, launched the first full commercial release of the Fedi App at a virtual event on August 6th, at 10am ET, live-streamed at fedi.xyz.
  • 1:44:32 Alby Hub: one-click install node that lets you connect to Bitcoin apps with Nostr Wallet Connect [Github]
    • Own Lightning Node
    • Open-Source
    • Instant install, easy access
    • Simple channel management
    • NWC connectivity to various apps
    • Card top-ups
  • 1:45:13 Nutlife.lol: Counts and display all the NutZaps sent recently, equivalent to Zaplife.lol, by @Pablof7z

Software Releases & Project Updates (cont.)

  • 1:45:55 Phoenix
    • Android/iOS
      • v2.3.5
        • Add new option of 1 hour and 1 day for the invoice expiry
      • v2.3.4
        • Fix compatibility issue with some BOLT12 offers
        • Improve Bip353 and Bip21 support
        • Payer-key behavior is now set per contact
    • Phoenixd
      • v0.3.2
        • Support multiple values in configuration file
        • Add a secondary http password with limited access
        • Add a per-invoice webhook for BOLT11 payments
      • v0.3.1
        • Correctly handle ₿ prefix in BIP353
        • Support multiple webhooks
        • Validate that mnemonics form a valid BIP-39 seed
  • 1:49:48 taproot-assets
    • Mainnet release of Taproot Assets on Lightning [Blog post]
      • “With Taproot Assets, users can make instant, low fee asset transfers, bringing trillions of stablecoin volume to Bitcoin.”
    • v0.4.0
      • Add asset group burn itest, logging, and missing error handling
      • Add means to specify sqlite db file path for tapd test harness and db unit tests
      • Add enhanced prometheus metrics for tapd
      • Increase group witness test coverage
      • Improve coin selection unit tests
      • Add asset sell support to the RFQ service
      • Add RFQ buy offer
      • Add lll linter to golangci-lint configuration
      • Use new WalletKit.FundPsbt coin selection option
  • Zeus v0.8.5
    • c-lightning-REST: BOLT 12 offers and Twelve.cash BIP-353 lightning addresses
    • Embedded Node: LND v0.18.0-beta
    • Embedded Node: 5x Neutrino peer ping tolerance
  • Breez SDK v0.5.1-rc4
    • Support notifications to complete reverse swap when offline
    • Switching LSP now keeps getting payment notifications from the previous lsp (as long as there are channels)
    • Support non strict mode for LNURL pay when callback domain is different than the lnurl domain
    • Use JSON for dev command output
  • Alby lightning-browser-extension v3.9.0 - Sagittarius Star Cloud
    • Handle longer descriptions + buttons always visible in viewport
    • Extend kind list, kind types, kind translations
    • Show lnaddress only when oauth account settings are accessed
    • Add custom records to NWC connector
    • Use new nwc client from sdk
  • Polar v3.0.0
    • Shutdown Docker Containers when Closing Polar GUI
    • Real-time updates of channel status changes
    • Remember node counts when creating new networks
    • Add custom base port for nodes
    • Add ability to minimize, maximize and quit polar from system tray
    • Add ability to rename nodes
  • Fedimint v0.4.0 - Rotation Station
    • Changing peer’s DNS names is now possible
    • On chain deposits are now considered “expert-only”
    • On chain deposit charge fees by default to counter dust attacks
    • Wallet client module implements backup and recovery
    • Wallet client module is robust w.r.t deposit address reuse and rbf transactions
    • Client reconnection backoff was improved
    • RBF withdrawal functionality was removed
    • It’s possible to finish DKG (setting up Federation) using only the fedimint-cli tool
  • CLBOSS v0.13.2 - Bwahaha’s Dominion
    • Add signet support
    • Update the seeds list
    • Add module diagrams for channel creation, offchain to onchain swaps, and channel balancing
    • Improve listpeers handling diagnostics
    • Improve Initialization of OnchainFeeMonitor with Conservative Synthetic History
  • Aqua Wallet v0.2.0
    • Liquid Network transaction fees are now ~40 sats (3 cents)
    • AQUA now supports native Tether USDt transactions, meaning you can pay Liquid Network fees with USDt. L-BTC is no longer required
    • Add Taproot swaps for cooperative, instant refunds on failed Lightning sends (many thanks to Bull Bitcoin and Boltz for their work on this library)
    • Add more fiat currency display options
    • Add RBF (Replace-by-fee) for Bitcoin sends
    • Add Internal Send flow as another swap option in addition to the standard Swap interface
    • Add Direct Peg-In option for Layer 2 Bitcoin, which can be turned on in Advanced Settings - this allows for Liquid peg-ins from external wallets
    • Add SideSwap, SideShift, and Boltz swaps to a local database, which is shown on the transaction details screen

Nostr

Project spotlight

  • Nutsack: A NIP-60/61 nostr client by @pablof7z [Github]
    • Key features:
      • unified balance across your apps
      • pocket-change that follows you around
      • new users are immediately zappable
      • verifiable nutzaps
      • faster zaps and zaps that can’t go missing
  • Trust minimized NsecBunker with Frost [Demo]
    • The NsecBunker demo uses FROST signatures, establishing a 2-of-2 frost signature scheme. This ensures safety unless both a rogue client and bunker simultaneously conspire against the user.
  • Oblisk Sync: Nostr-based browser extension for tabs management [Github]
    • Oblisk Sync lets users save browser tabs into sessions, stored as encrypted Nostr events using private keys.
    • The extension also functions as a Nostr signer and works on Chromium browsers and Edge.
  • Osty: Framework for building Nostr web applications [Github]
    • “Free and open-source framework for building web apps on the Nostr protocol. Think of it as a Next.js but for Nostr.”
    • “It comes with all the essential tools and best practices you need to start building fully customized web apps on Nostr, including UI components, Nostr Widgets, NDK integration, caching, routing, state management, and more.”
  • nostr-filter-relay: A Nostr relay docker image package which filter content based on content type (SFW/NSFW), user type, language, hate speech (toxic comment), sentiment, topic, and various rules. [Github]
  • StatechainJS: A vanilla javascript implementation of a statechain client and an operator [Github]
    • StatechainJS allows users to pass around the private key to a Bitcoin UTXO instead of creating transactions.
    • A partially trusted operator holds a second key to the UTXO, ensuring no double-spending occurs by only interacting with the latest holder of the private key.
    • The latest holder is able to withdraw their funds even if the operator shuts down, thanks to “decrementing timelocks,” which provide a fail-safe mechanism.
    • Cryptographic keys are used to prove who the latest holder is. (StatechainJS uses nostr.)
  • Askeladd: Censorship-resistant global proving network, powered by Nostr and Stwo Circle STARK prover. [Github]
    • Askeladd is an open-source reinforcement learning framework designed to simplify the development and deployment of RL agents
  • Nostter: Nostr client for web [Github]
  • Captain’s log: A desktop note-taking app for nostr [Github]
  • Nostrmo: A flutter nostr client for Android, IOS, MacOS, Windows, Web and Linux [Github]
  • Nostr-PHP: a PHP helper library for Nostr [Github]
  • Unify Wallet: A Fully Noded style Payjoin wallet powered by Nostr [Github]
  • DVMDash: Monitoring and debugging tool for AI activity on Nostr [Github]
    • DVMDash serves as a tool for monitoring and debugging DVM activity on Nostr.
    • “Data Vending Machines (nip-90) offload computationally expensive tasks from relays and clients in a decentralized, free-market manner”

Software Releases & Project Updates

  • NDK v2.10
    • Optimistic Signature verification: NDK introduces signature verification sampling. - Nostr Cache Adapter: ndk-cache-nostr is a cache adapter that connects to a single local relay.
    • Refactored Zapping interface: This new interface abstracts away the funding mechanism (NWC, WebLN, built-in-wallet) and the delivery mechanism (LN, ecash, Rai stones)
    • Major subscription Lifecycle refactor: The core of how NDK works was completely refactored from the ground-up, removing a lot of dependencies from nostr-tools, and bringing a lot of clarity to how NDK orchestrates subscriptions at the relay level.
    • Tutorials and other stuff: high-level documentation
  • Rust Nostr v0.33.0
    • Better outputs for send/batch/reconcile methods
    • Allow to change NIP-42 option after client initialization
    • Increase max stack size for JS bindings to prevent “memory access out of bounds” error
    • Expose more objects/methods for JS bindings
    • Dry run option for negentropy reconciliation
    • Get NIP-46 relay from NIP-05 profile
  • Nutshell v0.16.0
    • New binary token format
    • Offline wallet and improved coin selection
    • Now supports fees for Ecash transactions
    • Add WebSocket subscriptions
    • Add support for Multinut payments
    • Prepare Nutshell for parallel deployments in a Kubernetes cluster
    • Add support for EUR
    • Add support for CLN Rest
  • Amethyst
    • v0.89.8
      • Add delete all drafts button
      • Enable crossfading between image states
      • Sign for just one auth event to register with the push notification service instead of the dozens of events, one per relay
      • Add the highlight quote to the base URL of a highlight event so that when the user opens the link, it highlights on the page
      • Add tests for 02 and 03 compressed keys to make sure they can encrypt and decrypt from and to each other
      • Add the mint information to each cashu preview
    • v0.89.0
      • Render Base64 images and gifs
      • Add NIP-96 image server settings
      • Add Profile Gallery
      • Add outbox cache in order to resend events after relay authentication
      • Force-updates relays that are sending old versions of replaceables or events that have been already deleted
      • Add follow-list based relay recommendations to the relay settings
      • Add Malware Report type
  • Voyage
    • v0.10.0
      • Edit mute word list
      • Hide posts and replies with muted words
      • Show why a profile is semi-trusted
      • Optionally send bookmarked posts to local relay
      • Optionally send upvoted posts to local relay
      • Change event content of upvote
    • v0.9.0
      • Automatically connect to local relay (localhost:4869, Citrine default) if installed
      • Export your posts and bookmarks. Exported file can be imported to Citrine
      • Change local relay port
      • Show list description and IDs
      • Delete all posts from database
      • Show mentions in inbox view
    • v0.8.0
      • Mute profiles and topics
      • Show mute list
      • Don’t show muted profiles and topics in feeds
      • Add topic to list from topic view
  • Oxchat v1.3.0
    • You can now choose to post text, images, or videos in the same input box for moments
    • Add the ability to set permissions in bulk for group chats
    • Add default zap message settings
    • Add a prompt to claim eCash from npub.cash in the settings-zaps
    • Add a yellow exclamation mark notification for regular kind4 private messages
    • The send button in the chat input box stays at the bottom when typing, no longer moving up
    • Long chat messages can be expanded to show the full text by clicking on them
    • Add liked & zapped filters for the moment feeds
  • Gossip v0.11
    • Secure direct messaging: NIP-17 DMs (with NIP-44 encryption and NIP-59 Giftwrap) is fully supported, usable only if both parties have published their DM relays in a kind 10050 event
    • Load more: now loads a fixed count of events, instead of a time period
    • Annotations: You may now annotate your messages.
    • Support for wgpu renderer, and new command to set renderer: wgpu_renderer
    • Option to render feed in reverse (with newest at the bottom)
    • Improve local storage performance
  • nos.social
    • v0.1.23
      • Remove stories UI to improve performance
      • Report error to Sentry when parse queue contains over 1000 events
    • v0.1.22
      • Add a filter button to the Home tab that lets you browse all notes on a specific relay
      • Improve the search experience with fast local searches
    • v0.1.21
      • Add support for paid/authenticated relays (NIP-42)
      • Add impersonation flag category and better NIP-56 mapping
      • Add a Tap to Refresh button in empty profiles
      • Support nostr:naddr links to text and long-form content notes
  • Nostrmo v2.9.0
    • NIP-29 Group support
    • Add NIP-07 at web version
    • Optimize the performance of other signers
    • Content base64 image decode support
  • nostr-filter-relay v0.3.0
    • This release bring new major features, modules updates, several code improvements, security fix, better documentation, and mark the completion step of nostr-filter-relay as follows:
      • Sentiment analysis filtering
      • Topic classification filtering
      • Language filter
      • NSFW/SFW image content filter
      • User type filtering (Nostr native user/non bridged user, activitypub/mostr bridged user)
      • Toxic comment filter
  • Nostr-zap v1.0.0
    • Add shadowdom, add data-button-color and data-anon, reset dialog cache on param change

Boosts

  • 1:28:53 Thanks to everyone who streamed sats, and shoutout to our top boosters:
    • [🏆 TOP BOOSTER] @seedor (21,000 sats) “Only since Satoshi found digital gold, any real liberty can exist! Few. 😜”
    • @ez21 (10,000 sats) “Zzzzzzzz
💬”
    • @vake (10,000 sats) “Keep it up 🙏”
    • @apemithrandir (7,777 sats) “I hear Mr Raw, I must boost.”
    • @garykrause_ (5,000 sats) “whiskey company sponsoring a sleep aid. donly fund the competition.”
    • @dubravko (2,140 sats) “I’m so excited to tell NVK that there is a Raspberry Pi based module that connects to the Flipper Zero to make gaming possible!”
    • @bencoin (2,100 sats) “great podcast”
    • @cantillionaire (1,000 sats) “drink everytime NVK brings up raspberry pi”
    • @plebhodl (1,000 sats) “Always worth listening too. Although after, normie’s seem even stupider
 not sure they are going to cope with what is coming.. Thanks NVK and all.”

Bitcoin Optech Newsletter

  • Highlights from recent Bitcoin Optech Newsletters
    • 314
      • Disclosure of vulnerabilities affecting Bitcoin Core versions before 0.21.0: Niklas Gögge posted to the Bitcoin-Dev mailing list, linking to announcements of two vulnerabilities affecting outdated versions of Bitcoin Core. These versions have been past their end of life since at least October 2022. This disclosure follows a previous announcement of older vulnerabilities reported in an earlier newsletter.
        • Remote crash by sending excessive addr messages
        • Remote crash on local network when UPnP enabled
      • Optimizing block building with cluster mempool: Pieter Wuille posted on Delving Bitcoin the challenge of optimizing miner block templates with cluster mempool.
      • Hyperion network event simulator for the Bitcoin P2P network: Sergi Delgado posted on Delving Bitcoin about Hyperion, a network simulator he has developed. The simulator tracks data propagation through a simulated Bitcoin network.
    • 313
      • Varied discussion of free relay and fee bumping upgrades: Peter Todd posted to the Bitcoin-Dev mailing list a summary of a free relay attack that he previously responsibly disclosed to Bitcoin Core developers. Some of the topics discussed included:
        • Free relay attacks
        • Free relay and replace-by-feerate
        • TRUC utility
        • Path to cluster mempool
    • 312
      • Distributed key generation protocol for FROST: Tim Ruffing and Jonas Nick introduced a BIP draft on the Bitcoin-Dev mailing list. The draft includes a reference implementation of ChillDKG, a protocol designed to generate secure keys. These keys are intended for use with FROST-style scriptless threshold signatures, which are compatible with Bitcoin’s schnorr signatures.
      • Introduction to cluster linearization: Pieter Wuille posted a comprehensive overview of cluster linearization on Delving Bitcoin. The overview covers the fundamental concepts of cluster mempool and progresses to specific implementation algorithms.

News & Noteworthy

Bitcoin

  • University of Wyoming launches Bitcoin Research Institute [Press release]
    • The University establishes the first academic institute dedicated to bitcoin research, aims to produce peer-reviewed publications about bitcoin from all academic disciplines. The institute plans to address fundamental questions about money and digital currency. [Website]
  • Seed Tool App: Ledger now offers an alternative to its Ledger Recover service [Blog post]
    • The app utilize the SSKR (Sharded Secret Key Reconstruction) library, and creates Shamir’s Secret Shares to store BIP39 seed phrases.
    • Currently compatible with Nano devices, Ledger plans to expand to Stax devices and incorporate BIP85 functionality for generating passwords and managing multiple seeds.
  • Casa introduces the ability to secure bitcoin keys with a YubiKey [Blog post]
    • This development aims to increase security by generating and storing seed phrases directly on the YubiKey, protected by passkeys.
  • Voltage introduces developer-friendly Bitcoin Core solution for efficient node deployment and management [Blog post]
    • Features include direct blockchain and mempool access for detailed insights, independent fee estimation, transaction broadcasting, and seamless application integration.

Nostr

  • First demo of Nostr Web Services (NWS) bringing TCP to Nostr [Calle’s announcement]
    • NWS enables hosting web applications on Nostr without DNS or public IPs, using npub/nprofile.
    • The demo shows a Cashu mint running with NWS, using HTTPS encryption to secure traffic, ensuring entry relays can’t read it.

Business & Finance

  • Ledger announces Ledger Flex as its latest hardware wallet [Announcement]
  • Swan announces the termination of its Managed Mining business, are delaying their initial plans to IPO and cuts staff across many functions. [Announcement]
  • Portal maker TwentyTwo Devices partners with Nunchuk “to provide a world-class single-sig and multi-sig wallet app for our customers” [Announcement]
  • Fold Inc. to go public via a merger with a special purpose acquisition company (SPAC), as the first pureplay financial services company powered by Bitcoin [Press release]
  • Bitcoin miner producer Canaan Inc. to gradually release open-source firmware after recent vulnerability disclosure affecting the Avalon Nano 3. [Press release]
  • Riot Platforms acquires Block Mining for $92.5 million, adding 60 MW operational capacity and expands Riot’s total potential power capacity to 2 gigawatts. [Press release]
  • Satimoto, a privacy-friendly electric vehicle charging app utilizing the Lightning Network, will be shutting down from September 1st 2024. [Announcement]
  • Xapo introduces Bitcoin banking in the UK with new crypto-fiat product [Finance Magnates]
  • Unchained introduces a new feature named Connections, designed to facilitate easier interactions among users [Blog post]
    • “A new feature for Unchained vaults that allows you to secure your bitcoin with your closest friends and family, and let them secure bitcoin with you.”

Tradfi

  • Robinhood suspends trading amid global market turmoil [Investing.com]
    • The company cites the need to manage risk and comply with financial regulations as reasons for the suspension.
    • This service allows users to manage both Bitcoin and traditional currencies in one account.

Funding

  • OpenSats announces:
    • Sixth Wave of Bitcoin grants for 7 additional projects: [Blog post]
      • Peer Storage Backups for Lightning Channels
      • secp256k1.swift
      • Blitz Wallet
      • NLightning
      • eNuts
      • Gonuts
      • Bitcoin Fees
    • Fifth Wave of Nostr grants: [Blog post]
      • nosvelte
      • npub.cash
      • nostter
      • nostr-filter-relay
      • Mostro
      • Citrine
      • DVMDash
      • nostr-php
      • Shopstr
      • Nostrmo
      • Captain’s Log
    • Long-term support for nostr developers fiatjaf and Hodlbod.
  • Foundry Digital launches the “Foundry Donate” initiative in order to support the open source Bitcoin community [Press release]
    • The initiative allows Bitcoin miners in the Foundry USA Pool to donate portions of their mined Bitcoin to vetted non-profit organizations supporting core Bitcoin developers​
  • Ark to donate a fixed percentage of its revenue to open source contributors through OpenSats, the Human Rights Foundation and Brink [OpenSats’ Twitter post]
  • Brink reveals @thesimplekid as its newest grantee.
    • His work will focus on Cashu Dev Kit, another FOSS protocol for ecash that’s designed to increase privacy, security, and scalability. [Announcement]
  • Brink welcomes Marco De Leon as latest Brink fellow [Announcement]
    • “For the next year, Marco will contribute to Bitcoin Core’s fuzz testing initiatives, in addition to general Bitcoin Core testing and review.”
  • Maelstrom Fund: New Bitcoin developer grant program [Blog post]
    • Applications for the grant program must be submitted by August 25, 2024.

Mining

  • First bitaxe-mined block: A miner successfully finds the 290th solo block on solo ckpool with just 3 TH of hashrate. [Twitter post]
    • Records indicate that the miner began solo mining to this address 19 days ago and increased their hashrate to 3 TH within the last 24 hours.
    • It is possible, yet unlikely, that they were mining with additional hashrate on a different address. [Block #853742]
  • WhatsMiner announces latest miner, the M60S+, with a hashrate of up to 210 TH/s, and a power efficiency of 17 J/T. [Announcement]
  • Cathedra Bitcoin Inc. completes its business combination with Kungsleden Inc., creating an entity managing 95 MW of power capacity and 4.8 EH/s of hashrate. [Press release]

Privacy

  • Tor: anounces Vanguards support in Arti [Blog post]
    • Vanguards act as an intermediary between users and the Tor network, making it harder for adversaries to track and target users by obfuscating traffic patterns.
    • This feature aims to strengthen user anonymity by rotating circuits more frequently, mitigating risks associated with long-lived connections.

Government & Political

  • Russia legalizes Bitcoin and other cryptocurrencies for international trade to bypass Western sanctions [Bitcoin Magazine]
    • Domestic cryptocurrency payments remain banned, focusing solely on international trade to facilitate imports and exports.
  • U.S. Senator Lummis introduces strategic Bitcoin reserve legislation [Press release]
    • The legislation mandates the U.S. Treasury to create secure Bitcoin vaults and purchase 1 million Bitcoin units, equivalent to 5% of the total supply
  • European Commission investigates the idea of an EU Asset Registry [Brussels Report]

Events

  • Bitcoin Oasis announces its 2nd edition
    • October 3-4, 2024 in Abu Dhabi, United Arab Emirates.
  • Swan announces the cancellation of the Pacific Bitcoin conference 2024 edition.

Reads

  • Here’s a list of our top recently published reads:
    • Understanding Bitcoin Adoption in the United States: Politics, Demographics, & Sentiment by The Nakamoto Project [Report]
    • The Power of Nostr: Decentralized Social Media and More by Lyn Alden [Article]
    • Taproot Assets on Lightning: The Global Financial Interoperability Layer by Ryan Gentry [Lightning Labs]

Episode submission ideas

  • We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod

Did I get anything wrong above? Help me correct it producer@coinkite.com