I’m joined by guests Rijndael & Ben Carman to go through the list.

Listen on your favorite podcast app:

Housekeeping

Urgent Vulnerability Disclosures

  • Disclosure of CVE-2024-38365: btcd FindAndDelete bug [Public disclosure]
    • “Btcd prior to version 0.24.2 4 does not correctly implement the consensus rules for legacy signature verification. The incompatible behavior can be triggered by a standard transaction, making it possible for anyone to fork off vulnerable btcd nodes at virtually no cost.”
  • Disclosure of CVE-2024-35202: Remotely reachable assertion crash in Bitcoin Core <v25.0 [Public disclosure]
    • A high severity vulnerability in Bitcoin Core allowed attackers to remotely crash nodes by triggering an assertion in the blocktxn message handling logic.
    • Attackers could exploit the vulnerability without needing to trigger collisions, as they could simply include transactions not committed to in the block’s merkle root.
  • Krux: A bug in Krux beta versions 24.10.beta6 to beta8 affects BIP85 password generation [Announcement]
    • Users should record and replace passwords created in these versions, as they may be incorrect
    • Version 24.10.beta9 contains a fix, and users are recommended to wait for the official release
  • Nostr client Coracle has been unintentionally sending user session data to Bugsnag when reporting errors [Holdbod’s note]
    • An error reporting misconfiguration in Coracle has sent users’ session data, including private keys, to Bugsnag since December 5, 2023. Affected users include those who triggered an error while signed in with their private key.
    • A new Coracle version has been released, affected APKs have been deleted, all Bugsnag data has been erased and the Bugsnag project was deleted to ensure no further exposure.

Bitcoin

Software Releases & Project Updates

  • Electrum
    • v4.5.7
      • General: new: add new historical exchange rate providers: Bitfinex and Bitstamp servers with weird TLS certs. As workaround, set pre-3.13 behaviour
      • Lightning: fix: send update_fee right away after channel_reestablish
      • Qt Desktop GUI: fix: show fee warnings also in the transaction dialog (c4fe2796)
    • v4.5.6
      • General:
        • new: add support for testnet4
        • changed: set stricter UNIX permissions for log files
      • QML GUI (Android):
        • new: show seed passphrase in WalletDetails
        • new: set max screen brightness when displaying QR codes
      • Hardware wallets:
        • ColdCard: export multisig wallet to coldcard over USB
        • Trezor: add support for new device “Safe 5”
        • Ledger: add support for new device “Flex”
      • CLI/RPC: changed: require wallet password for lnpay and similar commands
    • Electrum releases a reproducibly built version into the official F-Droid repository [Github]
    • How to dump your xpriv on Electrum: wallet.keystore.get_master_private_key('ur password')
  • Nunchuk Android v1.9.53
    • Revamped Home screen and user onboarding experience
    • Allow users to clone a Decoy wallet from existing wallets
  • Bitcoin Keeper
    • v1.2.17
      • TapSigner Experience Overhauled:
        • Download encrypted backups of your TapSigner
        • Change the card’s PIN
        • Unblock the card if rate-limited
      • Key/ Signer Improvements:
        • Associate contacts with signing keys
        • Better options for exporting and securing keys
      • Wallet Data Management:
        • Enhanced wallet import and export options
        • Improved file sharing across the app
    • v1.2.15
      • Use Canary Wallet even for the Recovery Key
      • Flexibility to only create vault and hide/ delete them for security reasons
  • Bisq2 v2.1.2
    • Optimized reputation system:
      • Trade limits are now tied directly to the seller’s reputation score
      • Reputation earned through burning or bonding BSQ will now double over first year
      • Reputation requirements have been relaxed (eliminated) for trades up to 25 USD
      • The minimum required reputation score has been removed
    • Consolidated chat rooms: based on user feedback, chats have been streamlined into fewer areas
  • Wasabi Wallet v2.3.0.0
    • Enhance Tor integration
    • Better BTC amount formatting
    • More insight on transactions
    • [Beta] Payment in coinjoin (RPC only)
    • Add Trezor Safe 5 & ColdCard Q support
  • Fully Noded releases Fully Noded and Unify on the App Store
    • Fully Noded - Join Market is a dedicated Join Market client: connect over Tor, no private keys on device, full maker/taker/fidelity bond functionality, and more.
    • Unify - Payjoin Wallet is a Payjoin capable Bitcoin Core client: p2p over nostr and connect via Tor
  • Krux-installer v0.0.20-beta - Major update
    • Now user can, after download and verify an official firmware, select between:
      • to flash;
      • or make an airgapped update:
        • user will be requested to insert a (or more) SDCard(s) on computer;
        • installer will recognize it (them);
        • user can select one of them;
        • both firmware.bin and firmware.bin.sig will be copied to sdcard;
        • after the copy, user will be requested to eject sdcard and insert it on device;
        • at same time, the firmware.bin’s computed hash will appear to compare with the computed hash on device
  • BoltzExchange Client v2.1.10
    • Support creating swaps with lnurls and lnaddresses
  • Utreexo v0.2.0
    • utils: simplify and export proofpositions
    • Revert “utils: simplify and export proofpositions”
    • utreexo: use slices from standard lib
    • utils: simplify and proof positions
  • Bitcoin Safe v1.0.0b1 - BETA Version, Use with Caution
    • Easy Multisig-Wallet Setup:
      • Step-by-Step instructions for a secure MultiSig setup with PDF backup sheets
      • Test transactions ensure that all hardware signers are ready
      • Full support for Coldcard, Coldcard Q, Bitbox02, Blockstream Jade, and Specter DIY, supporting QR, USB, SD-card
    • Secure: Hardware signers only
      • All wallets require hardware signers/wallets for safe seed storage
      • Powered by BDK
    • Multi-Language
    • Simpler address labels by using categories
      • Automatic coin selection within categories
      • Transaction flow diagrams, visualizing inputs and outputs, click on inputs and output to trace the money flow
    • Sending for non-technical users
      • 1-click fee selection via mempool-blocks
      • Automatic merging of utxos when fees are low
    • Collaborative:
      • Label synchronization between different computers and encrypted cloud backup
      • Wallet chat and PSBTs sharing between different computers
  • Joinstr App v0.1.1
    • Remove BIP 32 derivation paths from signed PSBT
    • Wallet selection in settings
    • Riseup VPN implementation
    • Support Testnet and Mainnet
  • Bitkey App v2024.71.0
    • You can now select MoonPay in the Bitkey app to sell bitcoin
    • AUD or CAD are now available as display currencies
    • Transaction history and wallet descriptor now available for export
    • Currency display is now Appearance in the Settings menu
  • Bitcoin Jungle Mobile v1.3.0
    • This update adds a new transaction statistics screen from settings allowing you to do some reporting on your own transaction history.
  • Simple Bitcoin Wallet v2.6
    • Drop hardware wallet support
    • Drop built-in Tor support
    • Drop LNURL support
  • DATUM Gateway v0.2-beta - Initial public release
    • OCEAN releases the DATUM Gateway source code, as well as the Linux binaries and a StartOS node runners package
  • ESP-Miner v2.3.0
    • Allow connecting to open WiFi networks
    • Set default cpu freq to 240mhz
    • Add support for TPS546D24S as a drop in replacement for the TPS546D24A
    • Protect against negative frequency and voltage values
    • Add warnings for consecutive timeout responses (no rx) from the chip
    • Add overheat button and change loading service
  • Braiins Toolbox v24.09
    • Add full support for Antminer S21 Pro with AML control board
    • Add BETA support for Antminer S21 XP with AML control board
    • Power estimations and power measuring has been made more accurate, and there now are more available underclocking targets
    • Implement DPS cycling prevention and mitigated unwanted tunings
  • Blockstream Green iOS v4.0.36
    • Allow redeposit of expired utxos in liquid multisig accounts
    • QR mode for singlesig watch-only
    • Recovery phrase: improve QR view
  • Defibi App v0.0.52
    • Coldcard MK4 Integration: Now you can store your escrow keys directly on the Coldcard MK4 hardware wallet
    • Explore Page: Find useful content right in the app
  • Nirvati v0.1.0
    • Open-source: Nirvati adopts a copyleft license to ensure users retain rights over the software
    • Decentralization and data redundancy: Current solutions often concentrate data in one location, posing risks of loss; nirvati enables data distribution across multiple devices for better redundancy and failover options.
    • Security: Existing systems lack secure communication and app isolation, allowing potential security risks; nirvati enforces encrypted connections and isolates apps to improve data safety.
    • Remote access: Many self-hosting platforms restrict access to local networks; nirvati uses Tailscale to provide secure remote access without extra configurations.
    • Reversible updates: Conventional systems do not support app rollback options, locking users into new versions; nirvati includes app snapshots to enable simple update reversions.
    • Multi-user support: Standard systems limit safe multi-user functionality; nirvati introduces a permission-based account system for user isolation on shared servers.
  • BTCmap-android v0.8.0
    • Show place comments
    • Hide ATMs by default
    • Show places offering delivery
  • Kyoto v0.4.0
    • New HeaderCheckpoint constructor from height
    • shutdown, add_scripts, broadcast_transaction methods have blocking APIs
    • Add a TrustedPeer while the node is running
    • Add change the peer timeout while the node is running
  • Bitcoin Dictionary v2.0
    • Add a ‘double title’ system, for terms that cannot be translated
    • Add .epub version
    • Add and remove definitions, bring the total number to 803 technical terms defined in both french and english
    • The glossary is also available on PlanB Network, in a different user interface

Project spotlight

  • [2140.dev]: European non-profit organization dedicated to supporting Bitcoin research and development
    • Started by Bitcoin researcher and contributor @RubenSomsen and @josibake, the fund intends to provide a more stable career path to protocol veterans and aspiring contributors who want to work on Bitcoin full-time.
  • Localhost Research: A Bitcoin-Focused Research Center in the Bay Area [Announcement]
  • Rewind Bitcoin: Bitcoin wallet in beta that lets you reverse theft [Trailer]
    • Rewind’s Vaults lock funds, starting a countdown when unlocking to allow for response to unauthorized access
    • Users can assign a trusted individual to assist in emergencies, helping to secure funds under certain situations
  • bitcoinutils.dev: Utility resource website offering various Bitcoin-related cryptographic and encoding tools by Vojtěch Strnad
  • Standalone Bitcoin Consensus Engine: A standalone binary exposing the historical bitcoin consensus engine [Github]
    • This repository contains the historical bitcoin consensus Engine exposed in an experimental standalone binary, i.e bitcoin-chainstate. This is a fork of the libbitcoinkernel project from its 27.0 release tag.
  • Fabric: a trustless, distributed DNS resolver for Bitcoin Spaces [Github]
    • Fabric enables spaces to publish Bitcoin-signed zone files on a permissionless DHT without storing anything on-chain. Currently default to Testnet4
  • l402_middleware: A middleware library for rust that provides handler functions to accept microtransactions before serving ad-free content or any paid APIs [Github]
  • NodeWatch: a CLI dashboard for monitoring your Bitcoin fullnode, providing essential information such as node status, transaction fee estimate, bitcoin price, and more [Github]
  • Bitcoind Quick: A dockerized bitcoin core container for quickly spinning up a (pruned) node with zmq support for running public-pool [Github]
  • Chorly: reward your kids with sats for completing chores, create a custom chore list for your kids and set up automatic payouts
  • Satoffee: Bitcoin coffee machines
    • Satoffee sells coffee machines that accept Bitcoin payments, allowing users to purchase coffee with Bitcoin through the Lightning Network. The company offers ready-made machines and DIY kits for customization.
  • Koinvote: Endorse your candidate with Bitcoin
    • Koinvote is a weighted voting platform using Bitcoin Signature technology
  • Bitcoin Prediction Market: Place bets by sending lightning payments and receive winnings to you lightning address.
  • LiquiSabi: Coinjoin explorer: Monitor and publish WabiSabi’s coordinators advertised on Nostr [Github]
    • LiquiSabi tracks coinjoin transactions and allows you to filter them by the coordinator that staged it.
  • Coin Demo: A interactive visual introduction into how mining works

Vulnerability Disclosures

  • GoldenJackal’s specialized toolsets for targeting air-gapped systems in espionage campaigns [We Live Security]
    • ESET research uncovers two toolsets from GoldenJackal, an APT group, targeting air-gapped systems in Europe and South Asia since 2019. The toolsets include GoldenHowl and GoldenRobo, enabling system infiltration, data collection, and exfiltration through customized malware.
    • ESET’s findings highlight GoldenJackal’s expertise in breaching highly secure networks, demonstrating their capability to infiltrate isolated systems that lack internet connections.
  • Radiant Capital hack exploits multisig approval process and hardware wallet compromise [Analysis]
    • On October 16, 2024, Radiant Capital suffered a security breach totaling $50 million, targeting three trusted, geographically distributed developers through sophisticated malware that intercepted hardware wallet transactions, enabling unauthorized transfer actions like transferOwnership.
    • Attackers leveraged the Safe{Wallet} (Gnosis Safe) interface and normal transaction resubmission behavior to gather signatures without arousing suspicion, while front-end and simulation tools displayed standard transaction data. [Post Mortem]
  • Locate X: U.S. law enforcement tool enables warrantless smartphone tracking [404 Media]
    • The tool, by Babel Street, is available to both government contractors and private investigators, while its lack of usage restrictions poses concerns about unchecked surveillance and data exploitation.
    • Privacy advocates show that this type of surveillance can identify people based on unique identifiers like mobile advertising IDs, breaching presumed privacy safeguards.
  • Hackers target Android users with Qualcomm zero-day vulnerability [TechCrunch]
    • A zero-day vulnerability was found to affect about 64 different Qualcomm chipsets has been exploited by hackers to target Android users
  • Research, conducted by Jonas Hofmann and Kien Tuong Truong with the Applied Cryptography Group at ETH Zurich, discovers flaws in five end-to-end encrypted cloud services [Research paper]
    • “End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosystem” is an analysis of five E2EE providers—Sync, pCloud, Icedrive, Seafile, and Tresorit—reveals severe cryptographic vulnerabilities.
  • Security analysis reveals weaknesses in WeChat’s mmtls encryption protocol [CitizenLab]
    • The report highlights the continued use of “business-layer encryption” from earlier WeChat versions, despite MMTLS adoption. This legacy encryption adds vulnerabilities due to inconsistencies and lacks essential features like forward secrecy, raising security concerns given WeChat’s wide user base.
  • Imprompter: a tool tricking LLM agents into improper tool use demonstrates the risks of AI chatbot exploitation by hidden malicious prompts [Research paper]
    • Security researchers reveal that hackers can trick AI chatbots into disclosing user data by embedding hidden commands in gibberish-like prompts. Attackers exploit the chatbots’ response systems to send sensitive information back to servers controlled by hackers.
  • Tails v6.8.1 releases an emergency release to fix a critical security vulnerability in Tor Browser.
    • “Update Tor Browser to 13.5.7, which fixes MFSA 2024-51, a major use-after-free vulnerability. Using this vulnerability, an attacker could take control of Tor Browser, but probably not deanonymize you in Tails.”
  • A critical “use-after-free” vulnerability (CVE-2024-9680) in Firefox 131.0.2’s animation timeline allows attackers to execute arbitrary code and take complete control of a machine. Mozilla reports this issue is being exploited in the wild [Mozilla Security Advisory]

Privacy & Other Related Bitcoin Projects

Software Releases & Project Updates

  • SimpleX v6.1
    • Improve calls
    • Improve iOS notifications
    • Improve user experience
      • Add new conversation layout and customizable messages
      • Add switch between user profiles
      • Increase speed: deletion, moderation and forwarding of messages
    • New security audit: SimpleX announces cryptographic design review by Trail of Bits
  • SideBand v1.1.1
    • Add support for RNode device types that were added in the latest RNS release
    • Update RNS to version 0.8.2
    • Update LXMF to version 0.5.5
  • Reticulum MeshChat v1.13.1
    • Add support for high quality audio messages using opus codec
    • Add message attachment sizes to message info dialog
    • Update suggested interface to new domain name
    • Update to RNS v0.8.4
    • Update to LXMF v0.5.6
  • Tor Browser v14.0
    • Add new circuit for Android
    • Extend support for legacy platforms

Project spotlight

  • Pubky Core: An open protocol for per-public-key backends for censorship resistant web applications [Github]
    • It enables public-key-based authentication and third-party authorization without relying on central databases, combining elements of decentralized technology with familiar web standards.
    • PKDNS: A decentralized, censorship-resistant DNS built on Pubky’s identity layer [Github]
      • “A DNS server providing self-sovereign and censorship-resistant domain names. It resolves records hosted on the Mainline DHT, the biggest DHT on the planet with ~15M nodes that services torrents since 15 years.”
    • Pubky Notes: Note taking app using pubky protocol [Github]
      • “Since the data is stored via the Pubky protocol, your notes are not locked into a single app or service—they’re portable and reusable”
  • awesome-pubky: A curated list of awesome Pubky resources, libraries, tools and applications [Github]
  • Awesome Privacy: List of free, open source and privacy respecting services and alternatives to privative services [Github]

Lightning + L2+

Project spotlight

  • Blockstream launches Simplicity on Liquid testnet and introduces Simfony, a high-level language for writing Bitcoin smart contracts [Blog post]
    • Simplicity aims to provide a more secure and flexible environment for developers compared to Bitcoin Script.
    • Simfony is a Rust-like high-level language that compiles down to Simplicity bytecode. Work in progress. [Github]
  • Spark: A trust-minimized solution designed to scale Bitcoin and extend the Lightning Network
    • Lightspark announces new Bitcoin L2 and upgrades its Universal Money Address (UMA) standard with the release of UMA Extend, UMA Auth and UMA Request. [Announcement]
  • Blockbuster: Seamless content monetization with the Lightning Network
    • “Blockbuster is a media server that allows creators to upload and sell their videos, ebooks, and other content from any application that implements the L402 protocol.”
    • “The objective is to be able to share a unique link (L402 URI) that can be consumed across platforms like Nostr, Twitter, or Farcaster.”

Software Releases & Project Updates

  • Core Lightning v24.08.2 - Steel Backed-up Channels
    • pay: Now remembers and updates channel hints across payments
    • pay: Discarding an overly long or expensive route does not blacklist channels anymore
    • grpc: Channel type anchors/even was added to the grpc bindings
    • Improve pathfinding speed for large nodes
  • LDK Node v0.4.0
    • Add support for multiple chain sources
    • Add support for sourcing chain and fee estimation data from a Bitcoin Core RPC backed
    • Add initial experimental support for an encrypted VSS remote storage backend
    • Add support for setting the NodeAlias in public node announcements
    • Add support for generating and paying unified QR codes
    • Add support for quantity and payer_note fields when sending or receiving BOLT12 payments
    • Add support for setting additional parameters when sending BOLT11 payments
  • Phoenix
    • Phoenixd
      • v0.4.2
        • Support fee bumping for on-chain transactions
        • Add a CSV export
      • v0.4.0
        • Support for new on-the-fly funding
        • Use the distribution plugin for all platforms
    • Phoenix Wallet transitions to new open protocol for Phoenix LSP: The new protocol builds on the Lightning BOLT standard and includes features like dual funding and splicing.
  • Zeus v0.9.1
    • LND: BOLT 11 blinded paths
    • LND: spend full UTXOs
    • LND: Inbound routing fees
    • [Experimental] Rescans for external wallets
    • Simplified open channel UX
    • Linked contacts showing in Channel view
    • LNDHub: dismiss custodial warning
    • POS: add option to default to Keypad view
    • View on-chain address list
  • Breez SDK Core (Greenlight) v0.6.2
    • Greenlight signer fix for de-sync
    • Use invoice destination for trampoline
  • Alby
    • lightning-browser-extension v3.9.2 - Messier 24: Sagittarius Star Cloud
      • feat: setup your keys -> setup master key in default view cards
      • Onboarding for node_required accounts
      • Translations update from Hosted Weblate
    • Go v1.6 - Security (protect wallet with biometrics, face unlock, PIN, etc) - Link handling support (Lightning links, BIP21) - Improve LNURL handling (fixed amount LNURLs, LUD9 lnurl successActions)
  • CashuMe now supports restoring ecash from a seed phrase [Announcement]
  • Microbolt v2.0
    • Add new firewall: awall
    • Add new reverse proxy: caddy
    • Add new expl btc: mempool
    • Add new section: nostr
    • Remove fail2ban, applied firewall level mechanism
    • Bitcoin*: no more patches, except for ordinals
    • Microbolt cloud: automatic deployment of microbolt through ansible
  • Geyser October 2024
    • Private messages: Contributors can now drop a private comment to the creator when funding a project or buying a reward
    • Creator can request buyer Npub: Creators can now request specific information from reward buyers such as their npubs, or reward specifications
    • Creator reward confirmation message: Creators can now tie each reward with a success message. This allows them to automate giving access to certain digital content or spaces
    • Multiple rewards and project images: Creators can now properly showcase their rewards by adding multiple images to them. And project banners can also have multiple images.
    • Add login with email
    • Rebrand Geyser bot to @GeyserSpirit
    • Launch announcement banner
    • Increase creator fees to 5% in the coming 2 weeks for lightning addresses, node-runners will remain on a value-for-value plan
  • LN Markets
    • Add option to Cash In from trade margin
  • Zaprite introduces Sandbox Environments [Blog post]
    • Users can now simulate both bitcoin and fiat transactions to test their custom API integrations

Nostr

Project spotlight

  • Pokey: Nostr “Pull Notifications” on Android [Github)
    • Receive live notifications for your nostr events and allow other apps to receive and interact with them.
  • White Noise live demo: JeffG shares his progress made on implementing MLS messaging on Nostr [Note]
  • Nostrastic: Bridge to publish Nostr posts and send/receive DMs over LoRa using Meshtastic [Github]
  • AlgoRelay: An algorithm relay for nostr [Github]
    • “AlgoRelay is the first nostr native relay capable of serving personalized, algorithmic feeds without the use of external or proprietary APIs or DVMs.”
  • ppe-relay: A paid relay that charges on per-event basics. [Github]
  • Search Relay: A NIP-50 search relay [Github]
    • Full text search relay using Elasticsearch as backend
  • Flotilla: A nostr relay-based communities PWA modeled after discord by Coracle [Github]
    • “A discord-like nostr client based on the idea of “relays as groups”. WIP.”
  • nostr-editor: A full text editor + note parser for Nostr based on Tiptap / ProseMirror [Github]
    • nostr-editor is a collection of Tiptap extensions designed to enhance the user experience when creating and editing nostr notes. It also provides tools for parsing existing notes into a structured content schema.
  • Zapchat: A Nostr App Design [Project description]
    • Nostr-specific UX/UI for conversations and monetization around any content type, using interoperable communities [Design system]
  • nosweet.net: Share or clone any tweet on nostr with a url and without any permission or integration needed [Github]
  • Docstr: A simple document management system on Nostr
    • Docstr allow users to create and delegate documents, only publicly for now.
  • Translator: A new nostr service, offering automated translation of notes, videos and memes [Note]
  • rx-nostr: A library based on RxJS, which allows Nostr applications to easily communicate with relays [Github]

Software Releases & Project Updates

  • Damus New TestFlight version
    • Multiple image uploads
    • Seamless scroll
    • Improve text and profile search
    • New side menu
    • Less sensitive thread view notes when scrolling
  • Amethyst
    • v0.92.4
      • Makes Amethyst a share target for texts, images and videos
      • Changes the new post screen to use the non-disappearing version of the scaffold
      • Correctly maps the write status of the outbox relays
    • v0.92.2
      • Moves the API with amber from signature to result
      • Ad new fields on vision prescriptions
      • Prioritise search results that start with the search term
      • Add some test cases for video compressions
      • Add Unknown media type test
      • Use “use” blocks to close resources automatically
      • Faster logout processing without closing the account switcher dialog.
      • Add animation to notification chart
      • Add animation to FABs
      • Add animation to zap and reaction popups
      • Support for login with hex key when using amber
    • A user shared having successfully used the ‘journalist’s mode’, temporarly logging into Amethyst using an ncryptsec on a NFC tag
  • Coracle
    • v0.4.15 - Security Release
      • In past versions of Coracle, user session objects were inadvertently sent to my error reporting platform
        • Hack in accommodation of algorithmic relay feeds
          • Downgrade typescript to save my sanity
          • Show links/images as blocks when at the end of a paragraph
          • Implement new profile page and summary designs
          • Stop sending user to bugsnag
    • v0.4.13
      • Add support for nip05 urls
      • Re-work notification rendering and loading
      • Use Intl api for list formatting (zmjohnson)
      • Update nostr signer version to support app icon url
  • Iris publishes new Iris version source code [Github]
  • Lume v4.3.0
    • Add support for multiple follow sets (NIP-51)
    • Add support for multiple interest sets (NIP-51)
    • Add support for event deletion (NIP-09)
    • Automatically restore window state when reopen app
    • Prioritize query from local database instead of relay
    • Improve search performance, overal performance and stability
  • nos.social v1.0.0
    • Add relay.mostr.pub to the default relay list
    • Add a tip to Discover to prompt first-time users to go to their Feed
    • Add a tip to the Feed to welcome first-time users and explain how the Feed works
    • Add a tag to published contact lists to help us detect the source of lost contact lists
    • Update the onboarding screens with a new design
    • Add new authors and categories to the Discover tab
    • Nos now hides the notes from blocked users when viewing their profile page
  • Nostrmo v2.9.3
    • Add NIP-55 content-resolver support
    • Add cache relay support
    • Live’s Naddr address link to zap.stream
    • Change filed name for NIP-55’s meger
    • Change Group’s sync time
    • Add user change to use the login page
    • Add support for pick multi file for editor
  • Mostro v0.12.7
    • When taking an order, check the status first and then the quantity
    • Update README.md to have instructions for Mac
    • Tonic-lnd
    • Add Cross.toml for protoc compiler inside docker sandbox
  • Blossom introduces Onion-routing for event publishing [Announcement]
    • This technique hides both the sender’s identity and IP address, even from the relay used for publishing.
    • “The sender can include small ecash tokens inside each onion layer to pay for the routing.” -@Pablof7z
  • Citrine v0.5.2
    • Support for tor proxy when restoring contact list
    • Support for auto backup every 24 hours
    • Check if port is in use
  • Voyage
    • v0.16.0
      • Render nip88 polls
      • Vote on nip88 polls
    • v0.15.0
      • Support nip22 comments
      • Always use nip22 when replying to nip22 comment
      • Optionally force nip22 usage
      • Show client, full date time and unix timestamp in post details
      • Create generic repost when cross-posting nip22 comment
      • Show hint when nip22 comment parent is not supported
  • Chronicle v0.2.1
    • Upgrade dgraph-io/badger
  • YakiHonne iOS/Android v1.4.1
    • Outbox model support
    • A complete new core with enhanced features that ensures a better performance and lightning speed while browsing
    • Notes media has been enhanced
    • Notes threads are now efficiently displayed
    • Accounts switching enhancements
    • Private messaging optimization
  • Zapstore v0.1.4
    • Curated app sets
    • Load more releases (show all)
    • Better app cards and version/install state
    • Performance: Complete rework of internals, preloading, caching, background work
  • Nostream v2.1.0
    • Add dark theme support for static html files
  • strfry v1.0.2
    • New config param: relay.info.nips which allows you to override the NIPs that are claimed to be supported
    • New connectionTimeout parameter in router config
  • Nostr-PHP
    • v2.0.0-alpha1
      • Add valtzu/guzzle-websocket-middleware to execute async concurrent websocket requests with the Http/Guzzle client
    • v1.4.2
      • phpdoc + examples
      • Remove build dir phpdoc.nostr-php.dev from repo
      • Some improvements in the Filter class to handle multiple authors
  • BitBanana v0.8.7
    • More flexible fiat currency setup
  • Fountain v1.1.5
    • Simpler Library Architecture: makes offline playback more reliable and reduce system resource requirements, reduces mobile data and memory usage, and fixes long-standing playback issues
    • Pay BOLT-11 Invoices: withdraw funds by generating a lightning invoice using any app that supports lightning payments
    • Add artist Pages: From any Track or Album page you can now tap through to the Artist page to see all tracks

Boosts

  • Thanks to everyone who streamed sats, and shoutout to our top boosters:
    • [🏆 TOP BOOSTER] @Ape Mithrandir (7,777 sats) “Listening to end if you count 30 minutes of sleep listening at the end 😅”
    • @tdub (5,000 sats) “Proof of Listrning (PoL): Here’s how to make a classic grilled cheese sandwich (
)”
    • @btconboard (1,111 sats) “More miniscript please. I am not Rob.”
    • @AVERAGE_GARY (1,000 sats) “SatsLink revival?!?! But I already used my preorder money for a second Q. đŸ˜”â€đŸ’«â€
    • @VonPhoto (500 sats)
    • @BrightSats (121 sats) “Keep an eye on your wife flash attack vectors!”

Tech Tip of the Day

  • Recommended by fiatjaf: DeArrow: an open source browser extension for crowdsourcing better titles and thumbnails on YouTube [Github]
    • “The goal is to make titles accurate and reduce sensationalism. No more arrows, ridiculous faces, and no more clickbait.”
  • Eartho: The open-source, privacy-focused alternative to Google sign-in [Github]
    • Eartho allows developers to integrate authentication without relying on third-party data collection services.

Bitcoin Optech Newsletter

  • Highlights from recent Bitcoin Optech Newsletters
    • 326
      • Updates to the version 1.75 channel announcements proposal: Elle Mouton posted to Delving Bitcoin a description of several proposed changes to the new channel announcements protocol that will support advertising simple taproot channels
      • Draft BIP for sending silent payments with PSBTs: Andrew Toth posted to the Bitcoin-Dev mailing list a draft BIP for allowing wallets and signing devices to use PSBTs to coordinate the creation of a silent payment.
    • 325
      • LN Summit 2024 notes: Olaoluwa Osuntokun posted to Delving Bitcoin a summary of his notes (with additional commentary) from a recent LN developer conference.
    • 324
      • Disclosure of vulnerabilities affecting Bitcoin Core versions before 25.0: Niklas Gögge posted to the Bitcoin-Dev mailing list links to the announcements of three vulnerabilities affecting versions of Bitcoin Core that have been past their end of life since at least April 2024.
      • CVE-2024-38365 btcd consensus failure: as announced in last week’s newsletter, Antoine Poinsot and Niklas Gögge disclosed a consensus failure vulnerability affecting the btcd full node.
      • Guide for wallets employing Bitcoin Core 28.0: As mentioned in last week’s newsletter, the newly released version 28.0 of Bitcoin Core contains several new features for the P2P network, including one parent one child (1P1C) package relay, topologically restricted until confirmation (TRUC) transaction relay, package RBF and sibling eviction, and a standard pay-to-anchor (P2A) output script type

News & Noteworthy

Bitcoin

  • Guide for Wallets Employing Bitcoin Core 28.0 Policies: A guide to address Bitcoin Core v28.0 updates for wallet developers, detailing new P2P and mempool policies that aid in handling various transactions, including coinjoins, Lightning Network, and Ark transactions.
  • Bitcoin live dashboard TimechainStats, has added an Arcade game section on its website
  • LNhance, a soft fork proposal for Bitcoin, has launched a new website

Lightning + L2+

  • Lightning Network + introduces Group Channel Opens [Announcement]
    • Group Channel Opens on LN+ enables up to 5 Lightning Network channels to open through a single bitcoin transaction, reducing costs and block space usage by approximately 52–62% depending on group size.
  • @Roasbeef publishes his Notes & Summary of the LN Summit 2024 in Tokyo, Japan
  • CashuBTC launches its new website: cashu.space

Business & Finance

  • River now offers 3.8% interest on cash with bitcoin payouts [Announcement]
    • Users can withdraw cash at any time, with funds FDIC-insured up to $250,000. The service has no hidden fees or minimum deposit requirements.
  • Mt. Gox announced an extension to its repayment deadline for creditors to October 31, 2025 [CoinDesk]
    • This decision aims to give creditors additional time to navigate complex administrative requirements that have hindered the timely return of funds
  • Dutch bitcoin-only exchange BL3P will shut down by December 20, 2024, citing new regulations, including MiCA, as a driver for the decision. [Press release]
    • Following closure, remaining funds and trading history will transition to users’ Bitonic accounts, which will adopt some BL3P features.
  • Bitkey announces new partner: users of the Bitkey App can now sell, buy or transfer bitcoin using MoonPay [Announcement]
  • Decentralized exchange platform HoldHold discontinues support for most cryptocurrencies as payment methods, keeps supporting stablecoins and Bitcoin second-layer solutions [Announcement]

Tradfi

  • U.S. SEC approves NYSE options trading on spot Bitcoin ETFs [Watcher Guru]

Art

  • Bitcoin illustrator NoGood releases The art of NoGood – a self-published art book showcasing five years of bitcoin themed illustration [Geyser page]

Funding

  • Bitcoin and Freedom Technologies Research firm 1a1z releases report covering how Bitcoin Core development is funded
    • Part 1 covers the organizations that raise and distribute funds to core devs
  • OpenSats announces:
    • Eighth Wave of Bitcoin Grants, the four projects of this funding wave are:
      • Citadel-Tech
      • Lampo
      • Cashu Nutshell
      • PickhardtPayments Plugin
    • Long-term support for Greenart7c3, creator and lead developer of Citrine and Amber, for his ongoing contributions to the nostr ecosystem.
  • Spiral announces grant renewals to:
  • Bitcoin development fund Brink receives a $250,000 contribution to their funding efforts from The Draper Foundation [Announcement]
  • Donor-advised fund, UI Charitable (University Impact), makes first Bitcoin grant to support Bitcoin education [Press release]
    • The scholarship fund, directed to Base58, a nonprofit promoting bitcoin engineering education, targets software engineers learning bitcoin fundamentals
  • OKX announces a grant to the 2140 Foundation [Press release]
  • Germany’s Sovereign Tech Fund boosts open-source development with $25 million across 60 open-source projects [Blog release]
  • Non-profit organization Btrust launches new website
  • Donations to the Tor Project will be matched, by Power Up Privacy, dollar-for-dollar up to $300,000 through the end of 2024 [Announcement]
  • Blockstream secures $210 million in convertible note financing, led by Fulgur Ventures, to advance Bitcoin integration into global finance. [Press release]

Mining

  • Bitmain introduces the Antminer S21+ series, featuring two models: the S21+ Hyd and the S21+ [Press release]
    • The S21+ Hyd model delivers a hashrate of 319 TH/s at 15 J/TH, while the S21+ provides 216 TH/s at 16.5 J/TH

Privacy

  • A New York court dismisses YieldNodes’ defamation suit against Chainalysis, citing Anti-SLAPP laws protecting public speech. [The Rage]
    • Judge Lyle Frank states that statements made in Chainalysis’ Reactor subscription service, are within public interest, akin to private Facebook group discussions.
  • SimpleX publishes Wired’s Attack on Privacy, a critical response to Wired’s article on neo-Nazis moving to SimpleX Chat following Telegram privacy policy changes
  • Encrypted chat app Session relocates to Switzerland following Australian police visit [404 Media]
    • After Australian Federal Police visited a Session employee regarding the app and a specific user, Session’s leadership decided to relocate to Switzerland under the newly formed Session Technology Foundation (STF) [Announcement]
  • A recent amendment to Norway’s Financial Contracts Act mandates businesses to accept cash if they offer other payment options at physical sales premises, if the amount is below ~$1800 [Announcement]
  • VPN provider Mullvad introduces Shadowsocks obfuscation for WireGuard [Blog post]
    • Shadowsocks obfuscates data, making it harder for firewalls to block
  • Transak, a cryptocurrency onramp API platform used by companies such as Binance US, Coinbase, Ledger and Bitpay, was hit by a data breach in October 2024, leaking the KYC information of ~57,000 users [CoinDesk]
  • Fidelity data breach exposes personal data of 77,000 customers, accessing social Security numbers, driver’s licenses, and names over a two-day period between August 17 and August 19, 2024 [CNET]
  • The Internet Archive, a nonprofit organization that maintains digital archives of the internet, has suffered a data breach affecting 31 million accounts [ZDNet]
    • DDoS attack: the incident was caused by an unauthorized third-party accessing a database backup from June 2020.

Protocol

  • Libsecp256k1 #1479: Add module “musig” that implements MuSig2 multi-signatures (BIP 327) [Merged]
  • Bitcoin Core #30955: implements two new methods to the Mining interface, compatible with Stratum V2 requirements [Merged]
  • Rust Bitcoin #3450: Add version three variant to transaction version. Topologically restricted transactions are now considered standard as of Bitcoin 28.0. [Merged]
  • Eclair #2927: Enforce recommended feerate for on-the-fly funding [Merged]
  • Eclair #2922: Remove support for splicing without quiescence [Merged]
  • NIP-60 and NIP-61 are the first Cashu NIPs to have been made into the Nostr specifications [Merged]
    • NIP-60 describes portable Cashu wallets that live inside nostr relays
    • NIP-61 describes nutzaps, a new, instant way to zap users and events by posting ecash locked to their public key

Government & Political

  • Two senior researchers at the European Central Bank publish The distributional consequences of Bitcoin, a paper detailing the redistributive impact of a rising Bitcoin market
    • The paper claims that while early adopters benefit, rising Bitcoin prices generate wealth at the expense of non-holders and late investors
  • The Minneapolis Fed publishes a research paper and argues that Bitcoin disrupts a government’s ability to maintain a unique, permanent primary deficit by introducing multiple economic equilibria, solvable through Bitcoin prohibition or taxation.
  • Craig Wright has filed a ÂŁ911 billion lawsuit against Bitcoin Core developers in the UK High Court [Forbes]
    • His argument centers on the claim that modifications by Bitcoin Core, such as SegWit and Taproot, deviate from Bitcoin’s original design, which he says was meant to be a decentralized cash system, not a store of value.
  • FinCEN’s recent alert underscores that Hezbollah primarily relies on bulk cash transfers and smuggling for financing, rather than cryptocurrencies [FinCEN’s notice]
  • The FBI arrested an individual for allegedly hacking the SEC’s account on X in January 2024. The suspect reportedly gained access to the account using a SIM swap attack, announced the launch of a fake Bitcoin ETF and profited from it. [Forbes]
  • Nigerian government drops charges against Binance Executive Tigran Gambaryan [Reuters]
  • The Danish Minister of Taxation proposes a bill to tax unrealized capital gains on cryptocurrencies. [Announcement]
  • Italy raises bitcoin capital gains tax from 26% to 42% in its 2025 budget [Reuters]

Bitcoin (cont.)

Events

  • Three events have announced the dates of their 2025 editions:

Reads

  • Here’s a list of our top recently published reads:

Episode submission ideas

  • We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod

Did I get anything wrong above? Help me correct it producer@coinkite.com