I’m joined by guests Craig Raw and Rob Hamilton to go through the list.

Listen on your favorite podcast app:

Urgent Vulnerability Disclosures

  • 00:01:18 Full Disclosure: Transaction-Relay Throughput Overflow Attacks against Off-Chain Protocols [Antoine Riard’s post]
    • A new transaction-relay jamming attack targets off-chain protocols, exploiting throughput limits in full-node algorithms.
    • The “high-overflow” variant exploits the sender-side fee-rate sorting algorithm. The “low-overflow” variant targets receiver-side processing limits but remains untested.
  • 00:01:53 Vulnerability in WabiSabi coinjoin protocol exposes users to deanonymization risks [The Rage]
    • A flaw in the WabiSabi coinjoin protocol allows malicious coordinators to deanonymize users by correlating inputs and outputs.
    • The issue stems from malicious coordinators assigning unique maximum amount parameters, enabling tagging attacks to cluster wallets.
    • The vulnerability impacts Wasabi Wallet 2.2.1.0 and below, Ginger Wallet 2.0.13 and below, and BTCPay Server coinjoin plugin 1.0.101.0 and below. [GingerWallet’s Vulnerability Report]

Bitcoin

Software Releases & Project Updates

  • 00:19:59 Rust Payjoin v0.21.0
    • This release enables transaction cut-through by allowing the receiver to add an arbitrary number of inputs and outputs, and allowing mixed input script types in Payjoin V2.
    • Allow receiver to contribute multiple inputs and outputs
    • Make InputPair public to facilitate working with inputs in coin selection and input contributions
    • Enable receiver fee contributions in apply_fee, which now requires a max_feerate parameter
    • Allow mixed input scripts in Payjoin V2
    • Implement client end-to-end encryption using HPKE using bitcoin-hpke
  • 00:32:48 Lark: Command line application for the Lark USB Hardware Wallet library [Github]
    • “The Lark application is a command line app for interacting with USB hardware wallets in Bitcoin related functions. It uses the Lark Java library, which in turn is a port of the Python library HWI.”
    • “The Lark command line application is designed to be a drop-in replacement for HWI, with a subset of commands implemented.”
    • Lark initial release v1.0.0
      • The following hardware wallets (for all models) are supported: Coldcard, Trezor, Ledger (current and legacy Bitcoin apps), BitBox02, Jade, and Keepkey.
      • Across the following platforms: Linux x86_64 and aarch64, macOS x86_64 and aarch64, and Windows x86_64.
  • 01:12:40 Bitcoin Keeper
    • Mobile v1.3.0
      • Subscriptions: More features, reduced prices for all tiers.
      • Inheritance Planning: Inheritance Key now secured on the Bitcoin network using Miniscript. Convert any key into an Inheritance Key.
      • Attorney letters now include the Recovery Key and all added
      • Key Sharing: Share and sign keys remotely with any
      • Transactions: New history screen and support for sending unconfirmed
    • Desktop v0.1.4
      • Allow getting specific BIP44 accounts from a device
      • Add Taproot Key when getting device xPubs
  • 01:13:23 Blue Wallet v7.0.5
    • Add Offline import
    • Add CoinControl sorting
    • Add AMD Fiat
    • Add RSD Fiat
    • Add Market Price intent
    • Add Reset currency alert
    • Add Notification shortcuts
    • Add Remove all recipients
    • Add Clear clipboard on import
    • Add Dark/Tinted iOS icons
  • 01:13:33 Floresta v0.7.0
    • Async-std To Tokio: ends a major milestone of replacing async-std with tokio as the async runtime
    • florestad: expose assumeutreexo in lib mode
    • Feature: daemonize: On NIX environments, run florestad in the background as a daemon
    • Wire: handle block filters out-of-order
    • ssl init: Adds support for SSL to our Electrum Server
    • Adds fuzz to floresta using cargo fuzz with a few targets
    • Improve connection
    • Update getutxo: Now the gettxout rpc only returns UTXOS that are cached by the wallet
    • Improve CI caching
    • Add criterion benches and restructure testdata
    • Add test-features recipe to justfile
    • Add floresta-cli to Docker image
  • 01:13:44 Labelbase v2.2.3
    • UI: New, card based, label list view for small screens (mobile devices)
    • UI/UX: New, improved status and error messages
    • Rework Electrum background operations (UTXO lookup)
    • Add “Address Derivation” support for Testnet (tpub, upub, vpub)
    • Add Samourai Backup Import, allows you to import your samourai.txt
    • Add Donation page
  • 01:14:17 BDK v1.0.0-beta.6
    • Final “beta” test release before a final bdk_wallet 1.0.0 version.
    • Changes include small bug fixes and API improvements plus an improved algorithm for determining which transactions are in the current best “canonical” block chain.
    • The new canonicalization algorithm processes the transaction graph in linear time versus the prior quadratic time algorithm.
  • 01:14:26 FullyNoded v0.0.0.6
    • Quick Connect QR code url’s no longer contain real RPC credentials
    • Tweaks to JM config default fee settings to help increase chance of successful coinjoins (users can always add their own)
    • Obwatcher button added to Join Market so users can easily launch the order book to help trouble shoot failed coinjoins
    • Add auto refresh to Core Lightning
  • 01:14:43 BTCPay Server v2.0.4
    • Add QR Code with link to invitation email
    • Add rate providers for Norwegian exchanges
    • Greenfield: Improve store users API
  • 01:14:52 Zaprite
    • v2024.12.09
      • Add new View Contact page that displays Contact information and recent Invoices and Transactions
      • Add new View Recurring Invoice page that displays the Recurring Invoice Schedule summary and a list of Recent Invoices
      • Add new User Account Profile page, enabling Users to add avatars and display names
      • Add Coinos LNURL integration
      • Add LifPay LNURL integration
    • v2024.11.25
      • Add new View Invoice page which shows recent transactions and activity history
      • Add a ‘Discover’ carousel to the Home dashboard
  • 01:14:54 Peach v0.5.2
    • Dark Mode Build
    • Match paymentdata fix
    • Always share device id hash when using contact form
  • 01:14:55 Boltz boltz-web-app
    • v1.5.4
      • Switch to Blockstream Liquid explorer
    • v1.5.3
      • Improve HWW derivation path selection
    • v1.5.2
      • Submarine Swap preimage copy button
      • Add Chatwoot
      • Show when no browser wallet found
      • 0-amount chain swaps
  • 01:14:56 ESP-Miner v2.4.1
    • Add support for eusolo stats for ckpool
    • Add Noderunners pool to quick links
    • Add 205 config and remove self test flag
    • api: add stratum difficulty
    • Don’t abandon the first mining.notify
    • Swarm styles, refresh on load, more combined stats, more info in table
  • 01:14:58 Clams remote Update
    • Add support for BIP-353 usernames
  • 01:14:59 Mempal v1.3.0
    • Elapsed time since latest block displayed on dashboard and widgets
    • Number of blocks to clear mempool displayed on dashboard and widgets
    • Tor connection indicator now displays on dashboard when connected over Tor
    • Set specific block height alerts for notifications
    • Widget update frequency option in settings
    • Add tap to refresh widget feature and double tap to open Mempal app
  • 01:15:07 Kyoto v0.6.0
    • Pass FeeFilter to client
    • Add Signet and Bitcoin checkpoints
  • 01:15:20 LifPay
    • Introduces Reusable Payment QR Codes with fixed amounts, allowing users to create a QR code with a fixed amount that can be scanned and reused multiple times. [Stacker News]

Project spotlight

  • 01:16:09 Specter Shield Lite: Low Cost Secure Element Backed Security for DIY Bitcoin Hardware Wallet [Announcement] [Github fork]
  • 01:16:17 Covenants support: A dedicated covenants support page on the Bitcoin Wiki, listing developers’ current support positions.
  • 01:18:08 Kibo: An open source Bitcoin Core data extractor and visualizer [Github]
  • 01:18:20 Saving Satoshi: The world’s first interactive, practice-focused game to teach you bitcoin development.
    • “Saving Satoshi is a light-hearted, first point of contact for developers of all ages that want to learn how bitcoin works.” [Github]
  • 01:18:28 Fully Noded Server: A one click Bitcoin Core, Core Lightning and Join Market server to connect to Fully Noded apps. [Github]
  • 01:18:30 Timestamp: A platform that enables both accredited and non-accredited investors to invest in Bitcoin and open-source companies with low minimum investments.
  • 01:18:49 Satoshee: Winners’ club. Carefully curated gift cards, discounts, loyalty program.
    • Satoshee is platform offering gift cards, exclusive discounts, and Loyalty Programs, which support the creation and distribution of open-source media.
  • 01:19:06 hass-miner: Control and monitor your Bitcoin Miners from Home Assistant.
    • Great for Heat Reusage, Solar Mining or any usecase where you don’t need your miners running 24/7 or with a specific wattage.
    • Works great in coordination with ESPHome for Sensors (like temperature) and Grafana for Dashboards.
    • Support for: Antminers, Whatsminers, Avalonminers, Innosilicons, Goldshells, Auradine, BitAxe, IceRiver, Hammer, Braiins Firmware, Vnish Firmware, ePIC Firmware, HiveOS Firmware, LuxOS Firmware, Mara Firmware
  • 01:19:12 Entropy: A collection of open-source bitcoin workshops, projects, hackathons, and software, by D++.
  • 01:19:20 PlebDevs launches [PlebDev Starter Course], a free starter course aimed at complete beginners to learn basic coding or webdev skills, covering code editors, Git/Github, HTML, CSS, and JavaScript.

Vulnerability Disclosures

  • 01:19:29 Droidbot targets banking and crypto apps across Europe [Cleafy’s disclosure]
    • The malware impersonates apps like Google Chrome to steal credentials for 77 banking and cryptocurrency platforms across Europe, and uses Accessibility Services to log keystrokes, overlay fake login pages, and intercept SMS OTPs.
    • DroidBot employs MQTT, typically used in IoT, for stealthy data exfiltration. It encrypts and compresses data before transmission, complicating detection.
  • 01:19:36 DaMAgeCard: SD Express Card vulnerability exposes memory access risks in laptops and consoles [CyberInsider]
    • Positive Technologies researchers identified a vulnerability in SD Express cards, leveraging the Direct Memory Access (DMA) feature to bypass system protections. Modified cards can exploit gaps in securing the transition between SDIO and PCIe modes.
  • 01:19:47 Web3: Malicious versions of Solana’s web3.js npm library expose private keys [The Hacker News]
    • Researchers uncovered two malicious versions (1.95.6 and 1.95.7) of the popular @solana/web3.js npm library, which harvested private keys to drain crypto wallets.
    • The attack is believed to have stemmed from a phishing incident targeting the npm package maintainer, allowing the hacker to publish compromised versions.
  • Encrypted communications service ‘Matrix’, dismantled by international police operation [Europol]
    • A large-scale investigation, lead by French and Dutch authorities involved in a joint investigation, lead to the interception of 2.3 million messages in 33 languages over a monitoring period of three months, dismantling more than 40 servers.
  • Uganda confirms central bank hack, downplays extent of the loss of 62 billion shillings ($16.8 million) [Reuters]
    • The hacking group, ‘Waste’, based in Southeast Asia, transferred funds abroad, including to Japan. The central bank has recovered over half of the stolen amount.

Audience Questions

  • 01:24:05 How do NVK and the guests feel about Google’s Willow quantum chip? Is Bitcoin at risk?
  • 01:30:01 Can NVK and the guests comment on James OB’s recent Tweet? “Very simple scenario for you: Tomorrow gov announces that by EOW, all exchanges must move held bitcoins over to a one-way hardfork that adds “monetary policy tools” and OFAC compliance Can bitcoin support an exit for everyone who wants out? This is why scaling matters.” What are your general thoughts, and also how would a “one-way hardfork” work?

Software Releases & Project Updates

  • The Tor Project replaces its legacy BridgeDB system with Rdsys, a modular and adaptable bridge distribution system. [Blog post]
    • Rdsys supports flexible distribution channels, such as Telegram, enhancing user accessibility and bypassing restrictions without relying on outdated captchas.
    • Tor Browser v14.03
  • NomadNet v0.5.5
    • Add Checkbox and Radio Group fields to Micron
    • Fix invalid LXMF link handling in browser
  • Sideband
    • v1.2.0
      • Sideband now includes Liam Cottle’s RNode flasher in the internal repository
      • Updated message color scheme for better readability and theme consistency
      • Updated theme and user interface defaults for new installations
      • Added signal stats to the announce stream (if available from interface)
      • Added ability to render rich markup in messages
      • Added per-object live-tracking mode for telemetry-enabled peers
      • Added ability to add any number of interfaces via the Advanced RNS Configuration option
      • Added Utilities section
      • Added support for the repository server on desktop operating systems
    • v1.1.4
      • Add ability to add message attachments from sharing intent on Android
      • Add ability to add message attachments with drag-and-drop on desktop
      • Add user interface scaling option
      • Update RNS and LXMF to latest versions
  • Tails v6.10
    • Fix support for Trezor hardware wallets in Electrum
    • Disable saving telemetry data in Thunderbird
    • Update Tor Browser to 14.0.3. and Thunderbird from 115.16.0 to 128.4.3

Lightning + L2+

Project spotlight

  • PeerSwap: enables Lightning Network nodes to balance their channels by facilitating atomic swaps with direct peers [Github]
    • PeerSwap enhances decentralization of the Lightning Network by enabling all nodes to be their own swap provider. No centralized coordinator, no 3rd party rent collector, and lowest cost channel balancing means small nodes can better compete with large nodes.
  • Voltz Tip Bot: An easy-to-use Lightning Network Telegram Bot designed to facilitate tipping sats right within your Telegram groups [Announcement]
  • Liquid Horse: Liquid Sidechain Statistics. Provides statistics and analytics for the Liquid Network.
    • It tracks data such as block production, sidechain transactions, functionary uptime, and federation wallet balances. It also highlights the operational status of block signers and other technical metrics related to network performance
  • awesome-liquid-network: A curated list of Liquid Network resources, libraries, tools and applications
  • Macadamia: A native iOS client for cashu [Github]
    • Macadamia supports standard Cashu operations such as: Minting of tokens, sending and receiving, melting tokens, restoring your wallet balance using a 12 word mnemonic seed phrase backup.
      • v0.2.0: This version is a complete rewrite, segregating cashu logic to its own library and implementing a database model in SwiftData.
  • Strata Bridge: Alpen Labs is developing a bitcoin bridge to its Strata platform, enabling 1 BTC on Strata to match 1 BTC on bitcoin with minimal trust assumptions. [Announcement]
    • The Strata bridge is based on the BitVM2 paper by Robin Linus, incorporating optimizations and advanced research to improve efficiency and robustness.

Software Releases & Project Updates

  • Core Lightning v24.11 - The lightning-dev Mailing List
    • Highlights for Users:
      • xpay is a new, experimental plugin for payments. It’s rewritten from the ground up, on top of another plugin called askrene, which provides advanced routing advice for payments
      • Paying and receiving offers (bolt12 send and receive) are enabled by default
      • hsmtool generatehsm can now accept all the parameters on the command line
    • Highlights for Developers:
      • cln-grpc (our rust plugin to provide a GRPC interface) is enabled by default
      • There’s a new dev-splice command which lets you provide a splice script for describing complex moves
      • Improve tracing infrastructure
    • Highlights for the Network:
      • We gossip harder: we try to stay connected to 10 nodes
      • Connectd will connect faster on startup, maintaining up to 10 outgoing connection attempts in parallel
  • LND v0.18.4-beta.rc1
    • Minor release which ships the features required for building custom channels, alongside the usual bug fixes and stability improvements.
    • Features: The main channel state machine and database now allow for processing and storing custom Taproot script leaves, allowing the implementation of custom channel types in a series of changes.
    • Functional Enhancements:
      • A new protocol.simple-taproot-overlay-chans configuration item/CLI flag was added to turn on custom channel functionality.
      • Compatibility with bitcoind v28.0 was ensured by updating the version the CI pipeline is running against.
  • Eclair v0.11.0
    • This release adds official support for Bolt 12 offers and makes progress on liquidity management features (splicing, liquidity ads, on-the-fly funding). We also stop accepting channels that don’t support anchor outputs and update our dependency on Bitcoin Core.
    • Implement full support for Bolt 12 payments
    • Improve implementation of splicing, by relying on the now official quiescence feature and adding RBF support
    • Include an early prototype for liquidity ads
    • Update minimal version of Bitcoin Core (v27.2)
    • Incoming obsolete channels will be rejected
    • HTLC endorsement for channel jamming
    • On-the-fly funding: introduces implementation of proposed protocol to negotiate an on-the-fly liquidity purchase
  • Zeus v0.9.3
    • Improved channels UI: including reserves
    • Invoice Settings: Display requested amount on invoice
    • Embedded LND: Troubleshooting menu
    • Bitcoin denominated amounts: display with spaces
    • ZEUS Pay: UX improvements
  • Ark v0.4.0 - New address encoding, Notes and Market Hours
    • New Address Encoding: Instead of encoding user and server public keys, we now encode the VTXO output script (Taproot key) and server public key
    • Ark Notes: a feature designed for users who may not be online frequently
      • Clients can share a Nostr public key (profile) for each of their VTXOs
      • When users go offline, the Server will print notes worth their unspent swept VTXOs
      • Users can restore their off-chain balances when they come back online in the future
    • Market Hours:
      • Introduce specific periods during which the server will offer lower service fees for users joining rounds
      • Allow users to schedule their settlements at predetermined times in the future, potentially saving on fees
    • Server Improvements:
      • Connection of the internal Bitcoin wallet to bitcoind with ZMQ
      • Support for restoration of the internal Bitcoin wallet
      • Auto-unlock feature for the internal wallet
      • Increase testing surface for improved reliability
      • Consolidation of APIs
  • Alby
    • lightning-browser-extension v3.10.0 - Ice Clouds over a Red Planet
      • Version v3.10.0 introduces the Alby Hub Connector and a notification banner for upgrading shared wallets to Alby Hub. It also replaces “Citadel” with “Nirvati” and includes multiple translation updates.
    • Alby-go v1.7.2
      • LNURL-withdraw support
      • Improve currency selection
      • Boostagram info in transaction details
      • Delete contacts in address book
      • Enhance QR code readability
    • bitcoin-connect v3.6.3
      • Add currency selector UI
  • Breez SDK v0.6.5
    • Increase reliability for trampoline payments
  • Lightning Terminal v0.14.0-alpha.rc1
    • This first Release Candidate of Lightning Terminal (LiT) ships the first non-experimental version of Taproot Asset Channels
  • Taproot-assets v0.5.0-rc1
    • Database Migrations: tapd v0.5.0 contains non-revertible database migrations. After running tapd v0.5.0, these database migrations prevent downgrading tapd to a previous release. Create backups of tapd database state, before upgrading to tapd v0.5.0.
    • Breaking changes:
      • Downstream Projects - litd: litd v0.14.0-alpha enhancements require both channel peers to upgrade to a litd version >= v0.14.0-alpha to continue Lightning Channel functionality.
    • tapd v0.5.0 changes:
      • Oracle RPC: The RPC protobuf definitions for the Price Oracle have changed. Asset exchange rates are now expressed as FixedPoint to achieve better precision.
      • Configuration changes: The configuration value (universe.public-access) and command line flag (--universe.public-access) now needs a value and is no longer a boolean
  • Torq v2.1.0
    • Bitcoind wallet as a node type (Torq now has on-chain wallet support for CLN, LND and bitcoind)
    • Bitcoind existing on-chain address listing
    • Management of UTXO locking
    • Improve transaction output visualizations (and backend)
    • Improve transaction output linking to channels (funding/closing transactions)
    • LND: sweep transaction output linking to channels -Torq gRPC (BETA feature):
      • New call SubscribeBlockHeight
      • New call PayOnChain
      • New call DecodeInvoice
      • New call GetInvoiceStatus
  • Polar v3.1.0
    • This minor release is needed to support the latest released versions of litd v0.14.0-alpha.rc1 and tapd v0.5.0-alpha.rc1.
    • Features:
      • Add Description field when creating a new network
      • Add full support for decimal display for TAP assets
  • CLBOSS v0.14.1 - Hand at the Grindstone
    • Contrib Script Enhancements:
      • Add --lightning-dir option to the contrib scripts
      • Add Nix Support
    • Stack Unwinding Support:
      • Implement libunwind for stack unwinding
      • Replace the use of program_invocation_name with a custom global variable to store the program name, improving portability to systems like FreeBSD and other Unix-like systems.
    • Configurable Exception Backtrace Support:
      • Add the --disable-exception-backtrace option to configure
      • The Util::BacktraceException class now provides a no-op wrapper when exception backtraces are disabled via --disable-exception-backtrace
  • Minibits Wallet v0.1.10
    • This native update brings sole but important architectural change: all Nostr wallet (NWC) commands are now processed using Android’s foreground service.
  • Cashu-ts v2.0.0
    • NUT-05: description for invoice, integration test without bolt11 decode
    • DX: Enforce explicit type annotations on function parameters
    • NUT-18: Payment requests
    • Add pipeline to build RC from staging branch
    • Add fees and coin selection
    • Streamline blinding
    • Wallet: Remove bip39 dependency
    • Support for NUT-12

Nostr

Project spotlight

  • Myriad: A simple personal blossom server for your own files [Code repository]
  • Cherry Tree: Chunked files stored on blossom servers [Github]
    • “An experiment to see if its possible to re-create torrents on top of blossom servers and nostr” [Explanation]
  • Condenser: A nostr bot built using the mistral api which summarizes all notes from the news.utxo.one relay [Github]
    • “A script that fetches the last 6 hours of events from news.utxo.one and summarizes them using the Mistral API.”
  • Mostr: An immutable nested collaborative task manager, powered by nostr [Github]
  • Robosats Nostr Sync: Scrappers to publish to nostr orders from other platforms [Github]
    • The tool can display non-kyc exchange HodlHodl offers on Robosats’ client [Note]
  • nokakoi: Grid style live nostr client for Windows. [Github]
  • The Bullish Bulletin: An app powered by Nostr Wallet Connect to post all sorts of messages like job ads or announcements
    • Users can choose a note type, enter their message and pay via Bitcoin Connect to publish their post.
  • Vpnstr: A new VPN service with 53 locations and unlimited bandwidth, can be paid with Bitcoin on the Lightning Network

Software Releases & Project Updates

  • Rust Nostr v0.37.0
    • Add support to NIP17 relay list in SDK (when gossip option is enabled)
    • Add NIP22 and NIP73 support
    • Fix Swift Package
    • From this release all the rust features are be disabled by default (except std feature in nostr crate).
  • Primal
    • iOS v2.0.134
      • Improve onboarding
      • Profile screen improvements
      • Feed rendering improvements
      • App shell cosmetic improvements
    • Android v2.0.28
      • Implement:
        • Profile avatar and cover image viewer in profile details screen
        • Rendering highlights and generic events in feeds
        • Tap QR code to copy addresses on profile QR code viewer
        • Follow/unfollow approvals if contact list is not found
        • Onboarding follows customisation and zaps introductions
        • Premium badge on profile details screen
        • New avatars designs
        • Support for primal legend avatars across the app
        • Primal premium check into profile editor
    • Web v2.0.11
      • Profile screen improvements
      • Feed rendering improvements
  • Damus Notedeck Alpha is now available for Purple subscribers [Announcement]
    • Lightning fast: Built from the ground up with an ultra-fast database made exclusively for nostr, leveraging several state-of-the-art performance techniques not available on web clients
    • Custom feeds: Add timeline, hashtag, and notification columns of any nostr public key. Which means you can see the nostr landscape through other peoples’ eyes
    • Add account switching
  • Notedeck Update
    • Update user relay-list via polling
    • Add user mute list sync via polling
    • Skip muted content
    • debug: add crate features which enable egui DebugOptions
  • Amethyst
    • v0.93.1
      • Move to NIP-22 to reply to Interactive Stories
      • Add amount and personalization labels to the DVM feed
      • Improve performance of the Hex encoder
      • Improve the layout of the discovery feed items
      • Update Jackson, secp256k1, and AGP
    • v0.93.0 - Blossom, Olas, Around Me feeds and Interactive Stories
      • Add support for displaying NIP-63 Interactive Stories
      • Add support for Blossom media servers
      • Add support for Olas’ Image feeds
      • Add support for Around Me feed with posts that only show up in that location
      • And many more new features
  • Chronicle v0.3
    • Add workaround to stop saving duplicate events
  • Olas
    • iOS v0.1.5
      • Reposts
      • Zaps (via Nostr Wallet Connect for now)
      • Swipe-to-zap
      • Performance improvements
    • Android v0.1.5
      • NWC zaps
      • LN and Nutzaps via swipe-to-zap
      • Reposts
      • Performance optimizations
    • v0.1.4-1
      • Add reposts
      • Performance improvements
    • v0.1.4
      • Add bookmarks
  • Snort v0.3.0
    • Drop NIP-04 support for DM’s
    • Profile link QR selector (npub/nprofile)
    • Relay up time reporting (via nostr.watch NIP)
    • New note designer media attachment UI
    • Media browser via NIP-96 server list
    • NIP-89 support (App handlers for unknown events)
    • WoT filter for replies
    • Drop NIP-04 support for NIP-46 bunkers (NIP-44 only)
    • NIP-55 Amber signer support
  • YakiHonne Update
    • Mobile:
      • All-in-One Content Hub: Create notes, articles, videos, curations, and smart widgets all in one place
      • New Media Servers: Added support for NostrMedia.com (npub18jn…59kc), Nostr check, and more
      • Thread Timeline Enhancements: Smoother and clearer thread viewing
      • Nip 44 Gift Messages: Now enabled by default
      • App-Wide Improvements: Faster, smoother, better
    • Web:
      • Upgraded Note Editor: GIFs, emojis, and real-time previews to enhance your creativity
      • Enhanced Long-Form Content: A fresh design to make writing a joy
      • Custom Media Uploaders: Support for more media options and servers
      • Expanded Search: Find more notes, media, and users with ease
      • Browsing Suggestions: Discover new notes, media, users, and more
  • Nostrmo v2.9.4
    • Remove metadata cache when start and change wot reload method
    • Add support to sync user’s local events to relays
    • Add support to send long form
    • Add a json viewer to event json copy
    • Trace router query add tempRelays support
  • Keychat v1.22.2
    • Support Large Group Chat with OpenMLS Integration
    • New Bot Identity: Support Ecash Payments for ChatGPT-4o and ChatGPT-4o-mini Interaction, pay per message
    • Breaking change: Adopting nip17 to send signal hello message and use new signature scheme
  • 0xChat App
    • v1.4.4
      • Optimize the data storage performance of the Cashu wallet
      • Enable opening external images with 0xChat
      • Add support for customizing the Moment feature
      • Add support for the Persian language
    • v1.4.2
      • Add a text size adjustment setting
      • Add inbox/outbox relays setting
  • Voyage
    • v0.17.1
      • Don’t allow saving empty lists
      • Treat empty list pairs as deleted
    • v0.17.0
      • Features:
        • Create polls
        • Filter HomeFeed by roots, cross and polls
        • Show poll end time in post details
      • Improvements:
        • Force nip22 usage when replying with 5 or less characters
        • Set t tags when nip22-replying hashtags
        • Adjust scroll behaviour
  • Nos.social
    • v1.0.3
      • Add support for user setting and displaying pronouns
      • Add display of website URLs for user profiles
      • Update note header UI to make it more readable
  • Citrine
    • v0.5.8
      • Move database view to a new screen
      • Don’t send received events to the same connection that sent them
      • Performance improvements when deleting events
      • Check if there’s a newer version of the event before saving the event to the database
    • v0.5.6
      • Add a option to fetch your events from relays
      • Add a delete all button
      • Feed by kind
  • Pokey
    • v0.1.2
      • Implement Multi-account
    • v0.1.1
      • Notifications now display NIP05 pictures if available
      • Prepare the code for multi-account
      • New APKs available per Arch
  • Amber v3.0.0
    • New design (still a work in progress)
    • Open the permissions page with the correct account
    • Option to setup a custom pin for the app
    • Button to copy your public key
    • Better check for valid relays
    • Support for secret when using nostrconnect
  • Zapstore v0.1.7
    • Performance: Faster, background downloads
    • Feature: Full screen app images
    • Feature: Remember trusted signers
    • Feature: Show certificate mismatch before installing
  • SatShoot v0.2.0 [Github]
    • Cashu nip60 wallet and payment with nip61 nutzaps: multimint payments, mint exploration, manual and automatic backup and resync mechanisms
    • Rendering of nostr URI-s

Boosts

  • Thanks to everyone who streamed sats, and shoutout to our top boosters:
    • [🏆 TOP BOOSTER] @forest (3,500 sats) “👊”
    • @tac_btc (1,000 sats) “Thank you”
    • @Hugh Janus (200 sats) “https://media.tenor.com/OdfwhhIoccAAAAAC/i-see-south-park.gif”
    • @edblock “Great Episode joined by guests Stephan Livera, Rijndael & Ben Carman about apps for Bitcoiners.”

Tech Tip of the Day

  • Surveillance Self-Defense: Tips, Tools and How-tos for Safer Online Communications, a project from the Electronic Frontier Foundation
    • A guide providing practical guides, tips and strategies to help individuals and organizations protect their privacy and security online.

Bitcoin Optech Newsletter

  • Highlights from recent Bitcoin Optech Newsletters
    • 332
      • Transaction censorship vulnerability: Antoine Riard posted to the Bitcoin-Dev mailing list about a method for preventing a node from broadcasting a transaction belonging to a connected wallet.
      • Continued discussion about consensus cleanup soft fork proposal: Antoine Poinsot posted to the existing Delving Bitcoin thread about the consensus cleanup soft fork proposal
    • 331
      • Lisp dialect for Bitcoin scripting: Anthony Towns made several posts about a continuation of his work on creating a Lisp dialect for Bitcoin that could be added to Bitcoin in a soft fork.
        • bll, symbll, bllsh
        • Implementing quantum-safe signatures in symbll versus GSR
        • Flexible coin earmarks

News & Noteworthy

Lightning + L2+

  • ZEUS Pay cuts lightning address fees and lowers minimum limit [Blog post]
    • ZEUS Pay announces zero fees for receivers, previously charged 2.5-10% depending on the payment amount. The minimum amount receivable has been reduced to 1 satoshi, previously set at 10 satoshis.
  • Non-Custodial Ecash: A Trust-Minimized Payment System by Luke Childs [Proposal]
    • The proposal details a protocol leveraging Spillman payment channels, allowing users to hold self-custodial credits redeemable for ecash tokens during transactions. Custodial risk would only exist during payment processing.
  • You can now buy a Vpnstr VPN with Cashu, making it the first VPN to accept ecash.

Business & Finance

  • Casa announces Praetorian by Casa, an offering for governements willing to secure their national bitcoin reserves with self-custody protocols, removing reliance on third-party custodians [Announcement]
  • Strike introduces Bill Pay for U.S. customers, allowing them to automate bill payments using either bitcoin or cash directly from their Strike accounts. [Blog post]
  • BitGo launches BitGo Retail, a retail platform offering trading, custody, staking, and wallets with institutional-grade security and regulatory compliance. [Business Wire]
  • Fold now allows primary account holders to add up to three authorized users, each with their own Fold card. [Blog post]
    • This feature enables families to collectively earn bitcoin rewards on eligible purchases under one account.
  • Rumble’s Board of Directors approves allocating up to $20 million of excess cash reserves to Bitcoin, supporting its expansion into cryptocurrency. [Press release]
    • The company will determine Bitcoin purchases based on market conditions and business needs, with the strategy subject to change at any time.
  • Swan customers are being charged up to $125 for a Fortress ‘Admin Fee’, after the company moved all Fortress Trust accounts to new services providers. [Announcement]
    • The company will cover up to $250 of purchase fees for impacted users in the first half of 2025.
  • DMM Bitcoin, a Japanese exchange, announces its closure following a 4503 BTC ($300 million) hack earlier this year. [Announcement]
    • The company agrees to transfer customer accounts and custodial assets to SBI by March 2025.
  • MARA acquires a 240 MW interconnection wind farm in Hansford County, Texas, featuring 114 MW operational wind capacity. The project plans to leverage sustainable resources for near-zero energy cost and enable broader renewable energy deployment [Press release]

Quantum

  • Google introduces Willow, a quantum chip with breakthroughs in reducing errors exponentially as more qubits are added. [Press release]
    • In benchmark tests, Willow solves computations in minutes that would take leading supercomputers over 10^25 years.

Funding

  • OpenSats renews grant to 9 projects advancing the ecosystem on various fronts: BTCPay Server, Stratum V2, Raspiblitz, LNbits, Vexl, Blixt, Krux, Bitaxe, and Labelbase.
  • Spiral announces two new grants to Bob McElrath, for his work on Braidpool, and Rachel Rybarczyk, core developer at Stratum v2 project.
  • Bitcoin Dev Kit Foundation announces grants to Wei Chen, newest BDK’s full-time Rust maintainer, Evan Lin, part-time Rust maintainer, and Nymius, a new project grantee contributing to Silent Payments and general project maintenance.
  • OCEAN Pool now allows miners to donate rewards directly to the P2PRights fund for Samourai Wallet’s legal defense. [Atlas21]

Mining

  • U.S. Customs and Border Protection is holding shipments of Bitmain’s Antminer S21 and T21 ASIC miners at ports, following a request from the Federal Communications Commission. [BlockSpace]
    • Seven U.S.-based bitcoin mining companies report delays of up to two months. Other ASIC manufacturers, such as MicroBT and Canaan, are not affected.
  • Bitmain introduces a new production line in the U.S. to improve response times and efficiency for North American customers. [Announcement]
  • The Public Utility Commission of Texas requires crypto mining facilities consuming over 75 MW to register with ERCOT, detailing their location, ownership, and power usage. [Texas Tribune]
  • Bitcoin mining pool issues rewards in ecash, without an account being required. Miners can then withdraw ecash to the Lightning Network or on-chain [Note]

Privacy

  • U.S. agencies, including the FBI and CISA, encourage Americans to adopt end-to-end encrypted messaging apps in response to ongoing cyber threats [ArsTechnica]
    • U.S. officials reveal an ongoing breach targeting global telecom systems, attributed to the Chinese hacking group “Salt Typhoon”, which has compromised at least 8 U.S. telecom providers, more than initially reported.
    • The attack, which began in spring 2024, exploited vulnerabilities in over 80 telecom companies, compromising sensitive data such as call metadata and private communications of political and government-linked individuals.
  • EU scrutiny on encrypted messaging: The High Level Group on Data Access highlights challenges law enforcement faces with “over-the-top” (OTT) messaging services like Signal, WhatsApp, and Telegram. [Heise]
    • They advocate “lawful access by design” to enable real-time access to encrypted communications while ensuring court oversight for serious crimes.
  • Coinbase advises users against using VPNs and ad blockers, citing that its risk models associate them with malicious activity. Product Director Scott Shapiro states these tools often raise security flags, even for legitimate users. [Twitter post]

Protocol

  • Libsecp256k1: Safegcd’s implementation formally verified by Blockstream Research [Bitcoin Magazine]
    • The safegcd modular inversion algorithm, implemented in libsecp256k1, was formally verified using the Coq proof assistant. This verification ensures its correct termination and accuracy in 256-bit inputs.
  • Bitcoin Core #30039: dbwrapper: Bump LevelDB max file size to 32 MiB to avoid system slowdown from high disk cache flush rate [Merged]
  • Bitcoin Core #31122: cluster mempool: Implement changeset interface for mempool [Merged]
    • Provides a changeset interface for the mempool, enabling a node to evaluate the impact of proposed changes on its state
  • Bitcoin Core #30708: rpc: add getdescriptoractivity [Merged]
    • The RPC command scanblocks helps retrieve blockhashes with relevant activity for specific descriptors.
  • Eclair #2935: Add force-close notification [Merged]
  • NIP #1551: Instagram feeds [Merged]
  • NUT-19 Cached responses: The NUT adds idempotency to key endpoints, enhancing the reliability of the Cashu protocol. [Merged]

Government & Political

  • Brazilian Congressman Eros Biondini introduces RESBit, a bill for a national bitcoin reserve, suggesting an allocation of up to 5% of Brazil’s $372 billion international reserves. [The Block]
    • The bill aims to diversify financial assets and strengthen Brazil’s resilience against currency fluctuations and geopolitical uncertainties.
  • El Salvador considers adjusting bitcoin policy to secure IMF loan [Financial Times]
    • A proposed legal change would allow merchants to choose whether to accept bitcoin. This adjustment is part of conditions set by the IMF for a $1.3 billion loan, alongside $2 billion from other international lenders.
  • Czech Republic removes capital gains tax on digital assets held for over 3 years, starting December 2024 [The Block]
  • Fifth Circuit overturns Tornado Cash sanctions, citing overreach by OFAC [The Rage]
    • The court rejected the government’s claim that Tornado Cash operates as a service, explaining that its smart contracts are lines of code, not human-driven services. It also clarified that Tornado Cash cannot control its immutable contracts, distinguishing them from mutable, user-controlled systems.
  • Damian Williams steps down as U.S. Attorney for the Southern District of New York after overseeing Samourai Wallet and Tornado Cash cases [Press release]
  • The Canton of Bern, in Switzerland, approves a feasibility study to explore Bitcoin mining’s potential within its energy framework. [Atlas21]
    • The study focuses on identifying surplus energy, collaborating with Swiss miners, and evaluating mining’s impact on grid stability.
  • Operation Choke Point 2.0: U.S. regulators’ actions against crypto activities revealed in FDIC letters [CoinDesk]
    • The FDIC’s “pause letters” dated back to March 2022, with officials advising banks to halt crypto services until further risk assessments were made.
  • Russia’s president signs a law recognizing digital currencies as property, enabling taxation of mining and transactions. [The Moscow Times]
    • Cryptocurrency mining and sales are exempt from VAT but subject to income tax at tiered rates. Corporate entities face a 25% tax starting next year.
    • A database of government-approved miners was launched in November. Another law permits the Central Bank to pilot cross-border cryptocurrency transactions.
  • Morocco’s central bank is adopting a draft law to regulate cryptocurrencies, which have been banned since 2017. [Reuters]
    • Bank Al Maghrib is also considering the development of a central bank digital currency (CBDC) to enhance financial inclusion.
  • Taiwan’s Financial Supervisory Commission (FSC) enforces stricter AML rules for digital assets service providers starting November 30, 2024. [The Block]
    • FSC officials emphasize fraud prevention and tighter oversight, including regulations on fiat custody, data security, complaint handling, and record-keeping.

Events

  • Plan ₿ Forum El Salvador
    • Central America’s premier Bitcoin conference, uniting global leaders, technologists, and entrepreneurs.
    • January 30-31, 2025 in San Salvador, El Salvador
  • Bitcoin Medellin
    • The first ever Bitcoin Medellin Conference
    • January 17-18, 2025 in Medellin, Colombia

Reads

  • Here’s a list of our top recently published reads:
    • Erosion of the Meaning of Custody, by Nicolas Dorier [Blog post]
    • Buckets of blind signatures, by Callebtc [Blog post]
    • Financial surveillance in the United States: How the Federal Government weaponized the Bank Secrecy Act to spy on Americans [Report]
    • Privacy in Public Part 3: Cash and Bitcoin, by BPI Fellows Andrew Bailey, Bradley Rettler, and Craig Warmke [Bitcoin Policy Institute]
    • Understanding Liability for Unlicensed Money Transmitting Businesses under § 1960, by Daniel Barabander, Amanda Tuminelli and Jake Chervinsky [Paper]
    • Hodlers: an apology, by the Financial Times [Article]

Episode submission ideas

  • We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod


Did I get anything wrong above? Help me correct it producer@coinkite.com