Bitcoin Review Podcast BR091 - AnchorWatch Trident Vault, Ledger Co-founder Kidnapped, Blue Wallet, M17, The Case for Multi-vendor Setups, Tails removes HWW Support + MORE ft. Craig & Rob
Iâm joined by guests Craig Raw and Rob Hamilton to go through the list.
Housekeeping
- 00:01:11 Ross Ulbricht receives âa full and unconditional pardonâ from U.S President Donald Trump [Fundraiser]
- 00:03:44 New Marketing Manager position open at Coinkite
- 00:03:48 Exchanges BullBitcoin, River, Strike, Relai, CashApp, and Swan were added to BitcoinSecurity.guide
- 00:04:15 Check out Olas Awesome new nostr app from Pablo
- 00:04:48 Call for guests: If you are a maker, working on bitcoin projects, we would love to have you on the show. Reach out at producer@coinkite.com
Urgent Vulnerability Disclosures
- 00:05:58 Ledger co-founder David Balland released after kidnapping [Bloomberg]
- David Balland, co-founder of French crypto wallet startup Ledger SAS, was kidnapped from his home in central France on Tuesday, kidnappers demandning a substantial ransom in cryptocurrency.
- Balland was freed on Wednesday night following a police operation and being rescued by the GIGN. He is currently receiving treatment from emergency services.
- The kidnappers are said to have sent a finger as part of their request for money.
- 00:12:28 AxeOS CSRF Vulnerability: Using CSRF Attack to update the Payout Address on BitAxe Bitcoin Miners [Snotraâs disclosure]
- AxeOS, the firmware for Bitaxe Bitcoin miners, lacks authentication and CSRF protections in its web interface, enabling unauthorized users on the same network to alter settings, including the stratum user, which determines the Bitcoin address for payouts.
- A proof-of-concept demonstrates that visiting a malicious website can change a Bitaxeâs settings without user consent, redirecting mining rewards to an attackerâs Bitcoin address.
- The web serverâs permissive CORS headers further exacerbate the vulnerability, possibly allowing attackers to change hardware settings or upload malicious firmware.
Bitcoin
Software Releases & Project Updates
- 00:12:58 AnchorWatch launches U.S. service for bitcoin holders [Announcement]
- AnchorWatch offers a bitcoin custody service with insurance from Lloydâs of London, targeting U.S. customers holding between $250K and $100M in bitcoin.
- Key features of AnchorWatchâs service:
- Insured custody for bitcoin without requiring users to give up their keys
- Lloydâs of London Coverholder
- Trident Vault provides protection through signing transactions while insured
- Seamless transition to self-custody when policy ends
- AnchorWatch aims to provide protection against various risks, including theft, loss of keys, and death.
- AnchorWatch offers a bitcoin custody service with insurance from Lloydâs of London, targeting U.S. customers holding between $250K and $100M in bitcoin.
- Mint-005
- Mint-005 is a 3 key joint custody vault that provides a way for a Principal to secure bitcoin with the help of an Agent.
- It uses a negative control approach, where by default funds cannot be moved unless both the Principal and the Agent sign the transaction.
- There are recovery mechanisms in place for situations where a party loses their keys or the agreement between the Principal and the Agent expires.
- 00:47:28 Bitcoin Core v28.1
- This release includes new features, various bug fixes and performance improvements, as well as updated translations.
- P2P
- When the
-port
configuration option is used, the default onion listening port will now be derived to be that port + 1 instead of being set to a fixed value (8334 on mainnet). This re-allows setups with multiple local nodes using different-port
and not using-bind
, which would lead to a startup failure in v28.0 due to a port collision. - #30568 addrman: change internal id counting to int64_t
- When the
- Key: #31166 key: clear out secret data in DecodeExtKey
- Build:
- #31013 depends: For mingw cross compile use
-gcc-posix
to prevent library conflict - #31502 depends: Fix CXXFLAGS on NetBSD
- #31013 depends: For mingw cross compile use
- Test:
- #31016 test: add missing sync to feature_fee_estimation.py
- #31448 fuzz: add cstdlib to FuzzedDataProvider
- #31419 test: fix MIN macro redefinition
- #31563 rpc: Extend scope of validation mutex in generateblock
- Doc: #31007 doc: add testnet4 section header for config file
- CI: #30961 ci: add LLVM_SYMBOLIZER_PATH to Valgrind fuzz job
- Misc:
- #31267 refactor: Drop deprecated space in
operator""_mst
- #31431 util: use explicit cast in MultiIntBitSet::Fill()
- #31267 refactor: Drop deprecated space in
- 00:48:10 Wasabi Wallet v2.4.0
- Add support sending to Silent Payment addresses: receiving is a work in progress
- Instead of TestNet 3, Wasabi now uses TestNet 4
- Release Notes are now also available in the client
- A donation button has been added on the main screen
- 00:48:15 BDK v0.30.1 - DEPRECATED
- The bdk library is now deprecated and replaced by bdk_wallet. All projects should migrate to bdk_wallet 1.0.0 or newer as soon as possible.
- Update bdk 0.30.x README docs to deprecate the bdk library
- The bdk library is now deprecated and replaced by bdk_wallet. All projects should migrate to bdk_wallet 1.0.0 or newer as soon as possible.
- 00:48:27 Nunchuk Android v1.9.59
- Taproot multisig wallets
- Revamp add key flow
- Honey Badger Premier
- 00:48:37 Specter Desktop v2.1.1
- Add wallet export to Jade via QR
- Expose internal node to localhost only
- HWI upgrade to 2.4.x
- Make Specter work with Bitcoin Core 28.0
- Remove BLE code for Jade
- 00:49:02 Bitcoin Keeper
- 00:49:18 Blue Wallet v7.0.7
- Import xpub as zpub/ypub if it was ever used
- New wallet export screen
- Display Lightning details in Invoice View
- Add HKD fiat
- Add loading indicator to Edit Vault row
- Set preferred server from menu
- Keyboard accessory on vault modal
- Android menu icons
- And many fixes
- 00:50:32 BTC Pay Server v2.0.6
- This release contains a security fix for merchants using refunds/pull payments On-Chain with automated payout processors
- New features
- SEO: Add ability to customize HTML meta tags and HTML lang attribute for crowdfund and PoS
- Add the ability for merchants to manually transition a payout from the
InProgress
state toAwaitingPayment
- 00:55:39 Liana v9.0 - Itâs over 90.00k !
- Breaking changes
- Running Liana v9 on an existing installation will migrate its database. Once migrated the database wonât be compatible with previous versions of Liana.
- The new Minimum Supported Rust Version of the GUI software is now 1.80
- Liana daemon / library
- The daemon feature was removed, we expect user to use their own process manager like systemd
- Three new columns are added to the table transaction: the number of inputs, the number of outputs and if the transaction is a coinbase transaction
- A new column is added to the coins table:
is_from_self
and a newfield is_from_self
is added to the coin entry of thelist_coins
command
- Liana GUI
- New button on the transactions panel allows user to do an export of their transactions to an external file using the CSV format
- Bitcoind and electrum information in the settings panel can now be copied to clipboard
- Coins that are change from transactions that user control are now part of the balance
- Unconfirmed coins can now be selected by the automatic selection if the coins is from transaction which inputs are controlled by the wallet
- Breaking changes
- 00:55:58 Blockstream
- Green QT v2.0.17
- Add graphical assets for Jade Plus
- Support video promo on Linux
- Show total spent amount in transaction details
- Green QT v2.0.17
- 00:57:58 BoltzExchange
- boltz-web-app v1.6.1
- Safety check before calculating fees
- Show when no lockup can be found for refund
- Show routing fees
- Pro build configuration
- boltz-web-app v1.6.1
- 00:58:00 Live Wallet v1.0.0
- Transaction privacy analyzing
- Transaction output labeling (KYC, do not spend)
- 00:58:11 Kyoto
- 00:58:19 ESP-Miner
- 00:58:21 Bitcoin Safe v1.0.1
- Add dark mode support
- Add delete coin category (via right click context menu) additionally to the âdrag to delete buttonâ method
- Fixes missing USB (HWI) support in Windows and Mac builds
- 00:58:40 BTC Map
Project spotlight
- 00:58:44 Bitaxe Touch: A new touch screen single ASIC chip Bitcoin solo miner [Announcement]
- The Bitaxe Touch, developed by Open Source Miners United, is a touch screen Bitcoin miner featuring an 800Ă480 pixel LCD that displays real-time Bitcoin price, Mempool data, power usage, hashrate, and temperature.
- It is powered by the Bitaxe 601 Gamma, and utilizes the BM1370 ASIC chip from the Bitmain S21 Pro, with a hash rate of up to 1.6 TH/s.
- 00:58:51 Coinswap: Functioning, minimal-viable binaries and libraries to perform a trustless, p2p Maxwell-Belcher Coinswap Protocol [Github]
- The project offers a minimal viable implementation of a trustless, peer-to-peer Maxwell-Belcher Coinswap protocol using HTLCs on Bitcoin.
- It includes automated integration testing on Bitcoin Regtest and operates over Tor by default. The system supports multiple users (makers, taker, and directory server).
- Coinswap releases its [v0.1.0]
(https://github.com/citadel-tech/coinswap/releases/tag/v0.1.0
) - First Public Beta Release- Complete Protocol Specification:
- The full Coinswap protocol has been formalized and documented in detail
- Explore the Coinswap Protocol Specification to understand how it ensures decentralized, private, and censorship-resistant swaps
- Functional Test Coverage:
- A robust set of functional tests has been introduced to simulate swap scenarios and ensure protocol correctness
- Dive into the tests and explore various swap situations: Functional Tests
- Modular Protocol Design: All protocol components have been modularized for flexibility, extensibility, and easier integration into other Bitcoin applications
- Command-Line Applications: Coinswap introduces three key command-line apps:
makerd
: Run as a swap service provider and earn feesmaker-cli
: Manage your maker server via a command-line interfacetaker
: Act as a client and perform swaps with multiple makers
- Complete Protocol Specification:
- 00:59:20 Scure: Audited & minimal library for creating, signing & decoding Bitcoin transactions [Github]
- The library allows users to create, sign, and decode Bitcoin transactions, including support for classic and SegWit addresses.
- Scure provides functionality for Schnorr & Taproot BIP340/BIP341, and BIP174 PSBT, with minimal dependencies.
- 00:59:28 Bitcoin Is Data: A comprehensive Bitcoin metrics and visualizations platform launches two new sections related to UTXOs, Quantity of UTXOs and Balances of UTXOs, segmented by Bitcoin transaction types.
- Bitcoin Fee Indicator: A system tray application that fetches and displays current Bitcoin transaction fee rates [Github]
- It shows various fee rates, including fastest, half-hour, hourly, economy, and minimum, updating every 5 minutes.
- Kernel-Node: An experimental bitcoin node written in Rust using the libbitcoinkernel library [Github]
- Its primary function is to validate blocks but not to serve them to the network. The implementation highlights the limited initial API of the kernel library.
- 00:59:43 Qoinstr: A GUI tool for rust-joinstr [Github]
- Qoinstr is a work-in-progress graphical user interface designed to interact with the rust-joinstr library
- First Rshiny: An interactive visualization tool used to explore Bitcoinâs dollar-cost averaging performance
- 00:59:53 TollGate: A tool enabling WiFi routers to accept Bitcoin payments for internet access
- TollGate allows users with a router and internet connection to operate as internet service providers by accepting Bitcoin payments for access.
- Explore Mempool.space through two new lenses:
- Mempoo.space, a Bitcoin Poo Explorer showing ordinals as poo emojis
- Memepool.space, a Bitcoin Meme Explorer, showing memes in blocks
- BitcoinFax: Send faxes worldwide with bitcoin payments over the Lightning Network
Vulnerability Disclosures
- 01:01:27 Unique 0-click deanonymization attack targeting Cloudflare-backed apps, Signal and Discord users vulnerable [Disclosure]
- A researcher discovers a 0-click attack leveraging Cloudflare caching to locate users within a 250-mile radius. This method uses the cf-ray HTTP header to identify the closest datacenter based on cached resource requests.
- A tool called Cloudflare Teleport briefly exploited this before being patched
- 01:02:00 UEFI secure boot vulnerability allows malicious bootkit deployment [The Hacker News]
- ESET researchers discover CVE-2024-7344, a vulnerability enabling attackers to bypass UEFI Secure Boot, leading to potential deployment of malicious bootkits.
- The flaw exists in a UEFI application signed by Microsoftâs third-party UEFI certificate, affecting multiple real-time system recovery software suites.
- Exploitation allows execution of untrusted code during system boot, granting persistent access even on systems with Secure Boot enabled.
- 01:02:23 Google Ad directs users to malicious homebrew clone [Twitter post]
- A sponsored Google ad linked users to a fake Homebrew site with a cURL command distributing malware. The malicious siteâs URL differed by just one letter from the official Homebrew site.
- 01:03:01 Critical rsync vulnerability on Linux and Unix systems, affecting versions 3.2.7 to 3.4.0, necessitates urgent updates [Cyberciti]
- A heap-based buffer overflow vulnerability, identified as CVE-2024-12084, is found in the rsync daemon due to improper handling of attacker-controlled checksum lengths. This flaw allows an attacker to write out of bounds in the sum2 buffer.
- 01:03:31 January 2025 Patch Tuesday: 10 critical vulnerabilities and eight zero-days among 159 CVEs [Crowdstrike Blog post]
- Three zero-day vulnerabilities in Windows Hyper-V NT Kernel Integration VSP are actively exploited, allowing attackers to gain SYSTEM privileges
- Other zero-day vulnerabilities affect Microsoft Access, Windows App Package Installer, and Windows Themes, potentially leading to remote code execution or elevation of privileges.
- 01:03:48 Unsecured tunneling protocols expose 4.2 million hosts, including VPNs and routers [The Hacker News]
- Researchers identify security flaws in tunneling protocols, affecting 4.2 million hosts, including VPN servers and routers.
- Affected protocols lack authentication and encryption, allowing attackers to inject malicious traffic and perform denial-of-service attacks.
- 01:03:58 Appleâs CUPS printing system vulnerable to spoofing attacks [CyberInsider]
- Security researcher Simone Margaritelli discloses a critical vulnerability in Appleâs Common UNIX Printing System (CUPS), highlighting its failure to verify TLS certificates. This flaw permits attackers on the same network to impersonate IPP-over-HTTPS (IPPS) printers, enabling them to intercept, modify, or redirect print jobs, potentially exposing sensitive data and compromising systems.
- The vulnerability arises from CUPSâs integration with Appleâs Bonjour discovery service, which automatically trusts network printers without proper authentication.
- 01:04:11 Security researcher Thomas Roth demonstrates code execution on Appleâs ACE3 USB-C controller, enabling firmware extraction [Forbes]
- Apple acknowledges the attackâs complexity and does not perceive it as an immediate threat, opting not to address it currently.
- 01:05:32 Five dollars wrench attacks:
- A Canadian, volunteer moderator on a cryptocurrency forum, becomes the target of individuals who believe he possesses significant wealth in bitcoin [La Presse]
- Suspects, including two minors, allegedly plan to kidnap and torture him to extract his passwords, assuming he holds millions in cryptocurrency
- A 56-year-old man found tied up in car trunk after kidnapping in eastern France [France Bleu]
- The victim, kidnapped on December 31, 2024, was found tied up in the trunk of a car intercepted by police, 600 kilometers from his home.
- The kidnappers, armed and masked, reportedly demanded a ransom from the victimâs son, a cryptocurrency influencer based in Dubai, after holding the family hostage.
- Pakistani trader kidnapped, forced to transfer $340,000 in cryptocurrency, seven arrested [Decrypt]
- Seven individuals, including a Counter-Terrorism Department officer, were arrested for kidnapping crypto trader Mohammed Arsalan in December 2024. Arsalan was abducted and forced to transfer $340,000 from his Binance account. The criminals later released him after the ransom was paid.
- Turkish man tied up and robbed of nearly $300,000 in cryptocurrency by three individuals in Pattaya, Thailand [Bangkok Post]
- The assailants binded Erkolâs hands and ankles, leaving him to seek help from a condominium security guard
- Korean bitcoin trader rescued after abduction in Batangas, Philippines [Philstar]
- Taehwa Kim, a 40-year-old Korean bitcoin trader, is rescued in Batangas, after being kidnapped in Makati City.
- Kim meets a prospective buyer for his car at his condominium. During a test drive, three men force him into another vehicle, blindfold and tie his hands, and detain him for three days.
- Feds arrest a gang of 4 men accused of plotting to kidnap Miami jeweler for cryptocurrency [Local10]
- The group used a Telegram group chat to plan the kidnapping of a Miami jeweler and theft of $2 million in cryptocurrency. Unbeknownst to them, an informant in their group chat alerted the FBI, leading to their arrest.
- The suspects, armed with firearms, allegedly planned to kidnap the jeweler using a wired SUV provided by an undercover agent. The group intended to exchange watches for cryptocurrency as a ruse, then hold the victim for ransom.
- A Canadian, volunteer moderator on a cryptocurrency forum, becomes the target of individuals who believe he possesses significant wealth in bitcoin [La Presse]
Privacy & Other Related Bitcoin Projects
Software Releases & Project Updates
- 01:07:17 Tails v6.11
- Critical security fixes
- Prevent an attacker from installing malicious software permanently
- Prevent an attacker from monitoring online activity
- Prevent an attacker from changing the Persistent Storage settings
- New feature: Detection of partitioning errors
- Sometimes, the partitions on a Tails USB stick get corrupted. This creates errors with the Persistent Storage or during upgrades.
- Tails now warns about such partitioning errors earlier.
- Changes and updates
- Remove support for hardware wallets in Electrum. Trezor wallets stopped working in Debian 12 (Bookworm), and so in Tails 6.0 or later.
- Add a link to the Tor Connection assistant from the menu of the Tor status icon on the desktop.
- Critical security fixes
- 01:09:52 Module_17, M17 modem board for 9600-baud capable radios [Github]
- Reticulum MeshChat v1.19.0
- Add setting to enable and disable transport mode
- Add ability to cancel sending messages
- Add button to open an LXMF address when no conversations are open
- Add button to open a nomadnet url without having to click a random node first
- Telemetry requests from Sideband no longer show up as empty messages
- SideBand v1.3.0
- Increased performance by updating included RNS and LXMF to latest versions
- Add ability to cancel outgoing messages
- Add ability to render messages formatted with markdown
- Add ability to compose messages with markdown
- Add ability to query peer telemetry from the map by right-clicking on the peer
- Add auto-switching of message mode on attachment
- Add indication if receiver rejects message
- Add support for SX1280 bandwidth options to RNode configuration
- Add ability to launch RNode flasher directly from utilities
- NomadNet v0.5.7
- Add sync transfer rate to PN list display
- Update urwid API calls to handle deprecations
- Mullvad VPN v2024.4
- introduces split tunneling in version for macOS, allowing users to exclude specific apps from the VPN
- Limitations include the inability to exclude Safari and other WebKit-based apps, performance overhead due to additional tunneling, and availability restricted to macOS 13 and above
Project spotlight
- Peergos: A p2p, secure file storage, social network and application protocol [Github]
- Peergos is an open-source platform that can be self-hosted and enables secure, peer-to-peer file storage and sharing without central nodes.
- PrivacySpreadsheet: A privacy evaluation of messaging apps [Github]
- cjdns: An encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing [Github]
- cjdns leverages a distributed hash table for routing, which enables scalable, near-zero-configuration networking.
- Botan: An open-source cryptography library for C++ with extensive features including TLS, X.509, modern and post-quantum cryptography, plus TPM and RNG support [Github]
- It provides APIs in C++, C, and Python, alongside other language bindings, and includes a command-line interface.
- Sticktock: Share TikToks Safely. No Ads, No Spyware, No Phone App. [Github]
- StickTock is an open-source tool allowing users to watch TikTok videos privately, without ads or tracking. [Onion]
Lightning + L2+
Project spotlight
- Valet: A Bitcoin + Lightning wallet for Android [Github]
- Valet is a non-custodial Lightning wallet designed to offer stable purchasing power for users through hosted channels.
- Developed as a fork of the Simple Bitcoin Wallet, features include coin control, batching, and hardware wallet integration.
- Eggstr: A platform that enables users to deploy and manage Bitcoin and Lightning applications with their own domain
- It offers a variety of self-hosted apps, including LNBits, Alby Hub, Strfry (a Nostr relay), Nostr Address, and Blossom Server.
- Rizful: A service offering instant disposable Lightning nodes
- Rizful offers cloud-hosted, disposable Lightning nodes designed for fast, high-uptime performance, with instant inbound capacity.
- Zeus2Koinly: A script to convert Zeus Walletâs export format into Koinlyâs import format [Github]
- pWallet: A lightweight UI for Phoenix Server that can be set up and run entirely using Docker [Github]
- LNBeats: A value-for-value music streaming app, using the Lightning Network
Software Releases & Project Updates
- Rust Lightning v0.1 - âHuman Readable Version Numbersâ
- API Updates
- The
lightning-liquidity
crate has been moved into therust-lightning
git tree, enabling support for both sides of the LSPS channel open negotiation protocols - This release includes support for BIP 353 Human Readable Names resolution
- On-chain state resolution now more aggressively batches claims into single transactions, reducing on-chain fee costs when resolving multiple HTLCs for a single channel force-closure
- And many more
- The
- Performance Improvements
- LDK now verifies
channel_update
gossip messages without holding a lock, allowing additional parallelism during gossip sync - LDK now checks if it already has certain gossip messages before verifying the message signatures, reducing CPU usage during gossip sync after the first startup
- LDK now verifies
- Node Compatibility: LDK now handles fields in the experimental range of BOLT 12 messages
- Security: v0.1 fixes a funds-theft vulnerability when paying BOLT 12 offers as well as a funds-lockup denial-of-service issue for anchor channels.
- API Updates
- Alby
- Hub v1.13.0 - Eva Galperin
- In this release we add some cool new apps to the app store, an auto-unlock feature for self-hosted hubs, extra information about pending closed channels, and some security improvements for isolated apps and budgeting.
- Auto unlock for self-hosted hubs
- ZapPlanner custom app
- Add simple boost widget app
- Add Clams to Hubâs Store
- Include funding transaction in pending closing channel message
- Add balance details for pending channel closures
- In this release we add some cool new apps to the app store, an auto-unlock feature for self-hosted hubs, extra information about pending closed channels, and some security improvements for isolated apps and budgeting.
- JS SDK v3.9.0
- Add nip 44 and versioning support
- Hub v1.13.0 - Eva Galperin
- Mostro v0.13.0
- This version dramatically improves privacy for users with keys management implementation: a way clients rotate keys for every trade adding another privacy layer to gift wrap previous implementation.
- BitBanana v0.8.9
- Add Payment Path view (LND)
- Implement âEnable Offerâ command for Core Lightning >=24.11
- Allow offers without description (Core Lightning)
- Add description and payer note for paid bolt12 offers in transaction history
- Increase VPN start timeout to improve UX on slow internet connection
- Nutshell v0.16.4
- This release brings two new protocol spec updates to nutshell, NUT-19 and NUT-20. It also includes a new HTTP compression middleware.
- Add MPP methods key to info endpoint
- Add HTTP compression middleware
- NUT-19: Cached Requests and Responses
- NUT-20 (signatures on quotes) for mint and wallet side
- Add period at the end of the phrase
- Add NUT-19 example for caching responses
- This release brings two new protocol spec updates to nutshell, NUT-19 and NUT-20. It also includes a new HTTP compression middleware.
Nostr
Project spotlight
- Nstart: A straight-forward nostr onboarding wizard [Github]
- Nstart is a user-friendly onboarding tool for Nostr, offering key features like local backups and customizable contact suggestions.
- It incorporates a multi-signer bunker to protect Nsec keys, allowing for easy recovery and access even in case of failure or theft.
- Kanbanstr: A new nostr client for task management [Github]
- Users can log in via nsec, npub, or NIP-07, create boards with customizable columns, and organize tasks using cards.
- Current features include markdown support in cards, automatic mapping of cards to columns by status, and assigning tasks with âzapâ tags to facilitate payment. Pending updates include programmatic functionalities and enabling direct zaps for task payments.
- Noshtastic: A geo-specific virtual Nostr relay for Meshtastic [Github]
- Noshtastic operates as a decentralized Nostr relay independent of the internet, using Meshtastic devices for communication.
- It employs negentropy-based synchronization and region-specific geohash tagging to distribute messages locally without internet connectivity.
- Alexandria: A Nostr knowledge base and long-form article reader [Github]
- Alexandria is designed to display modular, long-form articles in a clean, distraction-free interface for focused reading.
- It supports Nostr events, allowing users to interact with organized content in a structured format.
- Nosotros: A nostr web client optimized for both mobile and desktop usability [Github]
- Built using TypeScript, it includes testing support and a progressive web app design for smooth functionality.
- Bostr: A nostr relay bouncer [Code repository]
- Bostr is a minimalist HTTP server built with Go, designed to serve static files efficiently. It also acts as a nostr relay aggregator proxy, consolidating data from multiple relays.
- Bostr2, is a bostr next generation project
- Tides: A Nostr messenger browser extension for Chrome & Brave [Github]
- Tides is a browser extension that provides secure, private messaging using the Nostr protocol. It supports real-time encryption, contact management, and media sharing.
- Users can log in via NIP-07 extension, Chrome storage, or manual key input
- CLN NWC: Nostr Wallet Connect plugin for CLN [Github]
- Users can configure or manually start the plugin, create connections with budgets, list active connections, and revoke them as needed.
- Payment requests are routed via Nostr relays.
- Emojito: A platform based on the nostr application framework ngine to create personalized emoji sets
- Nostr interactions: users can use personalized reactions, provided their client supports NIP-30
- Nostr Llama 3.1 8B: A model built on Nostr notes from around 7,000 users
- Fine-tuned using multiple datasets, including Evol-Instruct-Code and CodeFeedback-Filtered-Instruction.
- With 8.03B parameters, this model is based on Metaâs Llama 3.1
- Granary: A social web translator that fetches and converts data between platforms, formats, and protocols, including Nostr [Github]
- It supports social networks, HTML, and JSON with microformats2, ActivityStreams 1 and 2 (including ActivityPub), Atom, RSS, and JSON Feed. It works as a Python library and REST API, supporting read and write operations for data interoperability.
Software Releases & Project Updates
- Olas
- Notedeck Latest codebase changes
- Add
t
tags for hashtags - Use HashSet, lowercase, and add emoji tests
- Add test and format
- Adjust context menu/grip circle sizes
- Extract timing from AppSizeHandler to TimedSerializer
- Introduce ZoomHandler
- Add
- Amethyst
- v0.94.3
- Add iMeta tags to GIF urls to optimize GIF previews
- Maintain note reaction visibility when scrolling
- v0.94.1 - GIFs and Custom Emoji inputs
- Add a
:
command to link custom emojis on new posts and chats. Similar to the @ for user search, just start typing to find your custom emojis. - Create your GIF and rection libraries on emojito.meme
- Add a
- v0.94.0 - Encrypted Media on DMs
- Adds support for encrypted media uploads on NIP-17 DMs
- Integrates with Pokeyâs Broadcast receiver
- Shows NIP-22 replies in the replies tab of the user profile
- New upload screen for chats
- Add support for multiple media uploads at the same time.
- Add support to display PictureEvents with multiple images at the same time
- Add QR code private key export dialog
- Add new picture and video events to the user profile gallery
- Add basic support for RelationshipStatus to Quartz
- And much more
- v0.94.3
- YakiHonne
- Web
- v4.2.3
- Add support for uploading multiple images or videos in notes, comments, and messages
- Refine the search mechanism for better accuracy and performance
- v4.2.2
- Add language support for Spanish, Portuguese, Thai, Japanese, and Italian
- Enable support for processing invoice payments in notes
- v4.2.2
- Mobile v1.6.1
- Add language support for Spanish, Portuguese, Thai, Japanese, and Italian
- Add ability to multi-select and upload media
- Introduce enhanced video player
- Add media through your camera into notes
- Enable support for processing invoice payments in notes
- Web
- v4.2.3
- Add support for uploading multiple images or videos in notes, comments, and messages
- Refine the search mechanism for better accuracy and performance
- Flotilla
- v0.2.3
- Add NIP 56 reports for messages and threads
- Add ToS and privacy policy
- Add avatar fallback icons
- Add mark as read to chats
- Add send button to chat compose
- Accommodate onion URLs
- Improve loading and notifications
- v0.2.1
- Improve performance, as well as scrolling and loading
- Improve NIP 29 compatibility
- Refine notifications
- Add join space CTA
- v0.2.3
- Njump.me Latest codebase changes
- Add support for kind:20 photos
- 0xChat App
- v1.4.6
- Add reactions and mention notification button to chats
- Long press the âLikeâ button on moments to select an emoji
- v1.4.5
- Add support for NIP46 login
- Adapt UI for tablet devices
- Introduce connection ping status
- Implement search functionality for Moments
- Set default relays for first login
- Add default reaction emojis
- v1.4.6
- Citrine v0.7.0
- Update quartz dependency
- Check if events are deleted
- Recover service after crash
- Add back button in the events screen
- nos.social v1.1
- Nos now publishes the hashtags it finds in your note when you post
- Update the default relays that are added when you create an account
- Add feed picker view (UI only)
- Add feed source customizer drop-down view
- Make feed source selector work
- Add empty state for lists/relays drop-down
- Add support for decrypting private tags in kind 30000 lists
- Add pop-up tip for feed customization
- Add remembering which feed source is selected
- Nostur v1.17.0
- Sync already seen/read across multiple devices
- New đ-feed
- Support new Olas/picture format (viewing)
- Support Frost/multi-sig login
- Support for .heic image format in posts
- Show extra autopilot relays used on Post Preview (default off)
- Login with nip05 (read-only)
- Undelete button for deleted posts
- Nostrmo v2.9.5
- Add Pc tray support
- Add Pc notice support
- Add support for some linux packages
- Relay dtail page can jump to jumble.social
- User can config their Client tag
- Add note tail support
- Nostrss v1.1.0
- Optional cache: A default size can still be set with env values, however if no env value is provided and no cache size is defined for a feed, no limit will be set.
- Dependencies updates: Note that this new version uses a version on tokio-cron-scheduler which changes the scheduler pattern to be used.
- Zapstore
- Voyage v0.17.2
- Force nip22 usage when reply has 6 or less characters
- Use v2 replies by default for new installs
- Donât set grandparent p-tags
- Strfry v1.0.4
- New config: maxReqFilterSize. This allows REQs with many more filters
- Default
maxReqFilterSize
was increased to 200 - Reduce log spam by not dumping full invalid events
- In sync and stream commands, provide the connected URL to write policy plugins
- Nostrss v1.1.0
- Dependencies updates: Note that this new version uses a version on tokio-cron-scheduler which changes the scheduler pattern to be used.
- Optional cache: The feed cache is now optional. A default size can still be set with env values, however if no env value is provided and no cache size is defined for a feed, no limit will be set.
- Amber
- Algo Relay v0.1.3
- Uselessly preallocate some slices
- Dev refresh feeds
- Saving the Social Graph
- Purge Data Functionality
- Wot Relay v0.1.16
- Ignore follow list for people who follow spammers
- Feeder v2.8.0
- Add native Nostr NIP-23 feed support
Boosts
- 01:12:29 Thanks to everyone who streamed sats, and shoutout to our top boosters:
- [đ TOP BOOSTER] @Anonymous (3,333 sats) âI donât know who this Rob guy is but congrats to him on the launch of his new fishing company!â
- @manbyt (2,100 sats) âItm!â
- @agichoote (1,000 sats) âI see the new ep out and I donât even need to see what else is out thereâ
- @btconboard (300 sats) âThe people using miniscript are people too despite their extra extra autism, NVKâ
Tech Tip of the Day
- ITOA: A web-based tool that converts images into ASCII art, with support for both monochrome and color output [Github]
Bitcoin Optech Newsletter
- Highlights from recent Bitcoin Optech Newsletters
- 337
- Continued discussion about rewarding pool miners with tradeable ecash shares
- Offchain DLCs: developer conduition posted to the DLC-dev mailing list about a contract protocol that allows an offchain spend of the funding transaction signed by both parties to create multiple DLCs
- 336
- Investigating mining pool behavior before fixing a Bitcoin Core bug: Abubakar Sadiq Ismail posted to Delving Bitcoin about a bug discovered in 2021 by Antoine Riard that results in nodes reserving 2,000 vbytes in block templates for coinbase transactions rather than the intended 1,000 vbytes
- Contract-level relative timelocks: Gregory Sanders posted to Delving Bitcoin about finding a solution for a complication he discovered about a year ago (see Newsletter #284) when creating a proof-of-concept implementation of LN-Symmetry
- Multiparty LN-Symmetry variant with penalties for limiting published updates: Daniel Roberts posted to Delving Bitcoin about preventing a malicious channel counterparty from being able to delay channel settlement by deliberately broadcasting old states at a higher feerate than an honest counterparty is paying for confirmation of the final state
- 335
- News:
- Deanonymization attacks against centralized coinjoin: Yuval Kogman posted to the Bitcoin-Dev mailing list details about several privacy-reducing vulnerabilities in the centralized coinjoin protocols used by current versions of the Wasabi and Ginger wallets, plus past versions of the Samourai, Sparrow, and Trezor Suite software wallets
- Updated ChillDKG draft: Tim Ruffing and Jonas Nick posted to the Bitcoin-Dev mailing list a link to the current draft BIP for ChillDKG, which describes a distributed key generation protocol compatible with FROST scriptless threshold signatures for Bitcoin
- Changing consensus:
- CTV enhancement opcodes
- Adjusting difficulty beyond 256 bits
- Transitory soft forks for cleanup soft forks
- Quantum computer upgrade path
- Consensus cleanup timewarp grace period
- News:
- 337
News & Noteworthy
Bitcoin
- Clavis: A new hardware wallet by Xellox Wallet
- Clavis is designed for online and offline bitcoin storage. It features a capacitive fingerprint sensor, passcode protection, and is IP68 rated.
- Judge dismisses manâs bid to recover 8,000 bitcoin from landfill [Ars Technica]
- James Howellsâ 11-year effort to retrieve a hard drive containing the private keys valued at approximately $765 million, ends as High Court Judge Keyser KC rules against him.
- The judge cites environmental concerns and legal ownership, stating that excavating the landfill could release harmful substances.
Lightning
- Zeus increases its LSP maximum channel lease duration from 6 to 12 months [Announcement]
Business & Finance
- Block Inc fined $80 million for inadequate anti-money laundering controls in Cash App [Reuters]
- BitMEX is fined an additional $100 million for Bank Secrecy Act violations between 2015 and 2020 [DOJ Press release]
- Prosecutors sought a $417 million fine, arguing BitMEX hadnât fully accepted responsibility, noting the company earned approximately $1.3 billion while ignoring U.S. regulations over five years.
- Coinbase launches Onchain Reputation API and Bitcoin-backed loans
- Coinbase introduces a public beta of the Onchain Reputation API, offering a reputation score for wallet addresses, ENS, and Basename IDs, ranging from -100 to +1000.
- The company also announced Bitcoin-backed loans using its Base protocol, clarifying that the loans arenât backed by Bitcoin nor based on its blockchain.
- Unchained now supports passkey support for enhanced account security [Blog post]
- River introduces ForceField, an extra layer of protection to secure Bitcoin against theft and scams [Announcement]
- It features a 5-day delay on withdrawals, offering users time to respond to unauthorized access attempts.
- Tether has filed a lawsuit against Swan Bitcoin in the High Court of England and Wales, alleging major violations of their commercial agreements related to their 2022 Bitcoin mining joint venture, 2040 Energy [Blockspace]
- In September 2024, Swan sued former employees, accusing them of stealing proprietary information to establish Proton Management, which now oversees Bitcoin mining assets with Tether.
- Bitcoin miner MARA deploys 16% of its BTC holdings (7,377 BTC, worth about $730 million) in short-term loans to third parties, aiming to generate a âmodest single-digit yieldâ from these loans [The Miner Mag]
- MARA surpassed its December hash rate target of 50 EH/s and increased its total BTC holdings to 44,893 BTC, including the loans.
- Canaan launches Avalon Mini 3 (37.5 TH/s) and Nano 3S (6 TH/s) Bitcoin miners, respectively $899 and $249 [Blog post]
- The Avalon Mini 3 doubles as a home heater, offering a sustainable, multi-purpose solution for home mining.
Tradfi
- BlackRock introduces the iShares Bitcoin ETF in Canada, trading under the ticker IBIT [Business Wire]
Education
- Applications for the Sovereign Engineering Cohort 4 (SEC-04) are now open [Registration]
- SEC-04, titled âBuilding it Rightâ, will take place from March 3 to April 11, 2025.
- The Bitcoin Students Network launches its Layer Zero program to empower students worldwide in building Bitcoinâs social layer and community [Forbes]
- The program offers hands-on experience by connecting students with Bitcoin entrepreneurs.
Funding
- OpenSats grants additional funding to three dedicated Bitcoin Core contributors: @L0rinc, @kevkevinpal, and @danielabrozzoni
- BDK announces the pseudonymous John Galt as its newest grantee:
- John will lead the efforts in partnerships, membership program and onboarding new members.
- Vinteum awards its fourth grant to plebhash for contributions to Stratum V2 and decentralized Bitcoin mining
- Finney Freedom Prize honors (blocks 210,000-420,000) Bitcoin pioneers Pieter Wuille and Gregory Maxwell for their contributions to Bitcoin usability, scalability, and privacy. [Announcement]
- The BTC Pay Server Foundation receives a $25,000 grant in bitcoin from Unbank, a cash focused Bitcoin exchange [Bitcoin Magazine]
- Alpen Labs announces raising $8.5M in a strategic round to support the development of Strata, a Bitcoin ZK rollup aimed at improving the Bitcoin ecosystem with self-custody, privacy, and interoperability.
- Fold Inc. secures $30 million convertible note financing with ATW Partners backed by its bitcoin assets [FFNews]
- JAN3 raises $5 million in a seed funding round for AQUA Wallet development [Blog post]
Mining
- Fifteen transactions involving OFAC-sanctioned addresses were missing from blocks, prompting investigation into mining pool behavior [b10c Blog post]
- F2Pool may be filtering sanctioned transactions, though other factors like transaction propagation or job publication may be responsible for some exclusions.
- Hashrate Index publishes a list ranking the top bitcoin mining countries of 2025 [Blog post]
Privacy
- Telegram provided U.S. authorities with data on 2,253 users in 2024, a significant increase in requests fulfilled [404 Media]
- Between January and September, Telegram fulfilled 14 requests involving 108 users; the number surged in the final quarter.
- Following Telegram CEO Pavel Durovâs arrest, the company updated its privacy policy to share user data with law enforcement when legally required.
- GeoSpy, developed by Graylark Technologies, can pinpoint photo locations based on visual clues like soil, vegetation, and spatial relationships. [404 Media]
- Initially available to the public, GeoSpy has now restricted access, offering its tool to law enforcement and government agencies.
- Experts warn that the widespread use of GeoSpy could pose privacy risks, as it enables mass geolocation without traditional metadata.
- The UN General Assembly adopts the United Nations Convention against Cybercrime, aimed at strengthening global cooperation to combat cybercrime and protect societies [UN News]
- Critics, including human rights activists and tech companies, raised concerns over potential misuse by authoritarian governments
- Apple agrees to a $95 million settlement following allegations that Siri recorded users without consent [CyberInsider]
- Despite denying wrongdoing, Apple commits to deleting certain pre-October 2019 audio recordings and clarifying data collection practices
Cybercrime
- Gang exploited Bitcoin glitch for ÂŁ20m fraud, authorities recover full compensation [UK News]
- An international crime gang exploited a flaw in an Australian cryptocurrency exchange in 2017, stealing over ÂŁ20m.
- The victim was compensated in full due to the rise in Bitcoinâs value, with excess funds distributed to authorities.
Protocol
- Bitcoin Core #28121: Include verbose âreject-detailsâ field in testmempoolaccept response [Merged]
- BDK #1592: Introduce Architectural Decision Records (ADRs) to document major changes by detailing the problem, decision drivers, considered alternatives, advantages and disadvantages, and the final decision. [Merged]
- BDK #1670: Introduce O(n) canonicalization algorithm: This PR introduces an
O(n)
algorithm to determine the canonical set of transactions inTxGraph
[Merged] - LDK #3435: Authenticate blinded payment paths: introduces an authentication field to the blinded path payment context message, allowing the payer to include a Hash-based Message Authentication Code (HMAC) and a nonce [Merged]
- LDK #3340: Batch on-chain claims more aggressively per channel: introduces batching of on-chain claim transactions with pinnable outputs, reducing block space usage and fees in force-closure scenarios [Merged]
- Eclair #2936: Delay considering a channel closed when seeing an on-chain spend: introduces a 12 block delay [Merged]
- Rust Bitcoin #3792: Add BIP324 V2 p2p network message support [Merged]
- NIP #1695: NIP-60: clarify privkey is optional [Open]
- NIP #1706: Introduce support for signing and encryption/decryption on hardware based Nostr Signing Devices over BLE [Open]
- NIP #1696: nostr over reticulum: allows nostr clients/relays to communicate over Reticulum networks [Draft]
- NIP #1674: Adds Open Graph âiMetaâ tags: for clients to preview URLs without having to ping them [Open]
- NIP #1681: NIP-88: DLC oracle announcement/attestation event kinds [Open]
Government & Political
- At the World Economic Forum (WEF) Annual Meeting 2025, Spanish Prime Minister Pedro SĂĄnchez calls for âan end to anonymity on social mediaâ and for forcing âall these platforms to link every user account to an European Digital Identity Wallet.â [Reclaim The Net ]
- U.S. court overturns sanctions on Tornado Cash mixer [The Block]
- A U.S. District Court in the Western District of Texas orders the Office of Foreign Assets Control (OFAC) to remove Tornado Cash-related addresses from its Specially Designated Nationals and Blocked Persons (SDN) list.
- The court rules that Tornado Cashâs immutable smart contracts are not âpropertyâ under the International Emergency Economic Powers Act (IEEPA), as they cannot be owned or controlled.
- Despite the sanctions reversal, the U.S. Department of Justice states that this decision does not affect ongoing criminal proceedings against Tornado Cash developers, including Roman Storm.
- Operators of Blender and Sinbad custodial bitcoin mixers arrested and charged with money laundering, facing over 25 years in prison if convicted [DOJ Press release]
- The U.S. Department of Justice indicts three Russian nationals for operating unlicensed crypto mixers Blender.io and Sinbad.io
- Blender.io operated from approximately 2018 to 2022, advertising a âNo Logs Policyâ and requiring no user registration.
- Donald and Melania Trump launch the $TRUMP and $MELANIA meme coins ahead of inauguration [Coin Telegraph]
- Both tokens are built on the Solana blockchain. For $TRUMP coin, an initial supply of 200 million coins is set, with plans to expand to 1 billion over three years.
- The tokenâs website states that $TRUMP is ânot intended to be, or the subject ofâ an investment opportunity or any type of security, and is ânot political and has nothing to do withâ Trumpâs campaign, office, or government agency.
- Trump-backed World Liberty Financial token extends sale [Coin Telegraph]
- World Liberty Financial extended its token sale after raising $300 million, selling 20% of 100 billion WLFI tokens at 1.5 cents each. The extension added 5 billion tokens at 5 cents, aimed at raising an additional $250 million.
- A tweet from WLFI announced significant strategic purchases âto commemorate the inauguration of Donald J. Trump as the 47th President of the United States,â including $47 million in ETH and wBTC, alongside smaller investments in cryptocurrencies.
- The U.S. Department of Justice received court approval to liquidate 69,370 bitcoin following a four-year legal battle [Decrypt]
- U.S. government recommends returning the 94,000 stolen bitcoin from 2016 Bitfinex hack to exchange as in-kind restitution [The Block]
- This recommendation aligns with prior court filings where both defendants and Bitfinexâs parent company, iFinex, acknowledged the exchange as the sole victim of the 2016 hack.
- U.S Internal Revenue Service (IRS) postpones bitcoin cost-basis reporting rules to 2026 [The Block]
- The IRS delays new bitcoin tax reporting rules until January 1, 2026, granting brokers additional time to adapt to cost-basis regulations for centralized platforms.
- Coin Center Fellow Michael Lewellen is suing the DOJ for criminalizing the creation of non-custodial software, like his Pharos protocol [Coin Center Blog post]
- The DOJ argues that developers who enable money movement, like those behind Tornado Cash, must register as money transmitters, a position Lewellen contests as unconstitutional and anti-innovation.
- Texas court orders Coinbase user to surrender access to his $124 million bitcoin holdings [Bloomberg]
- Frank Ahlgren, was sentenced to two years for underreporting profits from $3.7 million in bitcoin sales.
- Ahlgren must surrender access to his bitcoin holdings including private keys and passphrases, to settle a $1 million restitution, and disclose the location of 1,287 bitcoins moved via a mixing service in 2020.
- A U.S federal appeals court overturned the FCCâs net neutrality rules, limiting its authority to regulate wireless and broadband services, citing the Loper Bright case. [Reuters]
- The ruling prevents ISPs from throttling or blocking content, but allows state-level neutrality rules to remain in effect.
- Burmaâs military junta is tightening control over online spaces through a new cybersecurity law targeting digital platform providers [AP News]
- The law mandates providers to store user data for three years and share it with the state on request, penalizing non-compliance.
- VPN use is criminalized, with violators facing up to six months in prison and fines.
- Iranâs central bank abruptly blocks payment gateways to cryptocurrency exchanges amid currency crisis [Twitter post]
- This action follows previous measures, including freezing bank accounts of cryptocurrency exchanges and suspending payment processing services in November, due to concerns over speculation in the Tether market and money laundering risks.
- Thai police seize 996 bitcoin mining devices [Bangkok Post]
- Authorities raided JIT Co in Chon Buri, seizing 996 bitcoin miners, which were being run using modified power meters, stealing electricity.
- Kazakhstan shut down 36 unauthorized crypto exchanges in 2024, seizing assets worth $112 million [Coin Telegraph]
- Authorities are working on a digital currency, the digital tenge, and are collaborating with Visa and Mastercard to integrate it into global payment systems.
Events
- Bitcoin Educators Unconference: Mi Primer Bitcoin fourth conference for educators, meetup organizers and community leaders
- April 10, 2025 in Nashville, U.S
- Bitcoin Is For Everyone: An immersive full-day Bitcoin Experience in Portland, OR
- August 1st, 2025 in Portland, U.S
Reads
- Hereâs a list of our top recently published reads:
- Privacy matters because it empowers us all, by Carissa VĂ©liz [Essay]
- A Spark of Defiance: A guide to Solo mining with a Bitaxe to a RasPi full node & a self-hosted Public Pool stratum server, by econoalchemist [The 256 Foundation]
- How to run an economic node, by Scoresby [Guide]
- Quantum Leap? Disentangling fact from fiction in bitcoin and quantum computing, by John [Ten31 Blog post]
- Nostr is the worldâs biggest bitcoin circular economy, by Frank Corva [Bitcoin Magazine]
- A Day in the Life of a Prolific Voice Phishing Crew, by Krebs On Security [Blog post]
- Buckets of blind signatures, by Cashu [Blog post]
Episode submission ideas
- Weâre looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.
Get in touch with the pod
- Podcast Twitter
- Podcast Nostr
- NVK Twitter
- Telegram
- Nostr & LN âĄnvk@nvk.org (not an email!)
Did I get anything wrong above? Help me correct it producer@coinkite.com