I’m joined by guests Rob Hamilton & Future Paul to go through the list.

Listen on your favorite podcast app:

Housekeeping

  • Nostr DVM Playground: Test out Nostr Data Vending Machines from DataMachine
    • Choose between Text Summarization, Text Generation, People Discovery, and People Search.
  • Bitcoin Security Guide updated
  • Looking for more beta testers for Cove, iOS Beta on TestFlight
  • COLDCARD Key Teleport
    • Purpose: Send a small quantity of very secret data between two COLDCARD Q systems, with no risk of anything in the middle learning the secret.
    • Method: ECDH and AES-256-CTR plus an extra wrapping layer, transmitted over a mixture of NFC, passive websites, and QR/BBQr codes.

Urgent Vulnerability Disclosures

  • “Designated seed phrase”: A new email phishing campaign is out, targets Coinbase users [Twitter post]

Bitcoin

Software Releases & Project Updates

  • Bitcoin Core v29.0rc2 - Bitcoin Core 29.0 release candidate 2
    • Bitcoin Core 29.0rc2 is a release candidate for the next major version [Testing Guide]
  • Fulcrum v1.12.0
    • Add support for UPnP
    • Add support for bitcoind’s ZMQ pubhashtx message
    • Improve Fulcrum’s mempool model efficiency by adding parent/child links for txns
    • Add support for Unix domain sockets in ZeroMQ notifications
    • Fix a rare and esoteric bug where Fulcrum would announce its TCP/SSL/WS/WSS port(s) to peers even if it was actually listening on a loopback interface for those ports
  • Blue Wallet v7.1.5
    • Add market android widget
    • Allow app to run in Vision Pro
    • Allow quick tap to copy address- Bitcoin Keeper
    • Mobile v2.1.0
      • Add Emergency Key to vaults for recovery in emergency situations
      • Update the Server Key with Spending limits and security delays
      • Send batch transactions to multiple recipients at the same time
      • Purchase hardware wallets with discounts
      • Single Key support for Portal
      • Improve wallet migration flow on key changes
      • Significant improvements to wallets syncing
      • Multiple UI updates and performance improvements
    • Desktop v0.2.1
      • Support subscription purchases using Bitcoin, powered by BTCPay Server.
  • Bitcoin Safe
    • v1.2.1
      • You can now assign names to participants in Sync&Chat
    • v1.2.0
      • Improve QR scanning performance in Linux, Mac, Windows
      • Enhance PSBT signing UI
      • Add message signing via USB and QR (Coldcard Q rocks)
      • Add Thai language support
      • Add Linux Gnome dark-mode

Interlude: OMEMO

Bitcoin (Cont.)

Software Releases & Project Updates

  • Bitcoin Knots v28.1.knots20250305
    • P2P and Network Changes
      • Add support for Testnet4
      • UNIX domain sockets can now be used for proxy connections
      • Transactions having a feerate that is too low will be opportunistically paired with their child transactions and submitted as a package
    • Mempool Policy Changes
      • Topologically Restricted Until Confirmation (TRUC) parents are now allowed to be below the minimum relay feerate
      • Pay To Anchor (P2A) is a new standard witness output type for spending
      • Limited package RBF is now enabled, where the proposed conflicting package
    • GUI Changes
      • Add basic block visualizer to the Window menu
    • Signed Messages
      • Verifying BIP 137, BIP 322, and Electrum signed messages is now supported.
      • When signing messages for a Segwit or Taproot address, a BIP 322 signature will be produced
  • BoltzExchange
    • boltz-backend v3.10.0 - Rescue mission
      • Support for rescue files that allow swaps to be refunded with only the refund keys
      • Nested fee premiums to allow referrals to add extra fees
      • Discount CT on Liquid mainnet
    • boltz-web-app v1.7.0
      • Swap recovery rescan
      • Download rescue key in settings
      • Adjust network fee when RIF is needed
      • Defer swap creation after backup is done
  • Blockstream Green QT v2.0.22
    • Add option to request an email containing the user’s nLockTime transactions
  • FullyNoded v0.1.0-beta
    • This update removes all functionality related to Lightning and Bitcoin Knots by commenting out the related code
    • The focus for the first proper release is going to be on Bitcoin Core and Join Market only
  • BullBitcoin Mobile
    • v0.4.2
      • Using public/price endpoints for Bitcoin Price
    • v0.4.1
      • DiscountCT for liquid transactions
  • RoboSats v0.7.5-alpha
    • For Users
      • When Javascript is disabled a box appears to help the user to enable it
      • Users will now be advised when they select a coordinator not offering swamps in order creation
    • For Coordinators
      • Now orders stay public even if there is a non-confirmed Taker, allowing multiple robots to try to take the order
  • Bisq 2 v2.1.7
    • New features
      • Official Bisq mediators and moderators can now be identified by the badge next to their nickname
      • Add a splitpane to calibrate sizes between offerbook chat and offer list
    • Improvements
      • The Bisq Easy protocol has been enhanced to protect against triangular scams. Now, when the buyer does the Fiat transfer, trade ID must be set as “Reason for payment”.
      • Splash screen now shows the loading progress for each required step: Starting Tor, publishing onion service, connection to P2P network and, finally, data inventory request.
    • Improve Trade process, Message delivery, and Mediation (more details in release notes)
  • Zaprite v2025-03-17
    • Global Tags: Add a Tags feature that allows merchants to add tags and categorize incoming Transactions for reporting
    • Invoices: Add a Total column to the Invoices table, which shows the calculated total amount due after discounts taxes
    • Recurring Invoices: Add a Biannual option to Recurring Invoice schedule options
    • API Orders: Add a new expiresAt field to the POST /order endpoint
    • API Orders: Add a new metadata field to the POST /order endpoint
  • Bitcoin Jungle App v1.3.6
    • Includes the ability to add a backup recovery email to your account in case you lose access to your phone number
    • Adds beta support for Bolt Cards- a protocol enabling you to link a contactless card to your wallet that lets you pay without your phone
  • SRI v1.3.0
    • This release migrates the old CI system based on Message Generator into the new SRI Integration Tests Framework.
    • Main changes (amongst many):
      • New integration test framework and tests
      • Enhanced APIs for role development
      • Core low-level crates now support no_std
  • Stratum.work Update
    • New visual on stratum.work displays precise timing data for block template reception from pools, making it easier to spot similarities between pools
  • Braiins OS
    • v25.03
      • Toolbox now supports DPS Boost–introduced in the Braiins OS 25.01 update.
      • Users can now detect Avalon miners, both via CLI and GUI. Additionally, you can perform actions such as pause, resume, reboot, and change pool config for these miners. Please note that this feature is available in beta testing.
      • CSV exports have been enhanced. The export functionality now allows for filtering, sorting, column visibility, and the order set in the GUI’s device list.
      • Extended Pool Username Variables now include , which represents the miner’s IP address with an “x” separator, instead of a dot.
    • v25.01
      • Full support for Antminer S21 Imm. and Antminer S21 XP Imm. with AML control board now available
      • Logs are now persistent across all control boards
      • DPS now has two modes—Normal and Boost. DPS Boost has been recently added
      • Customizable MIN/MAX fan speed ranges can now be set in the GUI and API
      • Fans on Braiins Mini Miners will now run quieter
  • Coinselect
    • v1.3.1
      • Prevent crash in dustThreshold for addr() descriptors lacking miniscript
    • v1.3.0
      • Add support for single-key tr(KEY) and addr(TAPROOT_ADDRESS) descriptors

Project spotlight

  • Grid: An interactive tool designed to analyze and visualize Bitcoin mining data
    • Users can customize metrics and miner groupings to explore various aspects of mining pools and their activities. ​
    • For example, the tool allows analysis of specific miner groups such as “AntPool & friends,” which includes AntPool, BTC.com, Binance Pool, WhitePool, and SECPOOL.
  • CTV Playground: A native Android implementation and demonstration of Bitcoin’s proposed OP_CHECKTEMPLATEVERIFY (CTV) soft fork, including a CTV Vault implementation. [Github]
  • Bitcoin PSBTv2 Explorer: A quick and dirty PSBTv2 parser and converter [Github]
    • This tool aims to provide an updated version of the tremendously useful bip174.org compatible with modern PSBT features.
  • Fuzzamotto: Holistic Fuzzing for Bitcoin Protocol Implementations [Github]
    • Fuzzamoto framework enables coverage-guided fuzzing of Bitcoin full nodes through external interfaces like P2P and RPC, functioning as “Functional Fuzz Tests” rather than using in-process testing methods.
    • The system uses snapshot fuzzing with afl++’s Nyx mode for deterministic and performant testing of multiple node instances simultaneously, with future integration possibilities for other snapshot fuzzing tools.
  • Bitcoin Humanitarian Alliance: A global initiative leveraging Bitcoin to support freedom, financial inclusion, and humanitarian causes
    • The alliance aims to unite activists and humanitarian groups worldwide who use Bitcoin, educate nonprofits on integrating Bitcoin into their work, and host events to share strategies for financial freedom.
  • BetterStrike: Strike Tor Web Wallet [Gitlab]
    • Strike Wallet functions as a web-based Bitcoin wallet interface that uses Strike API and Tor technology to enable both Lightning and on-chain transactions.
  • Coinbase MPC: Coinbase open sources its MPC cryptography library [Announcement]
    • The library provides cryptographic protocols using secure multiparty computation, and is derived from Coinbase’s internal system but modified for general-purpose public use.
    • The library includes practical examples like HD-MPC, threshold EC-DKG for ECDSA-MPC, and ECDSA-MPC with threshold backup implementations.
  • Branta Core: A multi-platform app you to guard your clipboard on Mac, Linux and Windows [Docs]
  • Branta Guardrail: A tool to verify invoices and checkouts before sending Bitcoin or Lightning [Docs]
  • Satoshi Forex: A straightforward forex page listing the sat value of each unit of currency.
    • The website compares Bitcoin’s value to the world’s top 30 currencies in real-time, using data from CoinGecko and the IMF World Economic Outlook database (2024).
  • Antidote: London’s first Bitcoin startup incubator hub
    • Antidote is a startup studio and collaborative workspace for entrepreneurs, developers, investors, hackers and anybody building on or around bitcoin.
  • Satsify: A Chrome extension that converts Amazon product prices from USD to satoshis [Github]

Privacy & Other Related Bitcoin Projects

Software Releases & Project Updates

  • Sideband v1.5.0
    • Added the ability to make and receive LXST voice calls
    • Add basic voice call UI
    • Add option to configure audio devices for LXST voice calls
    • Add option to block non-trusted callers
    • Add support for sharing any file type as attachment on Android
    • Add link stats to object details
    • Add a BME280 telemetry plugin example
    • Add button on Android to quickly go to full RNS interface status
    • Improve map initialisation time
  • Reticulum MeshChat v1.21.0
    • Migrated to using micron-parser from NPM
  • Mullvad VPN
    • Release of DAITA v2 for all platforms [Blog post]
      • DAITA version 2 introduces reduced traffic overhead by more carefully inserting dummy packets, cutting their number by half while maintaining defense levels and improving connection speed.
      • The new dynamic configurations feature randomly assigns different rules to VPN connections, making two clients visiting the same webpage produce different data streams and helping resist targeted attacks.
    • Multihop feature now available on Android [Blog post]
      • Users can now route traffic through two servers instead of one in the Android app version 2025.1 and newer, allowing the selection of entry and exit servers in different jurisdictions
  • NymVPN officially launches its privacy solution built on a Noise Generating Mixnet technology [Press release]
    • The system uses zero-knowledge proofs to prevent linking payment information to online activity, with no logging by design and censorship resistance features.

Vulnerability Disclosures

  • Ledger Donjon conducts a security analysis of Trezor’s hardware wallets and reveals Trezor Safe 3 is susceptible to physical supply chain attacks [Security Audit]
    • Trezor Safe 3 and Safe 5 products incorporate Secure Elements (Infineon Optiga Trust M) that safeguard user PINs and secrets.
    • Donjon details the remaining security considerations:
      • Critical cryptographic operations still occur on the microcontroller, not the Secure Element, creating potential vulnerabilities if an attacker modifies the microcontroller’s firmware.
      • Ledger Donjon demonstrated they could bypass firmware verification measures to run modified code that could “lead to the remote recovery of all the user’s funds.”
      • The newer Trezor Safe 5 uses an STM32U5 microcontroller that offers improved security against fault injection attacks compared to the TRZ32F429 used in Safe 3.
  • nRootTag: Turning a Bluetooth device into an Apple AirTag without root privileges [Research paper]
    • Researchers discover “nRootTag” vulnerability allowing attackers to convert any Bluetooth device into an AirTag-like tracker without root privileges.
    • Attack exploits address confusion in Apple’s Find My network, using over 1.5 billion iPhones as unwitting tracking agents.
    • Attack requires malicious app installation, Bluetooth capability, and proximity to Apple devices participating in Find My network.
    • Apple released patches in December 2024 (iOS 18.2 and other system updates) to address this vulnerability.
  • Eavesdropping on black-box mobile devices via audio amplifier’s EMR [Research Paper]
    • Periscope is a proof-of-concept system demonstrating how electromagnetic radiations (EMR) from mobile devices’ audio amplifiers can be exploited to recover audio sounds.
    • Headphones connected to devices act as antennas that enhance EMR signals, making them measurable at distances up to 15m with a miniaturized prototype similar in size to hidden voice recorders.
    • The attack successfully recovers private audio with a word error rate as low as 7.44% across 11 mobile devices and 6 headphones, producing results intelligible to both human hearing and speech-to-text tools.
  • Microsoft discovers StilachiRAT, a sophisticated trojan targeting credentials and crypto wallet information [The Hacker News]
    • The malware targets at least 20 cryptocurrency wallet extensions in Chrome, including MetaMask and Coinbase Wallet, and can execute 10 different commands from its command-and-control server. [Microsoft Analysis]
  • Android apps are covertly tracking users through Bluetooth and WiFi [Cyber Insider]
    • Study reveals 86% of analyzed apps gather sensitive data, including device identifiers and WiFi scan results, often bypassing Android’s privacy controls.
  • Next.js discloses critical authentication bypass vulnerability (CVE-2025-29927) with CVSSv3 score of 9.1 in middleware layer, exploitable through an extra HTTP header [runZero Blog post]
    • Remote attackers can bypass security checks including authentication mechanisms by exploiting this vulnerability.
  • Clevo boot guard keys leak threatens system security [Security Express]
    • Binarly confirms discovery of leaked private Boot Guard keys in Clevo firmware packages. The keys were found in a publicly available BIOS update containing BootGuardKey.exe with private keys that could be used to bypass security measures.
    • Investigation identifies 15 affected firmware packages across 10 unique Clevo-manufactured devices, including several Gigabyte laptop models. The compromised keys remain in use on “actively supported products, thereby elevating the severity of the threat.”
  • Five dollars wrench attacks:
    • 41-year-old man assaulted and robbed of HK$318,000 in cash in Hong Kong after completing a cryptocurrency trade [The Standard]
      • The victim received the cash from a cryptocurrency trade and was heading to his home when the robbery occurred at around 11pm.
    • Turkish man carrying €5 million cash for cryptocurrency trading is attacked in Hong Kong by knife-wielding assailants [Dimsum Daily]
      • Victim fights off attackers, suffers 10-centimetre knife wound to forehead, but retains his money bag. Police arrests four men.
    • Four men and one woman arrested after the kidnapping of a cryptocurrency investor in Paris over a failed €10,000 cryptocurrency investment that collapsed [Le Parisien]
      • The 20-year-old victim was forced into a car trunk during what appeared to be a setup meeting with a 19-year-old woman. Kidnappers demanded €40,000.
    • South Korean prosecutors request 10-year sentence for a man who stabbed Haru Invest CEO in the neck during a court hearing in August 2024 [The Block]
      • The attacker, surnamed Kang, lost 100 BTC in Haru Invest, which allegedly defrauded around 16,000 investors of nearly $962 million after suspending operations in June 2023.

Interlude (Rob’s Corner)

Privacy & Other Related Bitcoin Projects (cont.)

Project spotlight

  • Voca: A privacy-focused Text-to-Speech (TTS) app for Android that respects system language settings and provides a clean, simple interface [Gitea]
    • Users can configure language through system TTS settings, with all processing done locally without data collection.
    • Voca is FOSS and operates on a value for value model [Npub]
  • Silkpad Computers: Privacy-focused refurbished computers, focuses on older Thinkpads models
    • Silkpad Computers offers refurbished devices emphasizing privacy and security through auditable firmware (IME disabled) and open-source software.

Lightning + L2+

Project spotlight

  • LN-spam-prevention: Fee-based protocols for preventing spam on the Bitcoin Lightning Network [Github]
    • The project introduces protocols to assign and collect fees for Lightning services, aiming to reduce network spam by charging for all significant costs incurred.
    • The collection system uses griefer-penalization where both parties lose comparable funds in griefing attempts, protecting users who select self-interested partners [Research paper]
  • Hydrus: Lightning automated liquidity management agent [Github]
    • Hydrus automatically opens and closes Lightning Network channels based on network graph analysis and performance metrics.
    • The system selects nodes using weighted heuristics including capacity, centrality, routing policies, and connectivity.
  • Alby Lite: A minimal Lightning address server powered by NWC [Github]
  • ngx_l402: An Nginx module that enables pay-per-request authentication using the L402 protocol [Github]
    • An L402 authentication module/plugin for Nginx that integrates seamlessly into your web server, enabling Lightning Network-based monetization for your REST APIs
    • It supports invoice generation through LND, LNURL, and NWC
  • LNVPS: A bitcoin powered VPS provider
    • LNVPS is a VPS provider based in Ireland that specializes in integrating Bitcoin’s Lightning Network for payments
  • Sig4Sats Script: Atomic exchange of Cashu payments for Nostr event signatures using Schnorr adaptor signatures [Github]
    • A simple script demonstrating how to atomically exchange Cashu payments for Nostr event signatures using Schnorr adaptor signatures.
  • nut-bridge: Bridging the gap between NIP-57 and NutZaps [Github]
    • “nut-bridge is bridging the gap between NIP-57 Zaps and NIP-61 NutZaps by providing a LNURL server that will receive payments via a Lightning Address and then turn them into a nut zap.”

Software Releases & Project Updates

  • LDK announces Versioned Storage Service (VSS)
    • VSS provides server-side storage for non-custodial Lightning Network and Bitcoin wallets, which enables fund recovery after a device loss as well as future multi-device access.
    • The service ensures real-time synchronization of wallet states, and prevents loss of funds by securing every state change as it occurs rather than relying on periodic backups.
    • VSS is designed with privacy features including client-side encryption and can be self-hosted or cloud-deployed, with integration already available in LDK Node v0.4.x as alpha support.
  • Eclair v0.12.0
    • This release adds support for creating and managing Bolt 12 offers and a new channel closing protocol (option_simple_close) that supports RBF.
    • We also add support for storing small amounts of (encrypted) data for our peers (option_provide_storage).
  • Phoenixd v0.5.1
    • Use ubuntu for docker runtime image
    • Add parent_id link for first outgoing payment part
  • Breez SDK v0.7.2 - Nodeless
    • Add seed support to ConnectRequest
    • Improve realtime sync and restore
  • Alby
    • Go v1.11.0
      • Add support for NWC deep linking and NWA
      • BTC rates now refresh every 5 minutes for up-to-date pricing
      • Improve branding with Alby Go logos on success screens
      • Update wallet removal copy for better clarity
  • Ark v0.5.2 - Handle RBF transactions
    • Telemetry: Go runtime metrics
    • SDK: Detect rbf txs while listening for boarding utxos
  • Ark Labs HQ wallet-sdk
    • v0.0.9
      • VtxoScript abstraction
      • Mark as side-effect-free to allow Tree Shaking
      • Add ArkNote class
    • v0.0.8
      • Support Boarding
      • Cleaning types
      • Identity abstraction
      • Add getTransactionHistory()
      • Add ServiceWorkerWallet implementation
  • BitBanana v0.9.3
    • Significantly enhanced channel rebalancing interface
    • Nostr Wallet Connect support
    • Channel sorting
    • UTXO sorting
    • Exposed timeout setting for backend communication and lightning payments
  • BlitzWallet v0.4.2-beta
    • eCash Revamp: More Flexibility & Security
      • Deterministic Proofs: eCash proofs are now linked to your Blitz Wallet seed phrase
      • New SQL Storage System: Moved from encrypted database storage to a local SQL database
      • Cross-Wallet Portability: Upload and migrate eCash proofs between compatible wallets
      • Laying the Groundwork for Higher Limits: Preparing to increase the eCash storage limit beyond the current 5,000 sats cap
    • Manual Migration Required: Existing eCash proofs must be manually migrated via Settings > Experimental Features
    • Point-of-Sale Enhancements:
      • Customizable Currency Display: Toggle between sats or fiat, with proper regional formatting
      • Integrated Tipping System: Employees can now enter their name during PoS transactions, and business owners can track tips for proper distribution
  • CDK v0.8.0
    • Add redb feature to mintd in order to meet MSRV target
    • cdk-sqlite: In memory sqlite database
    • Add tos_url to MintInfo
    • cdk: Add tos_url setter to MintBuilder
    • Add optional “request” and “unit” fields to MeltQuoteBolt11Response NUT Change
    • Add optional “amount” and “unit” fields to MintQuoteBolt11Response NUT Change
    • Compile-time error when no lightning backend features are enabled
    • Add support for sqlcipher
    • Payment processor
    • Payment request builder
    • Sends should be initiated by calling Wallet::prepare_send
    • A SendOptions struct controls optional functionality for sends
    • Allow Amount splitting to target a fee rate amount
  • CashuBTC Update
    • Add the ability to use tap-to-pay with eCash, enables Bitcoin payments via NFC without internet or delay
    • The system supports payments from any mint and integrates with the Lightning Network
  • Cashu-ts
    • v2.4.1
      • Export OutputData
    • v2.4.0
      • Remove dleqValid from proof and expose verification api
      • Extract from- and to- raw request functions
      • Handle specific errors cases in request.ts
    • v2.3.0
      • Add method for automated batch restoration
      • NUT-18 is implemented, updating README.
      • NUT-15 MultiPath Melt Quotes
      • NUT-20 Signed Mint Payloads
  • Nutstash v2.0.4
    • Switch qr code lib to @paulmillr/qr
    • Feature: Offline tokens

Nostr

Project spotlight

  • GM.family: Send a ‘GM’ note to @fiatjaf by the press of a button
  • Nostringer: JavaScript library providing unlinkable ring signatures (SAG) for Nostr pubkeys [Github]
    • The library draws inspiration from Monero’s Ring Signatures using Spontaneous Anonymous Group signatures (SAG) and implements ring signatures using Ed25519 elliptic curve and Keccak hashing.
  • Igloo: Frostr keyset manager and remote signer [Github]
    • “Desktop-based key management and signing device. Options to import an existing nsec, or generate a new one. Allows you to manage and rotate shares, plus recover your nsec using shares. Can be used online for remote signing, or offline for key management only.”
  • Frost2x: Notes and other stuff signed by an extension, using the powers of FROST [Github]
    • Fork of the popular nos2x extension
    • Uses the Bifrost library for encryption and signing of events
    • Allows FROST-based signing for any website that supports NIP-07
  • Permafrost: Ephemeral relay and remote signing server for the FROSTR protocol [Github]
    • Server-based signing device and personal ephemeral relay
    • Includes a NIP-07 based web portal for managing your server
    • Options to run as a node service (using bun) or inside a docker environment
  • 23GMT: A specialized Nostr relay with time-based constraints
    • 23GMT is a specialized Nostr relay with some constraints:
      • Only accepts posts from 23:00 to 24:00 GMT
      • Deletes its database at 01:00 GMT
      • Only accepts events with kind 1 (text notes)
      • Only accepts events with a NIP-70 “-“ tag
  • Runstr: A motion tracking app built on top of Nostr [Github]
    • Runstr aims to offer an open source, privacy-focused alternative to platforms like Nike Run Club or Strava
    • Current features include Nostr login, run tracker, global running feed, and Wavlake music
  • EnterTheNostr: Matrix-themed Nostr note composer
    • Aside from the nostr extension sign up, it features a “Load Smith” function that creates anonymous, one-time identities for users to post without a signer extension
  • POWR: Proof Of Workout over Relays [NIP-101e: Workout Events]
    • POWR is a local-first, open-source fitness app for Android and iOS supercharged by Nostr [Announcement]
  • Nostr NIP Repository Extension: Opens the NIP repository in your browser [Github]
    • “This extension provides quick access to Nostr NIPs (Nostr Implementation Possibilities) documentation directly from Kunkun. It allows you to open Nostr-related repositories and browse specific NIPs with ease.”
  • Dezh DSR: A repository containing a set of Nostr relays designed to be used for specific purposes [Github]
    • Zapoli: A relay designed to used by NIP-82 clients
    • 210maxi: A relay that only accepts 210 character events, tuned for NIP-B1 feeds
    • Pages: A relay that only keeps profiles and follow lists. You can simply resolve any pubkey from it
    • Bunklay: A relay that only accept bunker related events
  • Notebin: NIP-95: Decentralized code snippets with Lightning tips [Github]
    • The proposal defines a new Nostr event kind specifically for code snippets, separate from regular text notes.
    • Code snippets include specialized metadata such as programming language, file extension, and other code-specific attributes.
  • Sats.gg: A Nostr client focused on live streaming [Github]
    • Sats.gg helps content creators monetize their work on platforms like Twitter, Ghost, Substack, Squarespace, and Nostr
    • The platform supports integration with LNURLPay and Lightning Address, facilitating seamless payment processes for users
  • Yumyume: A FOSS social bookmarking client built on the Nostr protocol, distributing bookmarks across multiple relays [Gitlab]
    • Yumyume supports self-hosting, and operates client-side but requires a local web server for full functionality.
  • Postr For Nostr: Share your WordPress Posts to Nostr with Postr For Nostr [Github]
    • This plugin provides the ability to postr content from WordPress to Nostr.
  • Flightless2: A terminal-based user interface client for Nostr direct messaging DM [Github]
  • Nostr Components: Take Nostr content beyond Nostr clients - embed it anywhere on the internet [Github]
    • Nostr Components makes it easy to embed Nostr profiles, posts, and follow buttons in any website.
  • Hello Nostr: A collection of Nostr educational resources
    • This site serves as a companion through the Nostr universe, helping users from downloading their first client to running relays and using self-custodial Lightning wallets.
  • Nostr MCP Server: A Model Context Protocol (MCP) server that provides Nostr capabilities to LLMs like Claude [Github]
    • The server supports both hex public keys and npub formats, and implements five tools for interacting with the Nostr network:​ getProfile, getKind1Notes, getReceivedZaps, getSentZaps, getAllZaps
  • Bookstr: Bookstr is a Goodreads or Storygraph alternative built on Nostr built with Lovable AI [Github]

Software Releases & Project Updates

  • rust-nostr v0.40.0
    • Add NIP-38 and NIP-62 support
    • Add nostr parser, to easily parse any text and extract nostr URIs, URLs and more
    • Extend Tags capabilities (i.e., add deduplication support)
    • Add admission policies, to selectively select which events to allow receiving and which to reject
    • Add Mac Catalyst support for Swift package
  • Coracle v0.6.9
    • Quote addressable events by address rather than nevent
    • Bump nostr-tools to fix nostrcheck uploads
    • Show error when DM fails to send
  • Nostur v1.19.0
    • Faster feed loading
    • Improve fullscreen image viewer
    • Prefetch images when swiping in gallery
    • Add blur hash metadata when posting images
    • Keep scroll position improvements
    • Show connecting thread lines in full width image mode
    • Multiple picture select for regular posts
    • Better m3u8 video stream detection
    • Show own npub in sidebar + copy
  • Nostr PHP v1.6.0
    • Allow verification of Event objects
    • Add NIP-04 and NIP-44 encryption
  • Yana v0.16.0
    • NWC alby go 1-click connection
    • Outbox relay set calculation progress
    • Upload media using blossom
    • Video player fullscreen
    • NIP-42 Relay Authentication
  • Gossip v0.14.0
    • Zappers and amounts are now shown
    • Reactions and who reacted are now shown
    • UI: Side panel contains less so it can be thinner. Bottom bar added.
    • UI: frame count and spinner (optional)
    • Relay UI: sorting by score puts important relays at the top.
    • Relay UI: add more filters so all the bits are covered
    • Image and video loading is much faster
    • Subject in draft (when replying) can be edited
    • DM feeds automatically update, and note order is fixed
    • Logging to stderr by default
    • Relay errors and fetch errors are now considered as warnings
  • Citrine v0.7.2
    • Add a button to delete events by kind
    • Change the delete all button color and separate it from the other buttons
    • Download events just with a npub
    • Change the relays when downloading events
  • 0xChat App Desktop v1.0.2
    • Supports NIP-104 MLS secret chat
    • Supports copying images from the clipboard
    • The desktop client will remain running after the window is closed.
  • nostr-relay-tray v2.0.0
    • Support one-click to expose the relay to the internet
    • Add ability to delete events based on specific conditions
    • Breaking Change: Improved event rules structure for better control
  • Pokey v0.1.5-alpha
    • Zap notifications now displays zapper’s profile
    • Pokey will skip notifications for events containing more than a configurable amount of tagger users (Hell Threads)
  • Nostr-zap v1.3.0
    • Introduce data-naddr property as alternative to data-note-id
  • Electrum 4.6 will feature built-in Nostr support with a custom aionostr library developed specifically for this purpose [Announcement]
    • Nostr integration aims to decentralize previously centralized services, enabling users to become liquidity providers for submarine swaps and replacing central servers for PSBT cosigning.
    • Developers are also currently working on a NWC plugin to further improve on connectivity options.

Boosts

  • Thanks to everyone who streamed sats, and shoutout to our top boosters:
    • [🏆 TOP BOOSTER] @pink monkey (1,000 sats)
    • @Anonymous (1,000 sats)
    • @jespada (100 sats) “I need to sleep more often, please keep shipping”
    • @. (350 sats)
    • @Anonymous (350 sats)
    • @Anonymous (350 sats)
    • @btconboard (200 sats) â€œâšĄïžâšĄïžđŸ‘đŸ»đŸ‘đŸ»â€
    • @AVERAGE_GARY (100 sats) “Roastr exists.” “ed25519?”
    • @alanStacksSats “Good tech content away from the usual price and macro talk alot of podcasts focus on.”

Tech Tip of the Day

  • No Ghibli Chrome Extension: A Chrome extension that helps you identify and filter out Studio Ghibli-related content from Twitter [Github]

Bitcoin Optech Newsletter

  • Highlights from recent Bitcoin Optech Newsletters
    • 347
      • LN upfront and hold fees using burnable outputs: John Law posted to Delving Bitcoin the summary of a paper he’s written about a protocol nodes can use to charge two additional types of fees for forwarding payments
      • Discussion of testnets 3 and 4: Sjors Provoost posted to the Bitcoin-Dev mailing list to ask whether anyone was still using testnet3 now that testnet4 has been available for about six months
      • Plan to relay certain taproot annexes: Peter Todd announced to the Bitcoin-Dev mailing list his plan to update his Bitcoin Core-based node, Libre Relay, to begin relaying transactions containing taproot annexes if they follow particular rules.
    • 346
      • Discussion of LND’s dynamic feerate adjustment system: Matt Morehouse posted to Delving Bitcoin a description of LND’s recently-rewritten sweeper system, which determines the feerates to use for onchain transactions. See #### Lightning

    • 345
      • P2P traffic analysis: developer Virtu posted to Delving Bitcoin an analysis of the network traffic generated and received by his node in four different modes: initial block download (IBD), non-listening (outbound connections only), non-archival (pruned) listening, and archival listening.
      • Research into single-path LN pathfinding: Sindura Saraswathi posted to Delving Bitcoin about research she conducted with Christian KĂŒmmerle about finding optimal paths between LN nodes for sending payments in a single part.
      • Probabilistic payments using different hash functions as an xor function: Robin Linus replied to the Delving Bitcoin thread about probabilistic payments.

News & Noteworthy

Bitcoin

  • CISA: Cross-Input Signature Aggregation research paper released
    • HRF sponsors research paper on Cross-Input Signature Aggregation, a Bitcoin protocol enhancement that combines multiple Schnorr signatures into a single, smaller signature.
    • CISA aims to reduce Bitcoin transaction sizes and storage requirements, lower transaction fees, and improve bandwidth efficiency.

Lightning + L2+

  • LND’s Deadline-Aware Budget Sweeper: A new approach to Lightning transaction fee management [Matt Morehouse]
    • LND v0.18.0 introduces a completely rewritten sweeper subsystem that dynamically adjusts transaction fees based on HTLC deadlines and fee budgets.
    • The new approach makes replacement cycling attacks uneconomical by allocating up to 50% of HTLC value for fees when necessary.
    • This deadline-aware strategy provides better security than existing methods while reducing reliance on potentially inaccurate fee estimators.
  • Second launches its Ark protocol implementation on signet, inviting developers to test it before mainnet release [Second Blog post]
    • The company provides signet faucet and test store to facilitate testing.
  • Exodus announces end of Lightning wallet support on May 30, 2025, after which users cannot access Lightning wallets or funds [Announcement]
    • Users must withdraw their entire LN balance before May 30, 2025 to avoid losing access to their funds.

Business & Finance

  • Chinese automobile financing platform Cango set to become Bitcoin mining proxy for Bitmain through Antalpha connection [The Miner Mag]
    • The connection between Antalpha, Antpool, Bitmain, and EWCL suggests Cango was positioned as a mining proxy for Bitmain from the beginning, explaining Cango’s recent purchase of 32 EH/s hashrate from Bitmain despite limited cash reserves.
  • Bitcoin financial firm NYDIG to acquire Crusoe’s bitcoin mining business [Blockspace]
    • NYDIG is negotiating to purchase Crusoe Energy’s 270 MW bitcoin mining portfolio across 20 sites, including 135 employees. The acquisition allows NYDIG to expand mining operations while leveraging potential synergies with parent company Stone Ridge Holding’s 10 GW natural gas assets.
    • Crusoe Energy is pivoting away from bitcoin mining to focus on AI infrastructure, including a 1.6 GW datacenter project in Texas.
  • LƍD Technologies, an IoT-driven energy intelligence provider, now operates across all Bitfarms datacenters globally [Press release]
    • The platform enables Bitfarms to track electricity markets, respond to grid conditions, and optimize power costs while maximizing demand response revenue potential.
  • Bitcoin mining hardware manufacturer Canaan Inc. secures $200 million through a Series A-1 Preferred Shares financing [The Miner Mag]
    • The funding supports R&D, production expansion, and digital mining infrastructure in North America.
  • DLC Markets announces addition of options booking and settlement to their platform, automating margin calls, liquidation, and settlement processes [Blog post]

Funding

  • OpenSats
    • Announces the Tenth Wave of Bitcoin Grants, supporting six projects advancing the Bitcoin ecosystem:
      • First-time project grants for Bitcoin Safe, Stable Channels, and Waye.
      • And renewed project grants for Floresta, Krux, and Krux-Installer.
    • Reveals the recipients of the Tenth Wave of Nostr Grants, comprising of seven innovative projects that showcase the growing versatility of the nostr ecosystem:
      • The four first-time project grants in this wave are: Chachi, Zapstore, HyperNote, and Nostr Epoxy.
      • In addition, OpenSats has renewed project grants for: Futr, Npub.cash, and Notedeck.
    • Announces its support to OpenSats-like organizations, focusing on a specific domain, namely: 2140, OpenCash, Bitshala, Summer of Bitcoin, Bitcoin Dev Launchpad, and Foundation Formation Kit
  • Vinteum announces its fellowship program, a structured phase of onboarding new open-source contributors, selecting seven fellows which are starting a six-month journey:
    • Luis Schwab (BDK)
    • JoĂŁo Leal (Floresta)
    • Lucas Balieiro (PlebLottery and StratumV2)
    • QLRD (Krux and Floresta)
    • Erick Cestari (Rust-Bitcoin)
    • Moises Pompilio (LDK)
    • Lucad70 (Floresta)
  • Btrust awards Q1 2025 Starter Grants to Brandon Odiwuor, active Bitcoin Core contributor, and Itoro Ukpong, contributor to Bitcoinj and BDK-FFI.
  • Btrust Builders launches five structured learning tracks to train African developers in Bitcoin open-source development [Announcement]
    • The pathways include Mastering Bitcoin, Bitcoin Core CLI, Rust for Bitcoin, Programming for Bitcoin, and Start Your Career in BOSS.

Mining

  • Foundry mines 9 blocks in a row on March 29th, from block 889982 to 889990
  • Block 888989: First public-pool block mined by self-hosted user
    • A Bitcoin block with hash 00000000000000000000a517d87e63ea04c7ec3dd51d20926e82cca5466dccaf was successfully mined on a self-hosted public-pool.
  • DMND launches Stratum V2 mining pool [Blockspace]
    • DMND, backed by Trammell Venture Partners, opens applications for its Stratum V2 mining pool, offers miners a 0% fee for two months.
  • Bitdeer introduces the A2 Pro Bitcoin miner with 14.9 J/TH efficiency, improving upon the original A2’s 16.5 J/TH and matching Bitmain’s Antminer S21 Pro [Press release]
    • The A2 Pro comes in two versions: air-cooled (255-270TH/) and hydro-cooled (500-530TH/s), with Bitdeer projecting total production of 35 EH/s of SEALMINER units by October.
  • Auradine unveils the Teraflux AH3880, the first U.S.-engineered hydro-cooled Bitcoin miner, delivering up to 600 TH/s with 14.5 J/TH efficiency, marking the first U.S.-engineered hydro-cooled Bitcoin miner [The Miner Mag]

Privacy

  • GSMA introduces end-to-end encryption for cross-platform messaging [Cyber Insider]
    • GSMA announces RCS standard upgrade with end-to-end encryption using the Messaging Layer Security protocol, marking the first large-scale interoperable encryption system between different clients.
    • Apple confirms involvement, with spokesperson Shane Bauer stating: “End-to-end encryption is a powerful privacy and security technology that iMessage has supported since the beginning.”
  • U.S. Officials misuse Signal app for Yemen strike coordination, accidentally include journalist [Cyber Insider]
    • National security team members under Trump administration mistakenly add Atlantic editor Jeffrey Goldberg to a Signal group chat coordinating military strikes in Yemen.
    • Officials including VP Vance, Defense Secretary Hegseth, and Secretary of State Rubio exchange classified tactical information on commercial smartphones using an unauthorized platform.
  • Switzerland considers expanding its surveillance law to include VPNs, messaging apps, and social networks with over 5,000 users or $100 million turnover [TechRadar]
    • The amendment creates “three types of information and two types of monitoring” that would force privacy-focused companies to modify encryption and identification practices.
  • Mullvad VPN provides details on why its iOS app doesn’t enable Apple’s ‘includeAllNetworks’ flag despite its potential privacy benefits [Blog post]
    • The Swedish VPN provider discovers that enabling this feature causes critical system failures during app updates, resulting in complete network loss on iOS devices.

Protocol

  • Bitcoin Core #31407: guix: Notarize MacOS app bundle and codesign all MacOS and Windows binaries [Merged]
  • BIPs #1800: Consensus Cleanup BIP draft [Open]
  • BDK #1839: This PR allows the receiving structures (bdk_chain, bdk_wallet) to detect and evict incoming transactions that are double spent (cancelled). [Merged]
  • LND #9620: Adds testnet4 support to lnd [Merged]
  • LDK #3624: Support scalar tweak to rotate holder funding key during splicing [Merged]
  • LDK #3649: Add BOLT12 support to bLIP-51 / LSPS1 [Merged]
  • LDK #3608: Correct and update confirmation target constant definitions [Merged]
  • LND #9458: multi+server.go: add initial permissions for some peers [Merged]
  • BTCPayServer #6581: RBF and UX improvement to fee bumping [Merged]
  • Eclair #3044: Remove amount-based confirmation scaling [Merged]
  • Eclair #3026: Support p2tr bitcoin wallet [Merged]
  • BOLT #1233: Check for preimage before failing back missing HTLCs [Merged]
  • NIP #1822: Add B0 NIP for Blossom interaction [Open]
  • NIP #1826: A way for relays to be honest about their algos [Open]

Tutorial

  • Liana Simple Inheritance Taproot Miniscript Wallet with Krux [Guide]
    • This guide details how to set up a Taproot miniscript wallet using:
      • Krux: For key creation, backup, and transaction signing.
      • Liana Wallet: For creating a “Simple Inheritance” wallet that uses the keys generated on Krux.
  • Setting up a Strfry Nostr Relay as a TOR Hidden Service [0xtr’s Guide]
    • This guide will walk you through setting up your own Strfry Nostr relay on a Debian/Ubuntu server and making it accessible exclusively as a TOR hidden service.

Cryptography

  • GPU advancements in cryptographic brute force attacks [Research paper]
    • Researchers optimize implementations of KASUMI, SPECK, and TEA3 algorithms on GPUs, achieving 235.72, 236.72, and 234.71 keys tested per second on a single RTX 4090.
    • The KASUMI implementation shows 15x improvement over previous work, reducing requirements for breaking GPRS/GSM from 2400 RTX 3090 GPUs to just 142 RTX 4090 GPUs.

Government & Political

  • DeFi Education Fund publishes coalition letter asking Congress to correct DOJ’s interpretation of money transmission laws as applied to software developers [Announcement]
    • The letter challenges DOJ’s August 2023 legal theory that expands criminal liability to developers, which signatories believe contradicts FinCEN guidance and threatens the U.S. blockchain ecosystem.
    • Coalition maintains money transmitting businesses require “possessing & transmitting funds on behalf of others” and urges policymakers to “protect U.S. software developers from regulatory overreach.”
  • France rejects encryption backdoor mandate [EFF]
    • The rejected proposal would have implemented a “ghost participant model” allowing law enforcement to silently join encrypted chats, undermining private communication security.
  • The FAIR Act aims to protect bitcoin holders from civil asset forfeiture [Bitcoin Magazine]
    • The Fifth Amendment Integrity Restoration (FAIR) Act seeks to reform civil asset forfeiture laws, requiring clear and convincing evidence before the government can seize property, thereby offering stronger protections for Bitcoin holders. ​
  • U.S. Treasury removes Tornado Cash from sanctions list and issues warning to users [The Rage]
    • OFAC has officially lifted sanctions against Tornado Cash, removing it from the SDN List after the Fifth Circuit ruled the designation unlawful in November.
    • Update: Treasury files notice to prevent Texas district court from issuing final judgment on Tornado Cash sanctions reversal, attempting to retain power to list software on OFAC’s SDN list.
      • Despite removing Tornado Cash from sanctions list, Treasury seeks to avoid binding court order that would prevent it from sanctioning similar privacy software in future, signaling continued focus on cryptocurrency privacy services.
  • US government prosecutors allegedly withhold evidence showing Chainalysis incorrectly attributed 300 million to North Korea in the Roman Storm case where they claimed 1 billion was laundered through Tornado Cash [Twitter post]
    • The defense argues prosecutors violated the Brady rule by failing to disclose evidence that “undermines a core allegation” despite prosecutors claiming the material “stretch[ed] beyond recognition what constitutes Brady material.”
  • Chainalysis sued by bankruptcy debtors for facilitating fraud in Celsius network collapse [The Rage]
    • The lawsuit claims Chainalysis “knowingly and willfully fueled one of the biggest cons in cryptocurrency history” by validating inflated asset figures calculated using methodology designed by Celsius founder Alex Mashinsky.
  • Samourai Wallet developers attend fourth pre-trial hearing [Bitcoin Magazine]
    • The court establishes pre-trial motion schedule starting May 9, with prosecution responses due June 6.
    • Expert disclosures are scheduled for July 15 (prosecution) and August 8 (defense). The trial is officially scheduled to begin on November 3, 2025.
  • U.S. IRS sharing tax data with immigration agencies for deportation purposes [The Rage]
    • The IRS has agreed to share confidential tax records with ICE and DHS to help locate and deport immigrants who have removal orders.
    • This marks the second major increase in financial surveillance under the Trump administration, following Treasury’s lowering of reporting thresholds along the Mexican border from $10,000 to $200
  • The European Central Bank plans to finish the digital euro testing phase by October 2025 [CoinDesk]
    • ECB board members are actively campaigning with European Parliament, Council, and Commission stakeholders to advance the digital euro project.

Events

Reads

  • Here’s a list of our top recently published reads:
    • Cashu: Bitcoin freebanking, by Juraj Bednar [Blog post]
    • Wallet Clustering Basics, by Spiral [The Scroll #2]
    • Bitcoin’s Duplicate Transactions, by BitMEX Research [Blog post]
    • Nostr Security: Account Hacks, by Odell [Note]
    • Comprehensive Analysis and Proposed Solutions for Mitigating Sybil Attacks on Nostr, by PPQ Deep Research [Note]
    • The bitcoiner’s guide to physical security, by Jameson Lopp [Casa Blog post]
    • Bitcoin and the Rise of Cypherpunks: A Historical Timeline, by Craig [On Bitcoin]

Episode submission ideas

  • We’re looking for ideas for interesting panel conversations. To send Bitcoin related questions, just go to bitcoin.review and follow the contact links at the bottom of the page.

Get in touch with the pod

Did I get anything wrong above? Help me correct it producer@coinkite.com