nostr:nprofile1qqsrk63a8wentzpk5ex3eqpf9wtww6vwcddzuh9y2800567n4ulwhpqpzfmhxue69uhk7enxvd5xz6tw9ec82csprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvtg5u7u now flags address poisoning attempts.
These attacks spoof wallet addresses to fool users into sending to the wrong address.
nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0sprfmhxue69uhhqatjv9mxjerp9ehx7um5wghxcctwvshszxrhwden5te0dehhxarj9enx6apwwa5h5tnzd9az7nh3jrs outlines the importance of Mempool space’s update in BR094.
🚨 Trezor Safe 3 vulnerability
Ledger Donjon demonstrated they could bypass firmware checks and run malicious code — enabling remote recovery of user funds.
Why? Critical ops still run on the MCU, not the Secure Element.
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpr3mhxue69uhkummnw3ezumt4w35ku7thv9kxcet59e3k7mgpzamhxue69uhhyetvv9ujucm4wfex2mn59en8j6ggdd5uv & nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0sprfmhxue69uhhqatjv9mxjerp9ehx7um5wghxcctwvshszxrhwden5te0dehhxarj9enx6apwwa5h5tnzd9az7nh3jrs break it down in BR094.
"It's time."
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpzpmhxue69uh5ummnw3ezuamfdejszxrhwden5te0wfjkccte9ehx7um5wf5kxcfwvdhk66nl4ww puts the call out to builders creating tools that support entire lives on Bitcoin.
If your project handles salaries, life expenses, or full-stack circularity, NVK wants to hear from you!
Get in touch! 📲
[BR094]
Want to build Bitcoin txs in TypeScript?
CoinSelect:
• Uses Bitcoin Descriptors to define UTXOs + targets
• Calculates tx size based on selected spending paths
• Supports Miniscript
• Avoids dust outputs
nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0sprpmhxue69uhkummnw3ezuendwsh8w6t69e3xj730qyxhwumn8ghj7cnjvghxjme042xu4c & nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpzpmhxue69uh5ummnw3ezuamfdejszxrhwden5te0wfjkccte9ehx7um5wf5kxcfwvdhk66nl4ww discuss the project in BR094.
Bitcoin Jungle (@BitcoinJungleCR) app update!
v1.3.6 now supports:
📩 Email-based recovery
📶 Bolt Card support
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpvemhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0dec82c33v9arj7r28q6kxmtcwcux2wt289unsvrvwechqwfhvde8xutyw5exvur4xdehyam5dpjrjwt3ve6njutnvaehgctd8puns0mzwfhkzerrv9ehg0t5wf6k2qgcwaehxw309aex2mrp0yh8xmn0wf6zuum0vd5kzmq7nmxgq and nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0sprdmhxue69uhhyetvv9ujummjv9hxwetsd9kxctnyv4mz7qg4waehxw309aex2mrp0yhxgctdw4eju6t09uwgtp4l discuss the update and give their take on Bolt cards - the low-cost, scalable and simple tech enabling NFC payments via LNURL. [BR094]
VSS is a game-changer for Lightning.⚡️
LDK’s VSS now ships encrypted, real-time backups of your Lightning channel data.
Client-side encrypted, self-hostable, and already live in LDK Node 0.4.x.
nostr:nprofile1qqsq6myr3rwtqjdcm48u357ccwae8h3a4y96s28y7zwg458ngeyg5vcprdmhxue69uhkx6rjd9ehgurfd3kzumn0wd68yvfwvdhk6qgcwaehxw309aex2mrp0yh8xmn0wf6zuum0vd5kzmqxux2lz gives his take in BR094.
We’re witnessing the rise of the Bitcoin-native economy.
Invoices, salaries, expenses—more people are doing it all in sats. But the tools for accounting haven’t caught up yet.
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpz4mhxue69uhkummnw3ezumtfd3hh2tnvdakqzynhwden5te0danxvcmgv95kutnsw43qqwdzhj and nostr:nprofile1qqsq6myr3rwtqjdcm48u357ccwae8h3a4y96s28y7zwg458ngeyg5vcpz3mhxue69uhhyetvv9ujuerpd46hxtnfduq3samnwvaz7tmjv4kxz7fwwdhx7un59eek7cmfv9kqwfhktt discuss the phenomenon and its challenges in BR094.
Nostr isn’t just for social—it’s a language for APIs.
#Nostr + MCP might be the janky glue that holds future coordination together—between people, APIs, and even LLMs.
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpzamhxue69uhhyetvv9ujucm4wfex2mn59en8j6gpz4mhxue69uhk2er9dchxummnw3ezumrpdejqxxmr8g , nostr:nprofile1qqsq6myr3rwtqjdcm48u357ccwae8h3a4y96s28y7zwg458ngeyg5vcpzpmhxue69uhkummnw3ezuamfdejszyrhwden5te0xy6rqtnxxaazu6t053ys6h & nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spzdmhxue69uhk7enxvd5xz6tw9ec82c30qydhwumn8ghj7un9d3shjtn0wfskuem9wp5kcmpwv3jhvtc6pm3kw break it down in BR094.
So, who's gonna build "NodeSecure.js"?
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpzamhxue69uhhyetvv9ujucm4wfex2mn59en8j6gpz4mhxue69uhk2er9dchxummnw3ezumrpdejqxxmr8g argues for a secure package manager, while nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spzdmhxue69uhk7enxvd5xz6tw9ec82c30qydhwumn8ghj7un9d3shjtn0wfskuem9wp5kcmpwv3jhvtc6pm3kw & nostr:nprofile1qqsq6myr3rwtqjdcm48u357ccwae8h3a4y96s28y7zwg458ngeyg5vcpzpmhxue69uhkummnw3ezuamfdejszyrhwden5te0xy6rqtnxxaazu6t053ys6h explore alternatives like htmx and curated Docker images.
Is there a market for a safer JavaScript ecosystem? [BR094]
🚨 SCAM ALERT 🚨
A very convincing email claiming Coinbase now promotes self-custody (complete with a pre-generated seed phrase) is doing the rounds.
🔹 The language? Spot-on.
🔹 The goal? Steal your Bitcoin.
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpvemhxue69uhkv6tvw3jhytnwdaehgu3wwa5kuef0dec82c33v9arj7r28q6kxmtcwcux2wt289unsvrvwechqwfhvde8xutyw5exvur4xdehyam5dpjrjwt3ve6njutnvaehgctd8puns0mzwfhkzerrv9ehg0t5wf6k2qghwaehxw309aex2mrp0yhxxatjwfjkuapwveukj0ulc0n , nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spzdmhxue69uhk7enxvd5xz6tw9ec82c30qythwumn8ghj7unnwdkxz7fwdehhxarj9ehx2ap05xs6hc & nostr:nprofile1qqsq6myr3rwtqjdcm48u357ccwae8h3a4y96s28y7zwg458ngeyg5vcprdmhxue69uhkx6rjd9ehgurfd3kzumn0wd68yvfwvdhk6qgdwaehxw309ahx7uewd3hkcwypa2z discuss the phishing campaign in BR093.
🚀 BR094 - COLDCARD KeyTeleport, Harbor, Ark, Cove Wallet, Zaprite, Bitcoin Core, OMEMO, Knots, Vibe Coding, Trezor Safe 3 Attack Vector, Coinbase Phishing Campaign, Bitcoin Business Software + MORE ft. nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spzdmhxue69uhk7enxvd5xz6tw9ec82c30qythwumn8ghj7unnwdkxz7fwdehhxarj9ehx2ap05xs6hc , nostr:nprofile1qqsq6myr3rwtqjdcm48u357ccwae8h3a4y96s28y7zwg458ngeyg5vcprdmhxue69uhkx6rjd9ehgurfd3kzumn0wd68yvfwvdhk6qgdwaehxw309ahx7uewd3hkcwypa2z & nostr:npub1az9xj85cmxv8e9j9y80lvqp97crsqdu2fpu3srwthd99qfu9qsgstam8y8
Listen to the episode:
➡️ Fountain: https://fountain.fm/episode/L7VgOt3XdYmiIi9ioImF
➡️ Spotify: https://open.spotify.com/episode/2HMAPQZBRP4ga1W44kq6kQ
➡️ YouTube: https://youtu.be/YKTLZcfaL4A
Shownotes:
➡️ Website: https://bitcoin.review/podcast/episode-94/
➡️ Substack: https://substack.bitcoin.review/p/br094-coldcard-keyteleport-harbor?r=2tlln9
Bitcoin software is built by coders, for coders—but what about the businesses that just need to get things done? 🏢💰
NVK and Rob explore the missing middle ground: practical Bitcoin tools for real-world businesses. 👇🏼
Twitter locks you in. Nostr sets you free. 🔓
Short-form social has never had an open protocol - until now.
nostr:nprofile1qqsqfjg4mth7uwp307nng3z2em3ep2pxnljczzezg8j7dhf58ha7ejgprpmhxue69uhhqun9d45h2mfwwpexjmtpdshxuet5qyt8wumn8ghj7un9d3shjtnswf5k6ctv9ehx2aqnz0fd0 explains why bringing the best #Bitcoin conversations (and drama) to #nostr helps to tip the scales in BR082.
How decentralized is Bitcoin mining? 🧐
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpz4mhxue69uhkummnw3ezumtfd3hh2tnvdakqz9mhwden5te0wfjkccte9e3h2unjv4h8gtnx095sqjae49 and nostr:nprofile1qqs9zmjarqm2tq3yc4csnhqjhdyhsgpx5ns443xugd7qtl7ma53wzxqprpmhxue69uhkummnw3ezu6nxd9ekx6r9wghx7un8qyfhwumn8ghj7et0wd6xzemjv9kjucm0d5hryf2v discuss Antpool’s invalid mining jobs, the role of Stratum v3, and why Datum is making moves while others stall. [BR093]
nostr:nprofile1qqs976gg9npqm0wjtveqavxru70nha4peyhxqc35f88nyf9slgg7m2gppemhxue69uhkummn9ekx7mp0qyghwumn8ghj7mn0wd68ytnhd9hx2tc8y9mqg recently made a PR to merge CTV into Core with no activation code- reigniting the debate on covenants.
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygpz4mhxue69uhkummnw3ezumtfd3hh2tnvdakqz9mhwden5te0wfjkccte9e3h2unjv4h8gtnx095sqjae49 , nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spr9mhxue69uhhyetvv9ujumn0wd68yct5dyhxxmmd9uq3samnwvaz7tmwdaehgu3wvekhgtnhd9azucnf0ghs23v25a & nostr:nprofile1qqs9zmjarqm2tq3yc4csnhqjhdyhsgpx5ns443xugd7qtl7ma53wzxqprpmhxue69uhkummnw3ezu6nxd9ekx6r9wghx7un8qyfhwumn8ghj7et0wd6xzemjv9kjucm0d5hryf2v make their case for why CTV is good for #bitcoin, and suggest how we move the debate forward, in BR093.
Miniscript moves forward 🚀
nostr:nprofile1qqs9v9et20mnqagtgrnrc5qmzcrgmkt2y3087p23vawqlmyczlhfdcqpzfmhxue69uhhqatjwpkx2urpvuhx2ucpramhxue69uhkummnw3ezuumf0p6x2etwwd5hsaredahx2tnrdaks4xf7az updates COLDCARD firmware, improving UX for Miniscript wallets like AnchorWatch.
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvqy2hwumn8ghj7mn0wd68ytndd9kx7afwd3hkcd62swf & nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spz4mhxue69uhkummnw3ezummcw3ezuer9wchszythwden5te0dehhxarj9emkjmn99ulw5uvg break down the firmware changes that make #miniscript more reliable, reducing friction while keeping security tight. 🔒 [BR093]
Podcasting is open. Comments should be, too.
With #nostr, it’s finally a reality.
nostr:nprofile1qqswfa547pdmqkerzf2uen3agudc67wxffjmenqpge3dylc006fppyspzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgswaehxw309ahx7um5wgh8w6twv56t40fd discusses nostr:nprofile1qqsx2wyjt6lmvc05rrvv05r5hm3w3t7h0pcpmkyswrpd4ymd2u09tscpr4mhxue69uhkummnw3ez6ur4vgh8wetvd3hhyer9wghxuet5qy28wumn8ghj7un9d3shjtnyv9kh2uewd9hsu8nagh's nostr-based approach to creating a decentralized, cross-app commenting system in BR082.
The Rapid Evolution of #Nostr 🚀
Nostr’s evolution is compressing decades of progress into mere months. From raw, technical beginnings to something anyone can use. nostr:nprofile1qqsdv8emcke7k3qqaldwv956tstu40ejg663gdsaayuuujs6pknw7jsprpmhxue69uhhqun9d45h2mfwwpexjmtpdshxuet5qyt8wumn8ghj7un9d3shjtnwdaehgu3wvfskueqazdxr7 puts it in perspective in BR083.
Bybit’s hack shows Ethereum’s deep flaw: hardware wallets can't properly verify transactions. Users sign blind.
#Bitcoin's UTXO model, by contrast, ensures clarity in transactions. The difference? A $1.4B mistake. 🪦
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvqy2hwumn8ghj7mn0wd68ytndd9kx7afwd3hkcd62swf , nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spz4mhxue69uhkummnw3ezummcw3ezuer9wchszythwden5te0dehhxarj9emkjmn99ulw5uvg & nostr:nprofile1qqswlwjv80p52kxjplc2gv7asxs0hnsvxu6d0dte6mgzpkrznw7uk7gpz3mhxue69uhhyetvv9ujuerpd46hxtnfduer488l weigh in. [BR093]
Change verification is a must for wallet security.
If you send 1 BTC from a 100 BTC UTXO, that 99 BTC needs to come back to you. Many wallets ignore this.
nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spz4mhxue69uhkummnw3ezummcw3ezuer9wchszythwden5te0dehhxarj9emkjmn99ulw5uvg & nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvqy2hwumn8ghj7mn0wd68ytndd9kx7afwd3hkcd62swf highlight this critical security oversight in BR093.
🚨 Malicious PyPI package ‘set-utils’ was stealing Ethereum private keys by hooking wallet functions.
Disguised as a widely used library, it sat in the background, waiting for crypto operations.
nostr:nprofile1qqsw3znfr6vdnxrujezjrhlkqqjlvpcqx79ys7gcph9mkjjsy7zsgygprpmhxue69uhhyetvv9ujuumwdae8gtnnda3kjctvqy2hwumn8ghj7mn0wd68ytndd9kx7afwd3hkcd62swf , nostr:nprofile1qqsvak4cr0jzaarahhn98a9602e94sa2xt8u9dnjac8cns86lzp0z0spz4mhxue69uhkummnw3ezummcw3ezuer9wchszythwden5te0dehhxarj9emkjmn99ulw5uvg & nostr:nprofile1qqs9zmjarqm2tq3yc4csnhqjhdyhsgpx5ns443xugd7qtl7ma53wzxqprpmhxue69uhkummnw3ezucmpwfkx7um5ddjzucmgqyv8wumn8ghj7mn0wd68ytn2ve5hxcmgv4ezummjvu4ls7eq break down why this keeps happening in BR093.