The release candidate for Core Lightning v24.08 is here, with Shahana Farooqi as Release Captain.
Shoutout to the 21 contributors, including 8 newcomers, for 341 commits!
Your feedback fuels open-source projects—fire up your testing environment and help polish the final release.
Access CLN v28.08rc1 here. ⬇️
https://github.com/ElementsProject/lightning/releases/tag/v24.08rc1
Join the CLN development conversation in the Discord. 👇
Greenlight redefines Bitcoin Lightning payment integration.
https://youtube.com/shorts/lF0bA6I6Xrg
Access developer certificates, get up to 1K nodes spun up in seconds. ⬇️
Become more strategic with your Bitcoin stacking.
Discover tips on timing the mempool, wallet fee control features, and UTXO management with Drew.
This week, Blockstream Local is excited to support the AZ Bitcoiners meetup with a nostr:npub1nyyhnqahf3cgqzcc927x7eqyd2msgplfe27ddn6hpgu2m200wh2s0s7gan BTC drop for attendees to use while exploring Bitcoin's layer-2 technology.
https://www.meetup.com/azbitcoin/events/301821736/?slug=azbitcoin&eventId=301821736
Unlike traditional custodial wallets, no single entity can move the funds from the nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcqyzvsj7vrkax8pqqtrq4tcmmyq34twpq8a89te4k02u9r3tdfaa6a2cvlzu4 Federation multisig, nullifying the risk of rogue operators.
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qg4waehxw309ahx7um5wghx77r5wghxgetk9uq3samnwvaz7tmwdaehgu3wvekhgtnhd9azucnf0ghsz8thwden5te0dehhxarj94ex2mrp0yh8wmrkwvh8xurpvdjj7qgwwaehxw309ahx7uewd3hkctcqyqpq7tfp4cym7d0um7m9mm83g79cgm6lw29txrz7427dd5yp4qwruf2vygz explains on the nostr:nprofile1qy88wumn8ghj7mn0wvhxcmmv9uq32amnwvaz7tmjv4kxz7fwv3sk6atn9e5k7tcqyzqqgw4fkgas69g3kjtp3n7y30s6kjmal9dp8g3gnwfndhmur03mv896x6k podcast.
Experience your Jade at full power!
Whether you're setting up your first device, tinkering with firmware, or moving into multisig and nostr:npub1nyyhnqahf3cgqzcc927x7eqyd2msgplfe27ddn6hpgu2m200wh2s0s7gan assets, bookmark this portal as your go-to resource!
https://blockstream.com/jade/your-jade/
Onboarding new #Bitcoiners to self-custody?
Send them to the Jade overview page to start their journey. 🚀
Want more ways to get involved in the Jade ecosystem?
https://blockstream.com/affiliates/
Incorporate Jade into your Bitcoin advisory business.
The BMN 2 is available now for qualified investors on stokr.io
Learn how Dr. nostr:npub1qg8j6gdwpxlntlxlkew7eu283wzx7hmj32esch42hntdpqdgrslqv024kw and the Blockstream team engineered the BMN 1 that netted returns of up to 102% over its three-year term for holders.
Learn how Stable Channel software, pioneered on the open-source CLN Lighting implementation works with Tony Klausing on the nostr:npub1r8l06leee9kjlam0slmky7h8j9zme9ca32erypgqtyu6t2gnhshs3jx5dk podcast.
Today we disclose Dark Skippy - a powerful new method for a malicious signing device to leak secret keys.
With a modified signing function, a device can efficiently and covertly exfiltrate a master secret seed by embedding it within transaction signatures
https://darkskippy.com/demo.mp4
If an attacker manages to corrupt a signing device, Dark Skippy can deliberately use weak & low entropy secret nonces to embed chunks of the seed words into transaction signatures.
It takes just two input signatures to leak a 12 word seedphrase onto the Bitcoin blockchain.
The attacker can watch on-chain until they spot an affected transaction, unblind and invert the low entropy nonces using an algorithm like Pollard's Kangaroo algorithm to learn the master secret seed.
Then the attacker can wait and steal the funds whenever they decide best.
Despite this attack vector not being new, we believe that Dark Skippy is now the best-in-class attack for malicious signing devices.
- The attack is impractical to detect
- Requires no additional communication channels
- Effective on stateless devices
- Exfils master secret
Beyond ensuring your device firmware is genuine and honest (opensource), mitigations include anti-exfil signing protocols and we present some new ideas for additions to PSBT specifications to disrupt this attack.
We encourage mitigation discussion and implementation exploration.
This attack highlights the importance of verifying and securing your device's firmware, and the danger of sharing stateless signing devices with other people.
We will be publicly releasing our code later this year.
Authors: nostr:npub1xh897wvhn93tda0zws94mdyc7eagc8qm0798clp7x48zh6kjwazq29gst6 (follow him so he gets onto nostr), Robin Linus, and myself.
If you have any concerns or questions we recommend checking out the FAQ page on our website:
Since the launch of Jade in 2021, the anti-exfil protocol has safeguarded our hardware wallet users from the devastating and undetectable attacks demonstrated by the recent Dark Skippy disclosure.
nostr:note1ra4j0uct37w8ntapl90x0jvt0nl3axxxf25h4plr6guzp69zujfqjgk7md
Jade users can learn more about how anti-exfil stops malicious key extraction in the original blog post by the director of Blockstream Research Andrew Poelstra.
https://blog.blockstream.com/anti-exfil-stopping-key-exfiltration
Visit store.blockstream.com and use the code DARKSKIPPY for 10% off if you think it’s time that you got your hands on an open-source Bitcoin hardware wallet that is resilient to this class of attack.
Code valid until midnight August 9th.
Gain insights into Bitcoin's volatility from Yves Choueifaty, the President of Tobam Investments, in an interview with the French Senate 10 years ago!
nostr:npub1jg552aulj07skd6e7y2hu0vl5g8nl5jvfw8jhn6jpjk0vjd0waksvl6n8n What’s the best way to consolidate UTXOs with Blockstream Jade and Green Wallet (iOS)? Is there a way to do this though the mobile app (I don’t have access to Green Wallet on Mac or PC)? Or do your recommend creating a receive address and just sending all Bitcoin to that receive address (I.e. just send to myself)? Thanks
Generating a receive address and sending all fund to yourself is an effective way to consolidate your UTXOs if you are working mobile only, but you should understand the privacy implications before you start.
Find out more here. ⬇️
🚨 Reminder: Blockstream will NEVER ask for your seed phrase. Keep it safe!
🔒 Do NOT:
Enter your seed on any website
Click on emailed links
Download unsolicited software
Respond to Telegram DMs
Stay vigilant; hackers are out to steal your Bitcoin! 💪
Blockstream Green 4.0.31 is live on Android and iOS with key updates:
⚡️ nostr:npub1mu7nv2jkaq4xausnn098xc8tp3gzgf2w5r2cj68x8dnns0rktmysnsj5cl SDK updated
🛠 Fixes for Lightning accounts
🚦 Improved channel closure UX
🔔 New swap notifications to reduce closures
Upgrade now for a smoother experience! ⬇️
Check out the latest update to the Core Lightning CLBOSS Plugin: "Bwahaha's Dominion"!
CLBOSS automates node management tasks like channel creation, balancing, & fee monitoring. New features include Signet support & improved diagnostics.
H/t Ken & nostr:npub19z2uxvxz8uurr9kqa7vgmek6swurk3vra40ec8kmpf2eemx3lyqq6zfkd4.
Maximize your Bitcoin savings by leveraging an exchange with free Lightning withdrawals like Cash App or nostr:npub1ex7mdykw786qxvmtuls208uyxmn0hse95rfwsarvfde5yg6wy7jq6qvyt9 and swapping to the nostr:npub1nyyhnqahf3cgqzcc927x7eqyd2msgplfe27ddn6hpgu2m200wh2s0s7gan.
Follow our step-by-step guide with Drew.
Last chance to stack another @BlockstreamJade at booth #631 and get 10% off when paying in #Bitcoin!
Learn more about #Bitcoin Core with it’s builders and maintainers at the Open Source Stage!
Explore the future of Lighting! Starting now at the Open Source Stage!
Last chance to join the world famous #Bitcoin Larp!
Starting now! ❄️
Learn how FROST is entering the hardware wallet ecosystem!
Join the Blockstream team at booth #631 to chat all things Jade!
Signal Alert! 🚨
Get to the Open Source Stage now!
Greenlight Lead Christian Decker explains how Greenlight makes it easy to start integrating Lightning in your next app on the What Bitcoin Did podcast.