PSA: you can write a naive LNURL server with Bun and Coco in less than 40 lines of code.

Please try signing into the Web app using a browser extension like GetAlby or Nos2x.

Signing in this way will prevent this error from occurring

floppy is a deeply irresponsible, immoral and sad person. this is the final chapter of his already ruined reputation.

he’s so deranged that his entire existence revolves around hating cashu. imagine being so obsessed with a protocol that you waste your life attacking the people actually building the infrastructure for bitcoin.

two weeks ago, he disclosed a denial-of-service bug, which we immediately patched and even paid him a small bounty for reporting. since then, he’s been cryptically tweeting about it nonstop — and now, just two weeks later, he’s threatening to DoS any mint that hasn’t updated yet.

if you support this person in any way — through conference invites, collaborations, or funding — you’re associating yourself with one of the worst individuals in bitcoin.

don’t forget: this is someone who was once banned from the bitcoin mailing list for threatening to murder a core dev. people tend to forget what kind of subhuman scum hides among us.

maybe one day he’ll actually create something useful. have you ever seen one of his projects in use? where’s all that privacy tech he loves to larp about? exactly. he’d rather sit drunk in his lonely cave, obsessing over cashu.

update to nutshell 0.18.0. a patch will follow soon for anyone already affected.

ignore. avoid. warn your peers.

story time. the recently disclosed nutshell cashu mint vulnerability is as ironic as it gets. it’s very similar to an inscription which is hilarious. as per the cashu spec, a HTLC must have a preimage witness size of 32 bytes.

unfortunately, the mint never checked the size before validating and storing it in its db. we simply overlooked it. since users never paid a fee that depends on the witness size (because we assumed it would be constant), this allowed the attacker to store jpgs of dickbutts in a mints database. for free!

fortunately there’s no messy consensus in cashu. every mint operator dictates their own rules. the fix is simple: now we reject all tokens with a witness that’s too large. those maliciously crafted tokens (of which we haven’t seen any in the wild) can’t be spent anymore.

i must admit, given my recent active engagement in the filter debate, this is probably the funniest exploit possible. i own this one and i’m giggling as i type this. it’s pure comedy.

however, this doesn’t mean the disclosure has gone well. the attacker has proven to be malicious and refused to coordinate with us. instead, he’s putting active mints at risk. this is not how responsible disclosure works. very unprofessional. if you run a mint or know someone who does, update to the latest version (0.18.1) where this issue is fixed. funds were never in danger.

it’s certainly worth a laugh. grill me. this one is simply too good. 😊

thanks to the entire cashu team for their amazing work and their swift reaction. you’ve handled it like pros.

Trying 3 different lightning wallets and it didn’t work

I said give me your fucking seed phrase.

Could this easily be used for NOSTR zaps etc?

Or are the sovran eSIMs data only?

Keychat users can generate multiple IDs. When they open a Mini App in Keychat browser and tap Extension Login, an ID list pops up, and the user selects which ID to log in with.

Cashu NUT-18 requrst still doesn't work, gives me the error in the image.

As for Lightning, payment now works, but when entering the preimage, it doesn't work. Using Phoenix Wallet.

The NUT-18 Cashu payment request for the Hello World test API doesn't work, at least not in Minibits. And Minibits supports NUT-18.

"Spam" doesn't have to be a bad thing.

It could be positive. Ie: walking down the mall and get a coupon code ...

The business could be incentivized to act as a hop to the internet because that wouldn't turn incentivize people to not block their spam.

lets play a game

guess the usd bitcoin price exactly a month from now

sep 26th 2025 - 0414 UTC

closest guess will be zapped 5555 sats

only guesses made within the next 24 hours qualify

(if i think you are a bot you are disqualified)

Thnx. 😊👍 Looks smoother. But, I have to press 3 times on the channel button „#21m“ to select them. (Under safari / apple)

Smooth scrolling! I especially like the various map options. What was the reasoning behind providing more than one option?

Isn't this beautiful? anon using #nostr without even knowing it.

#bitchat

Very cool heat map, What stack did you use, cursor, bolt? And what models?