Bitcoin.Review Podcast with NVK & Guests

Available Episodes

5 of 93

BR093 - ECDSA Key Extraction, ESP32 Security Concerns, COLDCARD, Cove Wallet, Krux, Nunchuk, Invalid Mining Jobs, Javascript Injection Attack, CTV Back on the table? + MORE ft. Rob & Vivek
I'm joined by guests Rob Hamilton & Vivek to go through the list.Housekeeping (00:01:18) Unleashed.chat rebrands to dataMachineUrgent Vulnerability Disclosures (00:01:52) Private key leak via malformed ECDSA input (00:09:12) ESP32 Security Concerns (00:21:32) Coinos revokes NWC connection secretsVivek's Corner (00:22:51) Invalid mining jobs by AntPool & friends during forksBitcoin • Software Releases & Project Updates (00:37:44) COLDCARD (00:52:47) Sparrow Wallet (00:54:33) Lark (00:55:03) Krux (00:56:37) Cove Wallet (00:59:09) Nunchuk Desktop (01:00:32) BTCPayServer (01:00:44) Bitcoin Keeper (01:01:25) BlueWallet (01:02:08) Bitcoin Safe (01:03:15) Bitkey App (01:04:05) libwally-core (01:06:00) Bisq2 (01:06:04) RoboSats (01:06:08) Boltz Exchange (01:06:10) Zaprite (01:06:13) Blockstream Explorer API (01:07:22) Mempal (01:07:29) Iris Wallet desktop (01:07:31) Utreexo (01:07:34) ESP Miner• Project Spotlight (01:07:38) Reorg Calculator (01:07:51) Bitcoin Core Config Generator (01:09:05) Bitcoin Core Snapshots (01:09:11) Boot Protocol (01:09:18) multisig-backup (01:09:58) Wallet backup (01:10:04) regtest-in-a-podVulnerability Disclosures (01:11:56) JavaScript injection attack (01:15:05) Malicious PyPI package 'set-utils' steals Ethereum private keys (01:16:57) OpenSSH vulnerabilities expose clients and servers to attacks (01:17:05) USB side-channel attacks (01:17:37) Cellebrite (01:17:49) Messengers vulnerabilities (01:17:56) GitVenom (01:18:10) Stablecoin payment firm Infini loses $50M in exploit (01:18:18) Five dollar wrench attacksAudience Questions (01:20:00) Comment on a flaw in Bitcoin Core regarding mining pools and their vulnerability against block withholding attacksNostr • Project spotlight (01:22:32) 24242.io (01:22:49) nostr.media (01:22:58) Frostr (01:23:33) nostr-double-ratchet (01:23:44) DVMCP (01:23:53) Samiz (01:24:00) Welshman (01:24:09) Norma (01:24:20) Wallet Relay (01:24:27) Nostr0 (01:24:35) nAuth Protocol (01:24:43) HostrBoosts (01:25:36) Shoutout to top boosters @sean, @pink monkey, @Anonymous, @martinbarilik, @Momo Tahmasbi & @jespada.Links & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: [email protected] & LN: ⚡[email protected] (not an email!)Full show notes: https://bitcoin.review/podcast/episode-93
--------
1:28:17
BR092 - Nostr Wallet Connect, DeepSeek, AI Coding, Sparrow, Bitcoin Keeper, Maple AI, Calculating Tx Sizes + MORE ft. Future Paul
I'm joined by guest Future Paul to go through the list.Prelude to the list (00:01:00) Conversation on AI and building with AIHousekeeping (00:22:02) New Coldcard Q tutorial by Loïc Morel (00:22:10) Looking for bitcoin builders to come on the show (00:23:13) Unleashed.Chat Update (00:23:19) NWC and Olas/PrimalUrgent Vulnerability Disclosures (00:37:17) Replacement Cycling Attacks on Bitcoin Miners Block TemplatesBitcoin • Software Releases & Project Updates (00:37:34) Sparrow Wallet (00:41:08) BDK (00:41:35) Bitcoin Keeper (00:42:40) Wasabi Wallet (00:42:43) Blockstream (00:43:06) Electrs (00:43:44) Umbrel (00:44:29) Bisq (00:44:40) Bisq2 (00:44:51) Zaprite (00:45:54) Mempal (00:46:04) Bitcoin Safe (00:48:50) ESP Miner• Project Spotlight (00:49:02) cbip32 (00:49:15) StackStates (00:49:21) Instamouse bitcoin (00:50:24) Iris Wallet Desktop (00:50:43) Explorer.timechainindex (00:50:54) txTree (00:50:58) HurriCash (00:51:29) The Bitcoin Trail (00:51:41) Bitcoin Laws (00:51:50) CoinMarketCrapVulnerability Disclosures (00:54:19) Researchers uncover two security flawsin Apple's A and M-series chips (00:54:33) Kaspersky identifies malware in both Google Play and Apple's App Store (00:54:40) Exploit targets users on adult sites via Phantom or Trust Wallet browser (00:56:30) Lazarus Group deploys electron-based malware to steal cryptocurrency data (00:56:36) Coinbase users lose millions to social engineering scams amid security failures (00:56:57) Phemex suffers $85 million hack (00:57:56) NoOnes suffers $8 million exploit due to Solana bridge vulnerability (00:58:40) Deepseek exposes over a million plaintext chat records (00:58:16) Five dollars wrench attacksAudience Questions (01:00:55) Why, when you sign a transaction on the COLDCARD, does it generate 2 files? (01:01:50) P1: What's the maximum number of outputs there can be for a bitcoin transaction? (01:03:43) P2: Is there any way to estimate what the size that a transaction will be depending on it's number of outputs? (01:04:13) Does using a passphrase offer any protection against a malicious hardware wallet?Privacy & Other Related Bitcoin Projects • Software Releases & Project Updates (01:06:10) Maple AI (01:06:20) SimpleX (01:11:00) TailsOS (01:13:24) Reticulum MeshChat (01:25:26) Mullvad VPNLightning + L2+ • Project spotlight (01:26:17) Ark Wallet SDKBoosts (01:26:35) Shoutout to top boosters Anonymous & AVERAGE_GARYLinks & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: [email protected] & LN: ⚡[email protected] (not an email!)Full show notes: https://bitcoin.review/podcast/episode-92
--------
1:29:06
BR091 - AnchorWatch Trident Vault, Ledger Co-founder Kidnapped, Blue Wallet, M17, The Case for Multi-vendor Setups, Tails removes HWW Support + MORE ft. Craig & Rob
I'm joined by guests Craig Raw and Rob Hamilton to go through the list.Housekeeping (00:01:11) Ross Ulbricht receives a pardon from President Trump (00:03:44) New Marketing Manager opening at Coinkite (00:03:48) Exchanges added to BitcoinSecurity.guide (00:04:15) Olas - new nostr app (00:04:48) Call for guestsUrgent Vulnerability Disclosures (00:05:58) Ledger co-founder David Balland released after kidnapping (00:12:28) AxeOS CSRF VulnerabilityBitcoin • Software Releases & Project Updates (00:12:58) AnchorWatch (00:47:28) Bitcoin Core (00:48:10) Wasabi Wallet (00:48:15) BDK (00:48:27) Nunchuk Android (00:48:37) Specter Desktop (00:49:02) Bitcoin Keeper (00:49:18) Blue Wallet (00:50:32) BTC Pay Server (00:55:39) Liana (00:55:58) Blockstream Green QT (00:57:58) BoltzExchange (00:58:00) Live Wallet (00:58:11) Kyoto (00:58:19) ESP-Miner (00:58:21) Bitcoin Safe (00:58:40) BTC Map• Project Spotlight (00:58:44) Bitaxe Touch (00:58:51) Coinswap (00:59:20) Scure (00:59:28) Bitcoin Is Data (00:59:43) Qoinstr (00:59:53) TollGateVulnerability Disclosures (01:01:27) 0-click deanonymization attack targets Cloudflare-backed apps (01:02:00) UEFI secure boot vulnerability allows malicious bootkit deployment (01:02:23) Google Ad directs users to malicious homebrew clone (01:03:01) Critical rsync vulnerability on Linux and Unix systems (01:03:31) January 2025 Patch Tuesday (01:03:48) Unsecured tunneling protocols expose 4.2 million hosts (01:03:58) Apple's CUPS printing system vulnerable to spoofing attacks (01:04:11) Thomas Roth demonstrates code execution on Apple's ACE3 USB-C controller (01:05:32) Five dollar wrench attacksPrivacy & Other Related Bitcoin Projects • Software Releases & Project Updates (01:07:17) Tails (01:09:52) Module_17Boosts (01:12:29) Shoutout to top boosters Anonymous, manbyt, agichoote & btconboardLinks & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: [email protected] & LN: ⚡[email protected] (not an email!)Full show notes: https://bitcoin.review/podcast/episode-91
--------
1:16:21
BR090 - COLDCARD, BullBitcoin, Bitcoin Safe, miningpool-observer, Zero Fee/P2PK Playgrounds, Tangem Private Keys Exposed, Proton Wallet Vuln, Signatures Explained, "Not Enough UTXOs!" + MORE ft. Rob
I'm joined by guest Rob Hamilton to go through the list.Housekeeping (00:01:37) Verify-address over NFC using a Coldcard Q and BDK iOS example walletVulnerability Disclosures (00:18:57) New fake Ledger data breach emails try to steal crypto wallets (00:20:51) Cryptocurrency hardware wallet Tangem fixes app bug (00:26:03) Irrevocable fees—stealing from LN using revoked commitment transactions (00:27:13) Zellic identified a vulnerability in Proton Wallet's preview versionBitcoin • Software Releases & Project Updates (00:28:29) Coldcard Edge (00:33:00) BLOCKCLOCK (00:33:36) BDK (00:33:50) Nunchuk (00:34:19) BullBitcoin Mobile (00:36:59) Bitcoin Keeper (00:37:21) Electrs (00:39:20) BTCPayServer (00:39:36) rust-payjoin (00:39:45) Krux installer (00:39:55) Frostsnap (00:40:42) Bitcoin Safe (00:42:03) Blockstream Satellite (00:42:28) Raspiblitz (00:42:39) Ashigaru (00:45:02) BoltzExchange (00:45:04) Mempal (00:45:11) Zaprite (00:45:13) ESP-Miner• Project Spotlight (00:45:18) Satoshi (00:45:28) Joinstr (00:45:33) miningpool-observer (00:46:51) Dojo Bay (00:46:56) Nightly Bitcoin Core Tests (00:47:04) Nigiri (00:47:15) Run Litd (00:47:28) bllsh (00:48:05) Btceed (00:48:12) Zero Fee Playground (00:49:17) P2PK Playground (00:50:51) Bitcoin Testnet4 Faucet (00:50:58) Hashteroids (00:51:07) Community Hub by My First BitcoinMajor/Urgent Vulnerability Disclosures (00:51:39) Oasis discovers a critical flaw in Microsoft's Multi-Factor Authentication system (00:51:53) Five dollar wrench attacks (00:52:40) Two men fall victim to phishing scams, in May 2024 (00:55:28) Apache MINA's CVE-2024-52046 flaw (00:55:37) WPA3 vulnerability (00:56:07) Hackers compromise 16 Chrome extensions (00:56:54) Symlink exploitAudience Questions (00:57:32) Can you explain how signatures work for spending Bitcoin? (01:01:04) When people say "there's not enough UTXOs for everyone to have one". How do you quantify that? (01:06:20) I have a legacy address that starts with 1 wirh some BTC Should I be worried about CC? (01:07:16) Why should anyone, except maybe millionaires, self custody? (01:10:20) If BTC must be essentially be held in custody, then why use BTC over gold?Boosts (01:13:47) Shoutout to top boosters @Ape Mithrandir, @shadowysuperbadger, @user40113771, @btconboard, @Leurico8 & @Juan.News & Noteworthy • Encryption (01:16:45) NIST proposes to standardize wider variant of AES• Funding (01:17:40) OpenSats Ninth Wave of Nostr Grants (01:17:47) Spiral renews its grant to BTCPayServer (01:17:49) HFR donates 7 bitcoin to fund Bitcoin development and projects (01:17:53) Btrust its Q4 2024 Btrust grant recipients• Mining (01:18:12) GreenpeaceUSA's campaign to modify Bitcoin's proof-of-work likely ended• Privacy (01:18:29) Samourai Wallet pretrial hearing postponed to March 12, 2025 (01:19:59) Russian government directs ISPs to identify users accessing blocked content via VPNs• Government & Political (01:20:14) Craig Wright is handed a one-year suspended sentence in the UKLinks & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: [email protected] & LN: ⚡[email protected] (not an email!)Full show notes: https://bitcoin.review/podcast/episode-90
--------
1:23:15
BR089 - Lark, Security Tradeoffs Masterclass, Bitcoin Quantum Risks, WabiSabi Deanonymization, Core Txn Broadcast, Better Wallet Migration, Scaling Bitcoin, Bullish Sentiments + MORE ft. Craig & Rob
I'm joined by guests Craig Raw and Rob Hamilton to go through the list.Major/Urgent Vulnerability Disclosures (00:01:18) Transaction-Relay Throughput Overflow Attacks against Off-Chain Protocols (00:01:53) Vulnerability in WabiSabi coinjoin protocol Bitcoin • Software Releases & Project Updates (00:19:59) Rust Payjoin (00:32:48) Lark (01:12:40) Bitcoin Keeper (01:13:23) Blue Wallet (01:13:33) Floresta (01:13:44) Labelbase (01:14:17) BDK (01:14:26) FullyNoded (01:14:43) BTCPay Server (01:14:52) Zaprite (01:14:54) Peach (01:14:55) Boltz boltz-web-app (01:14:56) ESP-Miner (01:14:58) Clams remote (01:14:59) Mempal (01:15:07) Kyoto (01:15:20) LifPay• Project Spotlight (01:16:09) Specter Shield Lite (01:16:17) Covenants support (01:18:08) Kibo (01:18:20) Saving Satoshi (01:18:28) Fully Noded Server (01:18:30) Timestamp (01:18:49) Satoshee (01:19:06) hass-miner (01:19:12) Entropy (01:19:20) PlebDev Starter CourseMajor/Urgent Vulnerability Disclosures (01:19:29) Droidbot targets banking and crypto apps in Europe (01:19:36) SD Express Card vulnerability exposes memory access risks (01:19:47) Malicious Solana web3.js exposes private keysAudience Questions (01:24:05) How do NVK and the guests feel about Google's Willow quantum chip (01:30:01) Can NVK and the guests comment on James OB's recent TweetLinks & Contacts:Website: https://bitcoin.review/Substack: https://substack.bitcoin.review/Twitter: https://twitter.com/bitcoinreviewhqNVK Twitter: https://twitter.com/nvkTelegram: https://t.me/BitcoinReviewPodEmail: [email protected] & LN: ⚡[email protected] (not an email!)Full show notes: https://bitcoin.review/podcast/episode-89
--------
2:03:11