BR093 - ECDSA Key Extraction, ESP32 Security Concerns, COLDCARD, Cove Wallet, Krux, Nunchuk, Invalid Mining Jobs, Javascript Injection Attack, CTV Back on the table? + MORE ft. Rob & Vivek
Update: 2025-03-13
Description
I'm joined by guests Rob Hamilton & Vivek to go through the list.
Housekeeping
(00:01:18 ) Unleashed.chat rebrands to dataMachine
Urgent Vulnerability Disclosures
(00:01:52 ) Private key leak via malformed ECDSA input
(00:09:12 ) ESP32 Security Concerns
(00:21:32 ) Coinos revokes NWC connection secrets
Vivek's Corner
(00:22:51 ) Invalid mining jobs by AntPool & friends during forks
Bitcoin
• Software Releases & Project Updates
(00:37:44 ) COLDCARD
(00:52:47 ) Sparrow Wallet
(00:54:33 ) Lark
(00:55:03 ) Krux
(00:56:37 ) Cove Wallet
(00:59:09 ) Nunchuk Desktop
(01:00:32 ) BTCPayServer
(01:00:44 ) Bitcoin Keeper
(01:01:25 ) BlueWallet
(01:02:08 ) Bitcoin Safe
(01:03:15 ) Bitkey App
(01:04:05 ) libwally-core
(01:06:00 ) Bisq2
(01:06:04 ) RoboSats
(01:06:08 ) Boltz Exchange
(01:06:10 ) Zaprite
(01:06:13 ) Blockstream Explorer API
(01:07:22 ) Mempal
(01:07:29 ) Iris Wallet desktop
(01:07:31 ) Utreexo
(01:07:34 ) ESP Miner
• Project Spotlight
(01:07:38 ) Reorg Calculator
(01:07:51 ) Bitcoin Core Config Generator
(01:09:05 ) Bitcoin Core Snapshots
(01:09:11 ) Boot Protocol
(01:09:18 ) multisig-backup
(01:09:58 ) Wallet backup
(01:10:04 ) regtest-in-a-pod
Vulnerability Disclosures
(01:11:56 ) JavaScript injection attack
(01:15:05 ) Malicious PyPI package 'set-utils' steals Ethereum private keys
(01:16:57 ) OpenSSH vulnerabilities expose clients and servers to attacks
(01:17:05 ) USB side-channel attacks
(01:17:37 ) Cellebrite
(01:17:49 ) Messengers vulnerabilities
(01:17:56 ) GitVenom
(01:18:10 ) Stablecoin payment firm Infini loses $50M in exploit
(01:18:18 ) Five dollar wrench attacks
Audience Questions
(01:20:00 ) Comment on a flaw in Bitcoin Core regarding mining pools and their vulnerability against block withholding attacks
Nostr
• Project spotlight
(01:22:32 ) 24242.io
(01:22:49 ) nostr.media
(01:22:58 ) Frostr
(01:23:33 ) nostr-double-ratchet
(01:23:44 ) DVMCP
(01:23:53 ) Samiz
(01:24:00 ) Welshman
(01:24:09 ) Norma
(01:24:20 ) Wallet Relay
(01:24:27 ) Nostr0
(01:24:35 ) nAuth Protocol
(01:24:43 ) Hostr
Boosts
(01:25:36 ) Shoutout to top boosters @sean, @pink monkey, @Anonymous, @martinbarilik, @Momo Tahmasbi & @jespada.
Links & Contacts:
Website: https://bitcoin.review/
Substack: https://substack.bitcoin.review/
Twitter: https://twitter.com/bitcoinreviewhq
NVK Twitter: https://twitter.com/nvk
Telegram: https://t.me/BitcoinReviewPod
Email: producer@coinkite.com
Nostr & LN: ⚡nvk@nvk.org (not an email!)
Full show notes: https://bitcoin.review/podcast/episode-93
Housekeeping
(00:01:18 ) Unleashed.chat rebrands to dataMachine
Urgent Vulnerability Disclosures
(00:01:52 ) Private key leak via malformed ECDSA input
(00:09:12 ) ESP32 Security Concerns
(00:21:32 ) Coinos revokes NWC connection secrets
Vivek's Corner
(00:22:51 ) Invalid mining jobs by AntPool & friends during forks
Bitcoin
• Software Releases & Project Updates
(00:37:44 ) COLDCARD
(00:52:47 ) Sparrow Wallet
(00:54:33 ) Lark
(00:55:03 ) Krux
(00:56:37 ) Cove Wallet
(00:59:09 ) Nunchuk Desktop
(01:00:32 ) BTCPayServer
(01:00:44 ) Bitcoin Keeper
(01:01:25 ) BlueWallet
(01:02:08 ) Bitcoin Safe
(01:03:15 ) Bitkey App
(01:04:05 ) libwally-core
(01:06:00 ) Bisq2
(01:06:04 ) RoboSats
(01:06:08 ) Boltz Exchange
(01:06:10 ) Zaprite
(01:06:13 ) Blockstream Explorer API
(01:07:22 ) Mempal
(01:07:29 ) Iris Wallet desktop
(01:07:31 ) Utreexo
(01:07:34 ) ESP Miner
• Project Spotlight
(01:07:38 ) Reorg Calculator
(01:07:51 ) Bitcoin Core Config Generator
(01:09:05 ) Bitcoin Core Snapshots
(01:09:11 ) Boot Protocol
(01:09:18 ) multisig-backup
(01:09:58 ) Wallet backup
(01:10:04 ) regtest-in-a-pod
Vulnerability Disclosures
(01:11:56 ) JavaScript injection attack
(01:15:05 ) Malicious PyPI package 'set-utils' steals Ethereum private keys
(01:16:57 ) OpenSSH vulnerabilities expose clients and servers to attacks
(01:17:05 ) USB side-channel attacks
(01:17:37 ) Cellebrite
(01:17:49 ) Messengers vulnerabilities
(01:17:56 ) GitVenom
(01:18:10 ) Stablecoin payment firm Infini loses $50M in exploit
(01:18:18 ) Five dollar wrench attacks
Audience Questions
(01:20:00 ) Comment on a flaw in Bitcoin Core regarding mining pools and their vulnerability against block withholding attacks
Nostr
• Project spotlight
(01:22:32 ) 24242.io
(01:22:49 ) nostr.media
(01:22:58 ) Frostr
(01:23:33 ) nostr-double-ratchet
(01:23:44 ) DVMCP
(01:23:53 ) Samiz
(01:24:00 ) Welshman
(01:24:09 ) Norma
(01:24:20 ) Wallet Relay
(01:24:27 ) Nostr0
(01:24:35 ) nAuth Protocol
(01:24:43 ) Hostr
Boosts
(01:25:36 ) Shoutout to top boosters @sean, @pink monkey, @Anonymous, @martinbarilik, @Momo Tahmasbi & @jespada.
Links & Contacts:
Website: https://bitcoin.review/
Substack: https://substack.bitcoin.review/
Twitter: https://twitter.com/bitcoinreviewhq
NVK Twitter: https://twitter.com/nvk
Telegram: https://t.me/BitcoinReviewPod
Email: producer@coinkite.com
Nostr & LN: ⚡nvk@nvk.org (not an email!)
Full show notes: https://bitcoin.review/podcast/episode-93
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
x
