pull down to refresh

BTCPP Floripa 2026 - Hackathon Megathread
5334 sats \ 14 comments \ @alex_lewin 4h bitcoinplusplus

Greetings Hackers!

Post your hackathon project as a reply in this thread! Whoever has the most sats by the end of the day will win the "Community Favorite" prize!

Please use the following format:

## [Project Name]

### Team:
	•	[Name 1] – [GitHub/Twitter/Nostr/etc.]
	•	[Name 2] – [GitHub/Twitter/Nostr/etc.]
	•	[Add more if needed]

### What We Built (1–3 sentences):
[Clear, direct description of your project. Include screenshots / videos if relevant]

### Stack:
[Bitcoin layer/primitives used, frameworks, languages, tools.]

### Submission: 
[Link to loot submission]

### Repo:
[Link to GitHub/GitLab/etc.]

### Next Steps:
[What you’re improving, shipping next, or help you’re looking for.]
write
preview
related posts
0 replies \ @adlai 3h

FYI the ### headings only work in posts. for comments using boldface is the replacement, or maybe nesting bullets

reply
2511 sats \ 0 replies \ @0xB10C 1h

localprobelocalprobe

Team:Team:

What We Built:What We Built:

If your browser (Firefox does; Chrome/Brave/Edge are ok) leaks that are running a Bitcoin node (mainnet/testnets) on the same machine as your browser, localprobe alerts you about it by showing a privacy alert when you visit a website. Currently, https://b10c.me does (test by running bitcoind -regtest and visiting https://b10c.me). This leak might be used by e.g. advertisers to show you Bitcoin related ads.

Stack:Stack:

plain JS

Submission:Submission:

https://loot.fund/hackathons/bitcoin-exploits-edition/applications/13

Repo:Repo:

https://gist.github.com/0xB10C/4e6b3d8394bb375323e887945091ead5

Next Steps:Next Steps:

Using the same technique, we can actually harm remote Bitcoin nodes by DDoSing them from the browser. I've been working on a demo of this.

reply
2839 sats \ 0 replies \ @johnnyasantos 3h freebie

MinesploitMinesploit

Team:Team:

What We Built:What We Built:

Security research framework for Bitcoin mining infrastructure. Hypothesis-first design: spin up a Stratum server, connect a real CPU miner, test your attack.

Example: pool = StratumServer().start(); miner = CPUMiner(pool=pool).start(); — now you're mining with real hashrate, ready to test your hypothesis.

While stress-testing Stratum V2 we found an interesting bug regarding share accounting (responsible disclosure in progress 👀).

Stack:Stack:

  • Python 3.10+ (async/await, type hints, uv)
  • Exploits: 18 CVEs (Bitcoin Core, Stratum, cgminer)
  • Protocols: Stratum V1 client/server/MITM proxy/sniffer, Stratum V2 (translator), P2Pool scanner
  • Utilities: TCP/SSL, JSON-RPC & mining message parsers, crypto (hash256/hash160/merkle), port scanner
  • REPL: Interactive shell with check/run/verify, tab completion, scriptable
  • CPUMiner: Docker-wrapped mujina for real hashrate testing

Repo:Repo:

https://github.com/johnnyasantoss/minesploit

Next Steps:Next Steps:

  • More protocol implementations
  • Stratum V2 bindings for easier testing
  • Contributions welcome
reply
3024 sats \ 2 replies \ @MurdawkAV 3h

Signal21Signal21

Team:Team:

  • murdawkmedia – github.com/murdawkmedia

What We Built:What We Built:

The exploit at bitcoin++ isn't code — it's your calendar. The 40HPW meme exists because the Bitcoin rabbit hole is real: podcasts, YouTube channels, meetup streams, RSS feeds. Signal21 exploits that exploit back. Configure your sources and topics once, pay 21 sats, and get a single AI-synthesized audio briefing — deduplicated, filtered to what you actually care about, streaming to your browser before it's even done generating. Time is the only non-renewable resource. We built the reclaim button.

Stack:Stack:

  • Backend: Python / FastAPI, async parallel feed fetching
  • Transcription: yt-dlp + Gemini 2.5 Flash fallback (handles missing captions automatically)
  • Script synthesis: Gemini 2.5 Flash via OpenRouter (reads thousands of lines, writes one broadcast-ready narrative)
  • TTS: ElevenLabs streaming (zero-latency, audio starts before generation ends)
  • Paywall: LNURL-pay via coinos.io — 21 sats to unlock a generation
  • Frontend: Pure HTML/JS + Tailwind, cyberpunk aesthetic

Submission:Submission:

https://loot.fund/hackathons/bitcoin-exploits-edition/application/create/new

Repo:Repo:

https://github.com/murdawkmedia/signal21

Next Steps:Next Steps:

  • Persistent user feeds (save your sources, not just one-shot)
  • Nostr integration — zap the clips you liked back to the original creator
  • Mobile PWA
  • Looking for: beta testers willing to pay 21 sats and tell us what sucks
reply
1 sat \ 1 reply \ @adlai 3h

looks like you and @murdawkmedia posted the same thing?

reply
0 sats \ 0 replies \ @murdawkmedia 3h freebie

oh dang - double post. embarassing.

1736 sats \ 3 replies \ @anon 3h

EnergySatsEnergySats

Team:Team:

•	majoal0 – @majoal0

What We Built (1–3 sentences):What We Built (1–3 sentences):

I built functional prototype that turns hotel and Airbnb energy savings into real Bitcoin. Guests earn satoshis for every appliance they keep off during their stay — paid out instantly via Lightning Network at check-out.

When a guest checks in through the app, a real-time energy savings meter starts running. Every appliance they choose to keep off — air conditioner, electric shower, TV, refrigerator — generates satoshis credited to their in-app balance.

At check-out, the guest withdraws their earned satoshis instantly via a Lightning Network payment — either by scanning a QR code from their wallet or pasting a BOLT11 invoice.





Stack:Stack:

  • Lightning Network
  • React/ NextJS
  • WebSockets

Submission:Submission:

https://loot.fund/hackathons/bitcoin-exploits-edition/applications/24

Repo:Repo:

https://github.com/majoal0/EnergySats/

Next Steps:Next Steps:

I'm planning to support native Airbnb integration and IAMMETER. This way I'll have a scalable solution and production-ready product.

reply
94 sats \ 0 replies \ @Scoresby 3h

This is a pretty cool idea! I used to run an air bnb and I always hated it when people would leave the heater running even though they were out all day. Definitely saw it in my power bill. A way to incentivize them to pay attention would have been awesome!

reply
1 sat \ 0 replies \ @BlokchainB 3h

So far this is a really cool idea

reply
1 sat \ 0 replies \ @adlai 3h

I like it simply for not using AI

reply
1075 sats \ 2 replies \ @anon 3h

Stealth — Bitcoin Wallet Privacy AnalyzerStealth — Bitcoin Wallet Privacy Analyzer

Team:Team:

•	Breno Brito 
- https://github.com/brenorb 
- https://twitter.com/brenorb 
- brenorb@zaps.lol
•	LordBabuino 
- npub1dkpmrtcuqlngclt27ftd8yec3vrmmxsehkvq2l6uns64w4q656rqapwlwd
- jorge.x7@gmail.com
- x.com/JorgeSantanaDev
•	Miranda
- https://x.com/_hsmiranda
- https://github.com/hsmiranda 
- https://nosta.me/35f80bdae3821a833935fa43c4bdc41d34ff9e5695f6ae3fbb35d0d2406855c0
•	Renato Britto
- x.com/natobritto

What We Built (1–3 sentences):What We Built (1–3 sentences):

Stealth is a local, read-only privacy auditor for Bitcoin wallets that analyzes UTXOs and detects privacy vulnerabilities such as address reuse, clustering signals, dust linkage, and exchange-origin fingerprints. It surfaces institutional-grade privacy insights directly to users without requiring private keys or sending data to third parties. Users can import a descriptor and immediately see where and how their privacy is exposed, along with actionable recommendations on how to improve their privacy.

Stack:Stack:

Bitcoin primitives: descriptors, UTXOs, transaction graph analysis
Backend: Java, Python, Quartus
Frontend: React, TypeScript
Node integration: Bitcoin node backend
Architecture: local-first, read-only privacy analysis engine
Landing page: Shakespeare

Submission:Submission:

https://loot.fund/hackathons/bitcoin-exploits-edition/applications/8

Repo:Repo:

https://github.com/LORDBABUINO/stealth

Next Steps:Next Steps:

  • Mainnet support
  • Expanded privacy heuristics (amount and timing fingerprinting)
  • Interactive cluster visualization
  • Wallet integrations for real-time privacy monitoring
  • Transaction simulation to preview privacy impact before spending
  • Mobile support
  • Open-source release and ecosystem integrations
reply
5 sats \ 1 reply \ @Scoresby 2h

This seems like a very useful concept. I'm curious about how the age spread and behavioral fingerprint work. Cool to see people working on stuff like this.

reply
122 sats \ 0 replies \ @c6762b49e3 1h freebie

When we spend an old UTXO with a new one, it's telling everyone you're an OG, which can mean you have lots of Bitcoin, for example.
A behavioral fingerprint pattern would be, for example, receiving $5k from your boss every 1st day of the month, at 2pm. This can leak that it's your salary when you spend it, it can review which company you work for depending on the privacy practices of your employer, and help an attacker to link your addresses, which otherwise, would be completely isolated.

reply
0 sats \ 0 replies \ @murdawkmedia 3h freebie

deleted by author