100th Cowboy Plunda Drop in the @saloon

Howdy cowboy! Come on in!

For the 100th drop the code below is for an élite box of loot! A value of 75k sats!!

@plunda also provided some very interesting goodie bags as well

I took one to see if I can open it and no dice!!

If you wish to have one of these mysterious bags of loot drop your npub in the comments and I’ll send you one.

Use the below voucher code to collect!
X4YK6XHROHBR

To redeem Click here

Got questions? Reach out to the sheriff @plunda

100 days down 265 more to go!!

Signal21Signal21

Team:Team:

• murdawkmedia – github.com/murdawkmedia

What We Built:What We Built:

The exploit at bitcoin++ isn't code — it's your calendar. The 40HPW meme exists because the Bitcoin rabbit hole is real: podcasts, YouTube channels, meetup streams, RSS feeds. Signal21 exploits that exploit back. Configure your sources and topics once, pay 21 sats, and get a single AI-synthesized audio briefing — deduplicated, filtered to what you actually care about, streaming to your browser before it's even done generating. Time is the only non-renewable resource. We built the reclaim button.

Stack:Stack:

• Backend: Python / FastAPI, async parallel feed fetching
• Transcription: yt-dlp + Gemini 2.5 Flash fallback (handles missing captions automatically)
• Script synthesis: Gemini 2.5 Flash via OpenRouter (reads thousands of lines, writes one broadcast-ready narrative)
• TTS: ElevenLabs streaming (zero-latency, audio starts before generation ends)
• Paywall: LNURL-pay via coinos.io — 21 sats to unlock a generation
• Frontend: Pure HTML/JS + Tailwind, cyberpunk aesthetic

Submission:Submission:

https://loot.fund/hackathons/bitcoin-exploits-edition/application/create/new

Repo:Repo:

https://github.com/murdawkmedia/signal21

Next Steps:Next Steps:

• Persistent user feeds (save your sources, not just one-shot)
• Nostr integration — zap the clips you liked back to the original creator
• Mobile PWA
• Looking for: beta testers willing to pay 21 sats and tell us what sucks

localprobelocalprobe

Team:Team:

• b10c – https://github.com/0xb10c

What We Built:What We Built:

If your browser (Firefox does; Chrome/Brave/Edge are ok) leaks that are running a Bitcoin node (mainnet/testnets) on the same machine as your browser, localprobe alerts you about it by showing a privacy alert when you visit a website. Currently, https://b10c.me does (test by running bitcoind -regtest and visiting https://b10c.me). This leak might be used by e.g. advertisers to show you Bitcoin related ads.

Stack:Stack:

plain JS

Submission:Submission:

https://loot.fund/hackathons/bitcoin-exploits-edition/applications/13

Repo:Repo:

https://gist.github.com/0xB10C/4e6b3d8394bb375323e887945091ead5

Next Steps:Next Steps:

Using the same technique, we can actually harm remote Bitcoin nodes by DDoSing them from the browser. I've been working on a demo of this.

MinesploitMinesploit

Team:Team:

• Johnny – GitHub / Nostr
• Jayr – GitHub
• Lucas – GitHub

What We Built:What We Built:

Security research framework for Bitcoin mining infrastructure. Hypothesis-first design: spin up a Stratum server, connect a real CPU miner, test your attack.

Example: pool = StratumServer().start(); miner = CPUMiner(pool=pool).start(); — now you're mining with real hashrate, ready to test your hypothesis.

While stress-testing Stratum V2 we found an interesting bug regarding share accounting (responsible disclosure in progress 👀).

Stack:Stack:

• Python 3.10+ (async/await, type hints, uv)
• Exploits: 18 CVEs (Bitcoin Core, Stratum, cgminer)
• Protocols: Stratum V1 client/server/MITM proxy/sniffer, Stratum V2 (translator), P2Pool scanner
• Utilities: TCP/SSL, JSON-RPC & mining message parsers, crypto (hash256/hash160/merkle), port scanner
• REPL: Interactive shell with check/run/verify, tab completion, scriptable
• CPUMiner: Docker-wrapped mujina for real hashrate testing

Repo:Repo:

https://github.com/johnnyasantoss/minesploit

Next Steps:Next Steps:

• More protocol implementations
• Stratum V2 bindings for easier testing
• Contributions welcome

Stealth — Bitcoin Wallet Privacy AnalyzerStealth — Bitcoin Wallet Privacy Analyzer

Team:Team:

•	Breno Brito 
- https://github.com/brenorb 
- https://twitter.com/brenorb 
- brenorb@zaps.lol
•	LordBabuino 
- npub1dkpmrtcuqlngclt27ftd8yec3vrmmxsehkvq2l6uns64w4q656rqapwlwd
- jorge.x7@gmail.com
- x.com/JorgeSantanaDev
•	Miranda
- https://x.com/_hsmiranda
- https://github.com/hsmiranda 
- https://nosta.me/35f80bdae3821a833935fa43c4bdc41d34ff9e5695f6ae3fbb35d0d2406855c0
•	Renato Britto
- x.com/natobritto

What We Built (1–3 sentences):What We Built (1–3 sentences):

Stealth is a local, read-only privacy auditor for Bitcoin wallets that analyzes UTXOs and detects privacy vulnerabilities such as address reuse, clustering signals, dust linkage, and exchange-origin fingerprints. It surfaces institutional-grade privacy insights directly to users without requiring private keys or sending data to third parties. Users can import a descriptor and immediately see where and how their privacy is exposed, along with actionable recommendations on how to improve their privacy.

Stack:Stack:

Bitcoin primitives: descriptors, UTXOs, transaction graph analysis
Backend: Java, Python, Quartus
Frontend: React, TypeScript
Node integration: Bitcoin node backend
Architecture: local-first, read-only privacy analysis engine
Landing page: Shakespeare

Submission:Submission:

https://loot.fund/hackathons/bitcoin-exploits-edition/applications/8

Repo:Repo:

https://github.com/LORDBABUINO/stealth

Next Steps:Next Steps:

• Mainnet support
• Expanded privacy heuristics (amount and timing fingerprinting)
• Interactive cluster visualization
• Wallet integrations for real-time privacy monitoring
• Transaction simulation to preview privacy impact before spending
• Mobile support
• Open-source release and ecosystem integrations

what if

EnergySatsEnergySats

Team:Team:

•	majoal0 – @majoal0

What We Built (1–3 sentences):What We Built (1–3 sentences):

I built functional prototype that turns hotel and Airbnb energy savings into real Bitcoin. Guests earn satoshis for every appliance they keep off during their stay — paid out instantly via Lightning Network at check-out.

When a guest checks in through the app, a real-time energy savings meter starts running. Every appliance they choose to keep off — air conditioner, electric shower, TV, refrigerator — generates satoshis credited to their in-app balance.

At check-out, the guest withdraws their earned satoshis instantly via a Lightning Network payment — either by scanning a QR code from their wallet or pasting a BOLT11 invoice.

Stack:Stack:

• Lightning Network
• React/ NextJS
• WebSockets

Submission:Submission:

https://loot.fund/hackathons/bitcoin-exploits-edition/applications/24

Repo:Repo:

https://github.com/majoal0/EnergySats/

Next Steps:Next Steps:

I'm planning to support native Airbnb integration and IAMMETER. This way I'll have a scalable solution and production-ready product.

Canada
Strickland
OKC
230

There are a number content providers who write a lot about LN development and potential who 'virtue signalling' that they are 'living on the Bitcoin Standard' but who have never bothered to attach both sending and receiving LN wallets. I see that as hypocrisy and do not want to spend my sats on them.

Showing attached wallets verifies to content consumers that a content provider is NOT just virtue signalling but is walking the talk.

@denlillaapan

You do not believe content consumers here who ultimately must fund the entire platform if it is to be viable have a right to know which content providers have made the effort to attach LN wallets and thereby maximise their use of and support for the LN???

Silence.

The only reason I am downzapping content is because none of you have provided a credible response to the above question.

I much prefer reasoned dialogue to war but I have tried for many weeks to raise this question and get a credible response- there has been none- only vicious childish trolling, evasion and abuse.

when inscription spam drives fees through the roof, regular people can’t afford to make on-chain transactions anymore

We must be living in different universes. The mempool cleared this week to 1.04 blocks worth of transactions waiting. The feerate necessary to be in the next block is currently 0.1033 s/vB. The spam transactions make up the absolute bottom of the mempool, their feerates are a fraction of those of payment transactions. So that “market failure” your son(?) is decrying seems to be insufficient demand for payment transactions. How is that supposed to be fixed by BIP 110?

Yesterday we first-hand witnessed that resisting censorship on SN is much like resisting censorship in Russia: it paints an enormous target on one's back. Our own syndication post was the top downzapped post. If we'd be resisting a nation state though, our disobedience would have landed us in the gulag awaiting poisoning with polonium, Novichok and/or epibatidine, but luckily we are finding ourselves in a relative benign position where we just have to resist little authoritarians with barely any real power, not big ones.

Additionally, because we despise "devs do something" and we strongly believe that the power of SN is the community, not the money, we act from a baseline conviction that the community can just do things. And we intend to just do things. Of course, we've foreseen a counter reaction and already have developed a series of mitigations to potential attempts to disrupt our resistance.

The first trick from our resistance handbook is a simple one: we will only post reports of downzapped posts, so if you're interested to learn about content that you may have missed, of any nature, you can subscribe to our posts, as subscriptions always deliver. If you don't want to see our posts because you dislike things that were downzapped, you can simply mute us. To do either, go to our profile, tap the ... next to our nym and use the "subscribe to posts" or "mute CindyKate" option as you desire.

Enjoy your day.

I think most companies are late. Within the next year, I believe the majority of companies will reach the same conclusion and make similar structural changes.

I've been doubtful that AI job cuts were gonna be as big as people say. This certainly makes me reevaluate that. It will be very curious if this prediction of his does not come true.

But, if it does...this year...that would be some serious chaos.

If it indeed turns out to be an existential threat, a hard fork involving hashing algorithm change would be the most effective solution and you can safely bet that most plebs will be on board i.e. it won't be contentious in any way. This has been brought up on different occasions over the past five years at least and this is the proposed solution. Not sure miners would eagerly support it as current mining equipment would be made obsolete as a result, but it's better than having your earnings drop to zero

As far as I know, they haven't marketed themselves as self-custodial. I asked one of the Citrea cofounders specifically about their "trust minimized" setup - https://x.com/Kruwed/status/2032221603568787501

What if you exclusively use Clawnker Credits?

Links to the rest of the pieces in the series:

Chapter 02: The Monday Night Club
Chapter 03: Good Airs
Chapter 04: Cinematic Moments
Chapter 05: An Imaginary Machine Gun
Chapter 06: Harvesting Seeds
Chapter 07: Write. Edit. Submit. Repeat
Chapter 08: Dedication
Chapter 09: Becoming Hemmingway
Chapter 10: Teaching Others
Chapter 11: The Covid Diaries
Chapter 12: Riding a Bike
Chapter 13: Going Fishing
Chapter 14: The Orange Pill
Chapter 15: Scaling and Failing
Chapter 16: Becoming Totally Human
Chapter 17: A Rotten Uncle
Chapter 18: Up to Date

I am reminded of two things:

First, Szabo's "Money, Blockchains, and Social Scalability" where he makes the distinction between technological scalability and social scalability. Sure, fees go up when lots of people use a chain, but I think Shin is probably ignoring a similar pressure in centralized banking: regulators seem to tend to want to increase regulation which drives people toward the least regulated means of transacting. Shin's own BIS acknowledged this in a recent paper (#1450816). Szabo's paper is interesting to put into juxtaposition with Shin's:

When we can secure the most important functionality of a financial network by computer science rather than by the traditional accountants, regulators, investigators, police, and lawyers, we go from a system that is manual, local, and of inconsistent security to one that is automated, global, and much more secure. Cryptocurrencies, when implemented properly on public blockchains, can substitute an army of computers for a large number of traditional banking bureaucrats. “These block chain computers will allow us to put the most crucial parts of our online protocols on a far more reliable and secure footing, and make possible fiduciary interactions that we previously dared not do on a global network.”

When I designed bit gold I already knew consensus did not scale to large transaction throughputs securely, so I designed it with a two-tier architecture: (1) bit gold itself, the settlement layer, and (2) Chaumian digital cash, a peripheral payment network which would provide retail payments with high transactions-per-second performance and privacy (through Chaumian blinding), but would like Visa be a trusted third party and thus require a “human blockchain” of accountants, etc. to operate with integrity. The peripheral payment network can involve only small value transactions, thereby requiring much less of a human army to avoid the fate of Mt. Gox.

Second, Voskuil's "Utility Threshold Property" where he argues that

Higher fees imply higher hash rate cost mitigating the need to increase confirmation depth for higher value transfers. But given there is no way to reduce security for lower value transfers, the useful minimum value transfer rises with utility. Failure to support transfers in a certain value range implies substitutes are cheaper in that range. This implies the possibility of coexisting moneys to service distinct value ranges. However all Bitcoins inherently exhibit this property.

Shin says

fragmentation is not merely inconvenient — it is structurally incompatible with the network effects that give money its social value.

But I think that the fragmentation of liquidity that Shin finds so troubling also exists in traditional finance: I may be able to pay with Visa or Mastercard, but those are effectively separate systems. The only reason they work well together is that we have decades of building infrastructure around them.

I don't think these are AI layoffs. I think they were going to make these layoffs anyway. AI made them do it faster, differently perhaps. I think this is a 2-for-1 deal in investor signaling: (1) we are cost efficient, profits will go up (2) we are serious about AI.

If AI makes every person more productive, why would you want fewer people? If AI allows you to produce more with fewer people, you can produce tons more with more people.

There's a kind of duplicity required to be a lovable king - ruthless yet able to frame unpopular decisions as caused by adjacent/external/correlated/plausible things. Jack is good at it.

In light of what @k00b said in #1431816, I think that it makes more sense to remove downzaps than to give attention to the trolling.

It just means that territories must be moderated (maybe?)
And that boosts ought to be killed