Price:

BITCOIN

Crypto developers build uncensorable tools amid US legal threats

Saturday, May 23, 2026 · from 2 podcasts, 3 episodes
Rabbit Hole RecapUngovernable Misfits
  • New BIP47 database stores payment codes on-chain, removing privacy’s central points of failure.
  • US prosecutors demand $2 million from jailed Samourai founders, treating code as a crime.
  • Sparrow Wallet’s silent payments make address reuse obsolete, shifting privacy to the protocol.

After the arrest of the Samourai Wallet team and the shuttering of its PayNIM server, developers face a choice: abandon privacy features or build tools that can't be shut down. Max Tannahill's BIP47DB uses Bitcoin inscriptions to create a permanent, decentralized directory for reusable payment codes, moving critical metadata from a fragile server to the immutable blockchain.

"By using the witness space to store compressed payment codes, BIP47DB creates an append-only database that any developer can rebuild," Tannahill explained. The Ashigaru team has already inscribed 20,000 existing codes, securing the entire directory for about $150. This solves a key recovery problem for BIP47 wallets, which previously relied on centralized servers to maintain connection histories after a wallet restore.

This push for resilience comes as the legal environment turns hostile. Judges in the Roman Sterlingov appeal argued that privacy tools like mixers are legal in theory but become criminal once used for illicit transactions - a standard that makes open-source developers responsible for anonymous users' actions.

"If an internationally accessible service must comply with every jurisdiction’s licensing, open-source development becomes impossible."

- Max and Q, The Bitcoin Brief

Prosecutors are following through. Samourai Wallet co-founder Keone, writing from a West Virginia prison, described being buried under $2 million in legal debt while the DOJ demands immediate payments. The move is seen as a tactic to financially break the privacy movement's developers. In response, wallet builders are integrating privacy directly into the protocol. Sparrow Wallet's 2.5.0 release brings silent payments to power users, generating a unique, one-time address for every transaction to eliminate address reuse.

"Silent payments fix this without requiring a complex setup. It’s privacy by default for the medium of exchange."

- Craig Raw, mentioned on Rabbit Hole Recap

The crackdown isn't slowing innovation - it's redirecting it. Developers are abandoning architectures that depend on trusted coordinators, opting instead for protocol-level upgrades and decentralized databases. The goal is a privacy stack that functions even when its creators are in jail.

#Privacy#Regulation#Payments
BitcoinSparrow Wallet

Source Intelligence

- Deep dive into what was said in the episodes

Rabbit Hole Recap
Rabbit Hole Recap

RABBIT HOLE RECAP #410: SILENT BITCOIN PAYMENTSMay 22

  • Iran launched the HermuzSafe platform, a Bitcoin-powered maritime insurance scheme for ships crossing the Strait of Hormuz. Matt and Marty argue this validates Bitcoin's censorship resistance on a global scale.
  • South Africa's treasury is using a revised 1930s law to impose strict KYC on Bitcoin transactions without parliamentary approval. Bitcoiners there are submitting public comments to build a legal challenge.
  • Thailand approved a 175 billion baht digital relief program tied to a state-controlled app. Funds are restricted to approved merchants and cannot be withdrawn as cash, deepening reliance on government payment infrastructure.
  • Sparrow Wallet 2.5.0 added native silent payments support, a privacy technology that eliminates address reuse by generating a unique destination for each payment.
  • Hodl Hodl launched Lightning trading on mainnet, enabling non-custodial, no-KYC peer-to-peer Bitcoin purchases for small amounts, a significant product advancement.
Also from this episode: (6)

Protocol (2)

  • Iran's potential adoption poses a test for U.S. sanctions. Marty explains that Chinese mining pools control roughly 45% of global hash rate, making coordinated transaction censorship by the U.S. unlikely to succeed.
  • SpaceX holds nearly 19,000 Bitcoin, valued at $1.29 billion, according to its released financials. This makes it a top corporate treasury.

AI & Tech (1)

  • GitHub disclosed a security breach where a poisoned VS Code extension led to the exfiltration of its internal repositories. The attackers claimed access to around 3,800 repositories.

Politics (3)

  • Donald Trump signed an executive order expanding Bank Secrecy Act requirements, framing it as a measure against illegal immigration. Matt notes this continues a trend of increased financial surveillance.
  • Marty notes that the 1970s Supreme Court justification for the Bank Secrecy Act's $10,000 threshold is outdated, as inflation has made that amount common, subjecting far more transactions to surveillance.
  • Matt highlights the political tactic of making populations poor and then offering small, controlled digital handouts as bribes to accept surveillance, as seen in Thailand and emerging in the U.S.
#BTC Markets#Regulation#Privacy#Nation-State#Macro
Ungovernable Misfits
Ungovernable Misfits

It's All So Tiresome | THE BITCOIN BRIEF 81May 20

  • The Samourai Wallet team, Keone and Lauren, face over $2 million in legal debt and a $250,000 fine from their federal conviction, urging community donations to cover these costs.
  • Keone highlights that Samourai Wallet served over 100,000 users and processed more than $2 billion through its open-source tools, which the government deemed criminal.
  • The community has donated 1.69 BTC, totaling $131,000, to Keone's appeal address, with the bulk coming from two 0.5 BTC transactions, demonstrating early support for his legal defense.
  • Roman Sterlingov's appeal hearing saw judges suggest mixers are "legal in theory, but not in practice" and questioned whether services must comply with all international licensing regimes.
  • The US Digital Asset Market Clarity Act passed the Senate Banking committee on May 15, integrating the Bank Secrecy Act 16 times and adding new Patriot Act special measures.
  • Lauren notes a carve-out in the Clarity Act's Section 604, rendering its protections for open-source developers against money transmitter liability ineffective due to an existing legal subsection (USC 1960).
  • Poland passed its EU MiCA-aligned crypto bill, coinciding with an investigation into the Zonda Crypto exchange's collapse, which caused $96 million in user losses and raised concerns about foreign influence.
  • Whirlpool.observer v1.0.1, a self-hostable blockchain reader by Vibrant BTC, launched to monitor Whirlpool activity, showing 89.25 BTC in the post-mixed pool and linking TXIDs to am.i.exposed for visualization.
  • Bull Bitcoin mobile has integrated Ledger hardware wallets and offers a new FSS hybrid storage strategy, CoinJoin privacy enhancements, and support for 11 additional languages.
  • JoinMarket NG v0.29 introduced a resume flag for tumbling plans, allowing users to pick up failed plans, and randomized fee points in dual offer splitting to enhance privacy.
  • LDK server is a new API-first, fully functional Lightning node in daemon format built on LDK node, designed for easy integration into payment processors, wallets, and other applications.
  • Bolt's Backend v3.13.3 now supports full Arc (formerly Arcade) swaps and includes an EVM commitment swap lock-up flow, enabling swaps between Bitcoin and EVM chains using on-chain commitments.
Also from this episode: (8)

Protocol (3)

  • Bisq's v1 trade protocol was exploited on May 1, resulting in the drainage of 11.59 BTC from 10 users due to a missing validation check on taker-side fee values.
  • A Bitcoin Core use-after-free bug (CVE-2024-52911) affecting versions 0.14 through 28 was disclosed, having been quietly patched in version 29; a practical attack required significant proof of work.
  • Bitcoin Knots v29.3, released May 9, activated BIP 110 soft fork enforcement by default, prompting a public countdown by Jameson Lopp for its eventual fork-off from the main network.

Safety (2)

  • Bisq identified the exploit as likely AI-assisted, prompting a hotfix on May 16 and a reimbursement plan for affected users, with a DAO vote scheduled for May 25.
  • Blockstream's postmortem revealed the Bybit exploit that lost $1.5 billion leveraged malicious JavaScript injected into SAFE's multisig web front end, bypassing hardware wallet checks on complex Ethereum transactions.

AI & Tech (3)

  • A user recovered 5 BTC, worth $400,000, from an 11-year-old wallet after Claude (an LLM) found an older backup and identified/fixed a bug in the BTC Recover tool, which extracted the private keys.
  • Spiral and Block launched Loop, a free AI-powered vulnerability scanner for open-source Bitcoin projects, which uses LLMs to find code weaknesses and requires demonstrable test cases for all findings.
  • Umbrel released two mandatory security patches: v1.7.2 for CVE-2026-31431 (copy-fail) and v1.7.3 for a "dirty frag" vulnerability, both Linux kernel bugs potentially discovered by AI.
#Privacy#Protocol#Regulation#BTC Markets

Max Tannahill Reveals BIP47DB.ORG | FREEDOM TECH FRIDAY 40May 16

  • Max Tannahill explains BIP47 was proposed in 2015 as a non-interactive payment code standard to replace reusable addresses and provide a base privacy layer. It enables private, repeated payments without requiring a server to generate new addresses.
  • Samourai Wallet implemented BIP47 in 2017 alongside other wallets like Billeater and Stash. The ecosystem aimed to combine BIP47 with CoinJoin for a comprehensive privacy stack, though this collaborative vision didn't fully materialize.
  • Samourai created the PayNym directory to improve BIP47's user experience. It provided human-readable pseudonyms and avatars, acting as a trusted lookup service for unwieldy payment codes similar to PGP key servers.
  • The PayNym directory served a critical recovery function. Wallets like Samourai and Sparrow could not rediscover outgoing notification transactions after a restore using only seed words, relying on the directory to rebuild connection metadata.
  • After Samourai's legal issues in 2024, the Ashigaru team scraped the PayNym directory, acquired the domain, and resurrected the service. This prevented a total collapse of BIP47's network effect but highlighted centralization risks.
  • Max Tannahill built BIP47DB.org to decentralize the storage of BIP47 payment codes by inscribing them on-chain using Ordinals. The protocol compresses codes into efficient batches, creating an immutable, append-only directory.
  • BIP47DB enables wallets to scan a canonical address to build a local database of payment codes, potentially removing dependency on centralized PayNym servers. It could also allow new payment directories to bootstrap from on-chain data.
  • The Ashigaru team inscribed approximately 20,000 payment codes on mainnet for a cost of roughly $135-$140. This demonstrates the low economic barrier to backing up the entire directory on-chain.
  • BIP47DB is designed as infrastructure for wallet and directory operators, not for direct retail use. Max Tannahill hopes it provides resilience, allowing the ecosystem to survive the loss of any single PayNym server.
Also from this episode: (1)

Protocol (1)

  • The protocol's simplicity allows it to function without a full Ordinals indexer. Tools can query a single unspendable address via APIs like mempool.space to fetch and decode the inscribed payment code batches.
#Protocol#Privacy#Payments

Related Stories