The Frontier

The Samourai Wallet team, Keone and Lauren, face over $2 million in legal debt and a $250,000 fine from their federal conviction, urging community donations to cover these costs.

Keone highlights that Samourai Wallet served over 100,000 users and processed more than $2 billion through its open-source tools, which the government deemed criminal.

The community has donated 1.69 BTC, totaling $131,000, to Keone's appeal address, with the bulk coming from two 0.5 BTC transactions, demonstrating early support for his legal defense.

Bisq's v1 trade protocol was exploited on May 1, resulting in the drainage of 11.59 BTC from 10 users due to a missing validation check on taker-side fee values.

Bisq identified the exploit as likely AI-assisted, prompting a hotfix on May 16 and a reimbursement plan for affected users, with a DAO vote scheduled for May 25.

Roman Sterlingov's appeal hearing saw judges suggest mixers are "legal in theory, but not in practice" and questioned whether services must comply with all international licensing regimes.

The US Digital Asset Market Clarity Act passed the Senate Banking committee on May 15, integrating the Bank Secrecy Act 16 times and adding new Patriot Act special measures.

Lauren notes a carve-out in the Clarity Act's Section 604, rendering its protections for open-source developers against money transmitter liability ineffective due to an existing legal subsection (USC 1960).

A Bitcoin Core use-after-free bug (CVE-2024-52911) affecting versions 0.14 through 28 was disclosed, having been quietly patched in version 29; a practical attack required significant proof of work.

Bitcoin Knots v29.3, released May 9, activated BIP 110 soft fork enforcement by default, prompting a public countdown by Jameson Lopp for its eventual fork-off from the main network.

Blockstream's postmortem revealed the Bybit exploit that lost $1.5 billion leveraged malicious JavaScript injected into SAFE's multisig web front end, bypassing hardware wallet checks on complex Ethereum transactions.

Poland passed its EU MiCA-aligned crypto bill, coinciding with an investigation into the Zonda Crypto exchange's collapse, which caused $96 million in user losses and raised concerns about foreign influence.

A user recovered 5 BTC, worth $400,000, from an 11-year-old wallet after Claude (an LLM) found an older backup and identified/fixed a bug in the BTC Recover tool, which extracted the private keys.

Spiral and Block launched Loop, a free AI-powered vulnerability scanner for open-source Bitcoin projects, which uses LLMs to find code weaknesses and requires demonstrable test cases for all findings.

Whirlpool.observer v1.0.1, a self-hostable blockchain reader by Vibrant BTC, launched to monitor Whirlpool activity, showing 89.25 BTC in the post-mixed pool and linking TXIDs to am.i.exposed for visualization.

Bull Bitcoin mobile has integrated Ledger hardware wallets and offers a new FSS hybrid storage strategy, CoinJoin privacy enhancements, and support for 11 additional languages.

Umbrel released two mandatory security patches: v1.7.2 for CVE-2026-31431 (copy-fail) and v1.7.3 for a "dirty frag" vulnerability, both Linux kernel bugs potentially discovered by AI.

JoinMarket NG v0.29 introduced a resume flag for tumbling plans, allowing users to pick up failed plans, and randomized fee points in dual offer splitting to enhance privacy.

LDK server is a new API-first, fully functional Lightning node in daemon format built on LDK node, designed for easy integration into payment processors, wallets, and other applications.

Bolt's Backend v3.13.3 now supports full Arc (formerly Arcade) swaps and includes an EVM commitment swap lock-up flow, enabling swaps between Bitcoin and EVM chains using on-chain commitments.

Max Tannahill explains BIP47 was proposed in 2015 as a non-interactive payment code standard to replace reusable addresses and provide a base privacy layer. It enables private, repeated payments without requiring a server to generate new addresses.

Samourai Wallet implemented BIP47 in 2017 alongside other wallets like Billeater and Stash. The ecosystem aimed to combine BIP47 with CoinJoin for a comprehensive privacy stack, though this collaborative vision didn't fully materialize.

Samourai created the PayNym directory to improve BIP47's user experience. It provided human-readable pseudonyms and avatars, acting as a trusted lookup service for unwieldy payment codes similar to PGP key servers.

The PayNym directory served a critical recovery function. Wallets like Samourai and Sparrow could not rediscover outgoing notification transactions after a restore using only seed words, relying on the directory to rebuild connection metadata.

After Samourai's legal issues in 2024, the Ashigaru team scraped the PayNym directory, acquired the domain, and resurrected the service. This prevented a total collapse of BIP47's network effect but highlighted centralization risks.

Max Tannahill built BIP47DB.org to decentralize the storage of BIP47 payment codes by inscribing them on-chain using Ordinals. The protocol compresses codes into efficient batches, creating an immutable, append-only directory.

BIP47DB enables wallets to scan a canonical address to build a local database of payment codes, potentially removing dependency on centralized PayNym servers. It could also allow new payment directories to bootstrap from on-chain data.

The Ashigaru team inscribed approximately 20,000 payment codes on mainnet for a cost of roughly $135-$140. This demonstrates the low economic barrier to backing up the entire directory on-chain.

BIP47DB is designed as infrastructure for wallet and directory operators, not for direct retail use. Max Tannahill hopes it provides resilience, allowing the ecosystem to survive the loss of any single PayNym server.

The protocol's simplicity allows it to function without a full Ordinals indexer. Tools can query a single unspendable address via APIs like mempool.space to fetch and decode the inscribed payment code batches.