Weekly Dispatch Follow the Rabbit Weekly October 25, 2025 | Editor's Note This week in Bitcoin technical developments, the spotlight shines on the groundbreaking Trezor Safe 7, heralded as the first quantum-ready hardware wallet equipped with a next-gen Secure Element chip, ensuring future-proof security for users. Additionally, critical security vulnerabilities were identified, including remote crash risks and disk-filling attacks, underscoring the importance of staying informed about system robustness. As the Bitcoin ecosystem continues to evolve, updates like lnd v0.20.0-beta.rc2 and the latest from umbrelOS promise to enhance user experience while navigating the complexities of consensus rules and mempool policies. | Update 1 | Published October 24, 2025 | The Trezor Safe 7 hardware wallet introduces a groundbreaking transparent TROPIC01 Secure Element chip, enhancing security through audibility and dual-chip architecture, making it resistant to potential attacks. Additionally, it is the first quantum-ready hardware wallet, featuring a boardloader architecture designed for future updates to quantum-secure firmware, which will allow users to adapt to advancements in quantum computing without needing to replace their devices. This positions developers and users to better prepare for evolving security threats in the crypto landscape. Trezor Product Blog | | | Update 2 | Published October 24, 2025 | A bug (CVE-2025-46597) affecting 32-bit systems in Bitcoin Core could lead to a node crash when handling blocks larger than 1GB, particularly if the node's mempool was set to accept over 3GB, which is uncommon. Although the exploit is highly improbable, a fix was implemented in Bitcoin Core v30.0, which includes a cap on the `-maxmempool` setting for 32-bit systems to prevent potential crashes. Developers and users on 32-bit systems should update to the latest version to ensure stability and security against this edge case. Bitcoin Core Blog RSS | | | Update 3 | Published October 24, 2025 | The recent CVE-2025-46598 vulnerability in Bitcoin Core allowed attackers to exploit unconfirmed transactions to induce CPU resource exhaustion, potentially delaying block propagation without disconnecting nodes. Released in Bitcoin Core v30.0, the fix includes optimizations that reduce validation times across different Script contexts, specifically addressing worst-case scenarios in both legacy and Tapscript contexts. Developers and users should update to v30.0 to mitigate this low-severity issue and enhance node stability against such denial-of-service attacks. Bitcoin Core Blog RSS | | | Update 4 | Published October 24, 2025 | CVE-2025-54604 exposed a log-filling vulnerability in Bitcoin Core that allowed attackers to spoof self-connections and potentially exhaust a victim node's disk space through excessive logging. The exploit's impact was limited due to connection timeouts, but a significant fix was implemented in Bitcoin Core v30.0, introducing log rate-limiting to prevent similar attacks in the future. Developers and users should ensure they upgrade to the latest version to mitigate this risk and enhance node stability. Bitcoin Core Blog RSS | | | Update 5 | Published October 24, 2025 | CVE-2025-54605 is a low-severity vulnerability in Bitcoin Core that allowed attackers to fill a victim node's disk space by sending invalid blocks, exploiting the unconditional logging of such occurrences. The fix, implemented in Bitcoin Core v30.0, introduces log rate-limiting to mitigate this and similar log-filling attacks, enhancing overall node resilience. Developers and users should update to the latest version to ensure protection against this vulnerability and maintain optimal node performance. Bitcoin Core Blog RSS | | | Update 6 | Published October 24, 2025 | The newsletter discusses the potential use of cluster mempool techniques to identify increases in block template feerates, which could enhance fee estimation algorithms for miners and wallets, improving transaction prioritization. Additionally, updates on channel jamming mitigation simulations could lead to more robust payment channel designs, benefiting users who rely on the Lightning Network. Developers are encouraged to review recent changes in services and client software to stay current with infrastructure improvements. Bitcoin Optech RSS | | | Update 7 | Published October 23, 2025 | The lnd v0.20.0-beta.rc2 release introduces a significant database migration from a key-value format to native SQL for the graph store, enhancing data management and query capabilities. Developers must enable this migration using the `--db.use-native-sql` flag and can opt-out if necessary, ensuring flexibility during the transition. Additionally, the release emphasizes verifiability through GPG signatures and OpenTimestamps, promoting increased trust in the binaries and facilitating reproducible builds for developers. Lightning Network (LND) Releases | | | Update 8 | Published October 23, 2025 | The article clarifies the distinction between Bitcoin consensus rules, which govern block validity and are crucial for network agreement, and mempool policies, which are configurable settings that manage transaction propagation and resource usage on individual nodes. While consensus rules are rarely changed and require coordinated efforts for updates like soft and hard forks, mempool policies can be adjusted by node operators to optimize performance and prevent issues like spam transactions, without affecting the fundamental validity of transactions. Developers and users must recognize that mempool policies are not enforceable at the protocol level, limiting their impact on transaction confirmation in the broader network. BitBox Product Blog | | | Update 9 | Published October 21, 2025 | The Trezor Safe 7 introduces the first auditable Secure Element chip, TROPIC01, enhancing transparency and security for Bitcoin developers and users by allowing community verification of hardware security. It features a dual Secure Element architecture that safeguards against physical access and potential brute-force attacks. Additionally, its quantum-ready design prepares the wallet for future cryptographic transitions, ensuring long-term security against advancing threats in quantum computing. Trezor Product Blog | | | Update 10 | Published October 19, 2025 | UmbrelOS 1.5 Beta 2 introduces significant features for users and developers, including automatic encrypted backups, file recovery through a "Rewind" function, and external USB storage support on amd64 devices. Developers can leverage GPU acceleration for applications like Jellyfin and Plex, improving performance on supported hardware. Additionally, the update simplifies network share setups and enhances error handling, which will benefit users managing multiple devices and backups. Umbrel Releases | | | Update 11 | Published October 18, 2025 | The Bitcoin Bitchat update 1.4.4 introduces significant enhancements including the addition of mermaid diagrams for packet structures and the establishment of a localization framework, which allows for externalized strings and localization regression tests. Developers can expect improved test reliability, as broken tests related to localization have been fixed, and optimizations have been made to private chat deduplication processes. Moreover, the modularization of components like Tor and the refactoring of PeerID handling may lead to better performance and maintainability in the application's architecture. BitChat Releases | | Looking for more rabbit holes? Explore deeper notes, research, and discussions. Home → | |
