Satoshi Scoop Weekly, 26 September 2025
🍨 Your weekly bite of the latest updates from the Bitcoin tech ecosystem!
Crypto Insights
Bitcoin Core Security Optimization: Minimizing Third-Party Dependencies
Bitcoin Optech contributor Schmidity stated that Bitcoin Core maintenance should minimize reliance on third-party libraries. While these may speed up development, they also introduce risks such as security vulnerabilities, consensus fragility, supply-chain attacks, and reproducibility issues. He listed several key dependencies that have already been removed or replaced in Bitcoin Core, including:
Replacing the complex and vulnerable OpenSSL with libsecp256k1
Removing Protobuf / BIP70 payment protocol
Replacing Berkeley DB, which has lock limit issues, with SQLite
Removing NAT traversal libraries
miniupnpcandlibnatpmpdue to security risks
He also highlighted that Bitcoin Core’s strong culture of code review and the use of fuzz testing are crucial to keeping the codebase secure.
PoW as the Truth of the Digital World: Non-PoW Spam Filters Are Doomed to Fail
Nunchuk founder Hugo argues that any non-PoW-based spam filter is destined to fail, since it relies on subjectivity and “rough social consensus”, which is inherently centralizing. “Social consensus” filtering is merely PoS under another name.
He emphasizes that PoW is the only objective and incorruptible mechanism in the digital world. PoW is rooted in physics, built on the undisputed currency of the universe: energy. Bitcoin naturally curbs on-chain spam through transaction fees, and existing blocksize limits are sufficient to keep blockchain growth in check. Instead of debating JPEGs transactions, the focus should be on practical improvements to self-custody security and accessibility—such as Miniscript, MuSig2, hardwares, etc., to help more people achieve digital sovereignty.
Taproot: Bitcoin’s Starting Point for Post-Quantum Security
The author argues that while no perfect solution exists for Bitcoin against quantum attacks, any mitigation involves trade-offs—technical or social. However, Taproot can serve as a built-in solution for a quantum-resistant plan, laying the groundwork for a smoother transition into the post-quantum era.
The idea that Taproot’s internal structure can withstand quantum attacks goes back to Matt Corallo. More recently, Blockstream Research’s Tim Ruffing published a paper showing that this method is indeed secure: even if Schnorr and ECDSA are broken, Taproot’s fallback paths remain trustworthy. This Taproot-based post-quantum plan involves two steps:
Add post-quantum opcodes in Bitcoin Script to support post-quantum signatures, enabling users to create Taproot outputs with dual spending paths.
Flip the kill switch when quantum threats emerge, to disable vulnerable spending methods and secure the network. As long as users migrate funds into upgraded Taproot outputs with post-quantum fallbacks, those funds remain safe and spendable.
Zkpoor: Zero-Knowledge Proof for Verifiable Bitcoin Reserves
Companies like MicroStrategy claim to hold large amounts of BTC but won’t disclose addresses for security reasons. The current “proof-of-reserves” relies on voluntary claims without cryptographic verification. To address this, zkpoor (GitHub) uses STARK verification to generate the cryptographic proof for corporate Bitcoin reserves without revealing addresses or UTXOs—enhancing Bitcoin’s verifiable trust.
Zkpoor builds on Bitcoin Treasury and extends the original dashboards with zero-knowledge proof generation and verification.
Nostr Growth Slows: UX Friction and Weak Censorship-Resistance Appeal as Possible Causes
According to observations, Nostr’s growth stagnated in 2025. Data suggests that despite notable improvements in apps and clients built on the protocol, activities on Nostr has plateaued—or even declined. The author attributes this to two main factors:
Competing with Web2 content platforms is tough: TikTok, Instagram, and X offer creators smoother experiences and better incentives, while Nostr platforms still present high friction and limited rewards.
Censorship resistance doesn’t attract enough users. People prefer platforms like X and Substack not because they are stronger in resisting censorship, but because they have better marketing. Most people have short memories and lack the awareness to appreciate why Nostr’s censorship-resistance is superior.
Nervos’ Web5 Vision Powered by CKB
Through a series of essays, Nervos Network’s architect Jan outlined a Web5 vision powered by CKB. By clearly separating Web2 and Web3 in terms of economic and technical boundaries, their strengths can complement each other. This allows users to enjoy the smooth experience of Web2 while also benefiting from Web3’s security, decentralization, and censorship resistance—the essence of Web5 = Web2 + Web3 (Web5: Make Web2 and Web3 Better with Clear Boundaries).
On the relationship and design of addresses vs. accounts, he points out that Ethereum’s account model sacrifices privacy for usability. CKB, as a challenger to Ethereum and a follower of Satoshi, seeks to decouple accounts from authentication via DID:web5, enabling coexistence of multiple addresses and accounts while balancing privacy and usability (Account, Authentication, and Addresses). Nervos' Web5 also proposes breakthroughs in data ownership: combining personal data servers (PDS) with micropayments to let users truly control and monetize their data—transforming the ecosystem from platform monopoly to user sovereignty (Web5: Own Data, Not Tokens).
Architecturally, different from Jack Dorsey’s Bitcoin-based Web5, the Nervos Web5 is based on its foundation CKB with three key components on top: decentralized identity (did:web5), efficient off-chain micro-payment channels (Fiber Network), and Personal Data Server (e.g., ATproto). These enable censorship resistance, data ownership, and verifiable programmability—providing the solid foundation for realizing Web3/5 ideals (My Web5, Your Web5).
Ark Protocol Achieves Unilateral Exit Without Permission
One of Ark’s development teams, Second, announced that they successfully implemented permissionless unilateral exits on Bitcoin testnet MutinyNet. Ark is a Bitcoin Layer 2 scaling solution that uses a central server—Ark Service Providers (ASPs)—to facilitate large-scale, instant, low-fee payments.
Last month at Bitcoin Baltic HoneyBadger 2025, Ark facilitated the vendor payments via BTCPay Servers catered to lightning users.
This also shows how Lightning serves as a connective tissue, enabling interoperability with other Bitcoin Layer 2 solutions (eCash mint, Liqui, etc.) without the need for complex bridges, validation nodes, or rollups.
WISCH Protocol: Asymptotically Efficient Selective Disclosure in Multiparty Computation
The Fairgate team introduced WISCH in this paper, a “commit-reveal protocol” combining compact aggregate signatures with hash-based commitments for selective disclosure of relevant data in multiparty computation.
WISCH separates on-chain verification from off-chain preparation, making verification cost depend only on the number of revealed items, not the size of the underlying message space. This yields asymptotic efficiency: on-chain costs grow linearly with the number of revealed items, independent of the ambient domain, while the per-byte overhead decreases with the message granularity. Its security is proven via simulation-based proof in a UC framework with a ledger functionality, in the algebraic group model and global random-oracle models, under standard assumptions for discrete log signatures and hash commitments. WISCH thus offers selectively verifiable disclosures with lightweight on-chain validation and provable security guarantees.
BitVMX Open-Sources Three Core Components: Monitor, Coordinator, and Indexer
BitVMX open-sourced three core components, with key features and basic usage:
BitVMX Transaction Monitor: connects to the indexer to track Bitcoin UTXOs and blocks
Bitcoin Coordinator: the central brain for Bitcoin-side transaction management—it dispatches transactions, tracks confirmations, and accelerates transactions when needed
Bitcoin Indexer: connects to Bitcoin Core and stores block and transaction IDs into RocksDB for efficient access
Bitlayer Launches YBTC: Autonomous BitVM Smart Contract Bridge
YBTC is a new representative BTC designed by Bitlayer, pegged 1:1 to BTC and issued via the BitVM bridge by locking BTC.
Unlike existing Bitcoin DeFi assets like WBTC and tBTC, YBTC’s advantage lies in replacing human intermediaries with an autonomous BitVM smart contract, as an automated, transparent vault keeper. Information is relayed trustlessly, though users can also serve as their own relays if needed.
The table below shows the transition of BTC bridges from WBTC to tBTC to YBTC:
Applicability of Bitcoin Bridge Protocols in AIoT
Bitcoin’s limited scripting and lack of native interoperability restrict its integration with broader blockchain ecosystems, particularly in DeFi and multi-chain applications. This paper proposes a taxonomy of Bitcoin cross-chain bridge protocols, analyzing their trust assumptions, performance, and applicability in the AIoT (Artificial Intelligence of Things) scenarios.
The researchers classifies bridge designs into three categories: naive token swapping, pegged-asset bridges, and arbitrary-message bridges. Each is evaluated on trust models, latency, capital efficiency, and DeFi composability. The paper further explores bridges in real-world AIoT use cases, including decentralized energy trading, medical data integration, and supply chain automation.
