BRH-004: BitDevs Radio Hour #4 – Your 2025 Bitcoin Wrapped is Here

Broadcasting live from ATL BitLab, Stephen DeLorme and Alex Lewin close out the year with a festive edition of the BitDevs Radio Hour. This episode covers a grab bag of fresh Bitcoin technical developments: new BIP assignments, a novel approach to private collaborative custody, a consensus discrepancy discovered via differential fuzzing, Lightning protocol optimization ideas, a serious React server components security vulnerability, and the debut of Bitcoin Wrapped 2025.

It's a year-end mix of hard engineering talk, cryptographic concepts, dev-ops war stories, and community reflections.

Episode Summary

Stephen and Alex recap the final Atlanta BitDevs meetup of the year and then dive deep into several new Bitcoin and developer-adjacent topics. The discussion includes new BIP numbers, privacy-preserving collaborative custody for multisig, a consensus mismatch uncovered in NBitcoin thanks to fuzzing, a fresh ZmnSCPxj proposal for Lightning efficiency via private key handovers, and a major security alert affecting React server components (and by extension, many Next.js deployments).

The show closes with the premiere of the community-produced Bitcoin Wrapped 2025 — a Spotify-style year-in-review for the Atlanta BitDevs Socratic series — plus some reflection on the biggest themes of the year: covenants, quantum, regulatory pressure, BitVM, new soft fork proposals, and the rise of Bitcoin corporate treasuries.

Topics Covered 🆕 New BIP Assignments

• BIP 110: Reduced-Data Temporary Soft Fork

• BIP 89: Chain Code Delegation for Private Collaborative Custody

• Why BIPs get "real" numbers instead of meme numbers (no BIP 444, sorry Twitter).

• The logic behind keeping related BIPs numerically clustered.

🔐 BIP 89 – Improving Privacy in Collaborative Custody

• Traditional multisig setups (e.g., Unchained, Casa) expose all xpubs to the collaborative custodian.

• BIP 89 proposes a way to prevent sharing full xpub information using chain-code delegation.

• Custodians can co-sign emergency transactions without seeing all user addresses.

• Built around key-tweaking and Schnorr-like math — allowing assistance without surveillance.

• Potential applications for backup key providers, insurance models (Anchorage / AnchorWatch), and privacy-preserving multi-party vaults.

🐛 Differential Fuzzing Uncovers a Consensus Bug in NBitcoin

• A divergence found where Bitcoin Core marked a transaction invalid but NBitcoin marked it valid.

• Discovered via differential fuzzing — fuzzing two implementations simultaneously and comparing outputs.

• Lightning fuzzing and Bitcoin fuzzing continue to find subtle mismatches between CLN, LND, LDK, BTCD, etc.

• NBitcoin maintainer patched the issue and cut a release the same day.

• Importance for enterprise shops using .NET (BTCPayServer, Zebedee, large corporate stacks).

⚡ ZmnSCPxj's New Lightning Optimization: Private Key Handovers

• A proposal for more efficient on-chain HTLC resolution.

• If a Lightning channel's full balance ends up on one side, that party can be handed the ephemeral private key to spend HTLCs directly.

• Benefits:

  • Potential removal of anchor outputs

  • Unilateral RBF without interactivity

  • Easier UTXO consolidation

• Risks acknowledged: transporting private keys over the wire feels "icky" even with encryption.

• Not a re-architecture of Lightning — but an efficiency hack for edge cases.

🚨 Critical React Server Components Vulnerability

• A severe RCE (remote code execution) flaw in several React 19 builds.

• Affects most Next.js apps created or updated in 2025 due to default server components.

• Attackers could potentially exfiltrate environment variables:

  • API keys

  • Lightning node macaroons

  • Stripe/OpenAI credentials

• Fix timeline: discovered Nov 29 → patched Dec 1 → public advisory Dec 3.

• Advice: upgrade React/Next.js immediately and rotate environment secrets.

🎧 Bitcoin Wrapped 2025 — Year-in-Review

A custom end-of-year highlight reel for the Atlanta BitDevs Socratic Seminar series.

Some of the big recurring themes:

• Covenants — CTV, CSFS, OP_TAPLEAF_UPDATE_VERIFY, and endless debate

• Quantum — threat models, timelines, algorithmic risk

• Regulatory drama — ETF approvals, treasury strategies, debanking, global restrictions

• BitVM — hype, skepticism, experimentation

• Fork proposals — CTV+CSFS and RDTS as the two most publicly mobilized

• Corporate Bitcoin treasuries — and whether they should become Lightning service providers

• Hackathon wins from the ATL BitLab community

• A recognition that Bitcoin is no longer niche — it's fully mainstream technical culture

Links Mentioned

• BIP 89 (Chain Code Delegation)

• BIP 110 (Reduced-Data Temporary Soft Fork)

• NBitcoin project

• Bitcoin Fuzzing library

• Lightning Fuzz

• Delving Bitcoin posts from ZmnSCPxj

• React / Next.js CVE advisory

• Bitcoin Wrapped 2025 (ATL BitLab)

Closing Notes

Alex wraps up his final show of the year with a thank-you to listeners, welcomes suggestions for 2026 topics, and encourages everyone to find BitDevs Radio Hour on Fountain to send a boost.