Jameson Lopp

The next few years will bring a sharp increase in the amount of vulnerabilities found, systems breached, and data leaked. The importance of cold storage self custody for your bitcoin will become even more obvious.

1/8 Today, we introduce CTR, the coordination asset for the Bitcoin economy. Over the past two years, we built an end-to-end Bitcoin economy that relies on the Bitcoin Network as its source of truth. With CTR, we're handing control of this economy to the people who use it.

Sadly, I can no longer recommend Gandi for hosting services, as their support quality has tanked since they were acquired a few years ago. I used to be able to get a response within an hour or two if my server went unresponsive. My latest issue, which was a kernel problem I consider to be Gandi's fault for changing how their virtual machine hypervisor works, saw my support request hanging for 4 days before they sent a generic "this is your problem, we can recommend some third party consultants to pay if you want." Thankfully I didn't wait around for them and managed to resolve it myself in an hour with the support of an LLM.

It's important to internalize the Bullshit Asymmetry Principle to protect your time. When you encounter bullshit, don't bother trying to refute it - that's setting yourself up for a denial of service attack. Just say it's not worth refuting since the claims are unsubstantiated.

@SimplyBitcoin Sometimes it's better to remain silent and be thought a fool than to speak and remove all doubt.

Jeff Booth, Jack Klucznik and Nicholas Marino perfectly explain how a Quantum threat to Bitcoin is "nonsense." "Bitcoin is the answer. Bitcoin is physics."

Switching my VPN egress to Utah for the lulz x.com/tomshardware/s…

@intangiblecoins I'll be addressing all of these points, at length, soon. x.com/lopp/status/20…

i had many discussions about quantum & bitcoin in las vegas this week, both on and off stage, with skeptics, advocates, and many overall smart bitcoiners some consensus i feel is emerging: 1) satoshi’s coins (P2PK) should not be touched. violating his property rights could be disastrous for bitcoin’s core value proposition. but the risk is also lower than many realize — satoshi’s coins are in ~22,000 addresses, each of 50 BTC. a long range attack would have to crack them all (i.e., it’s not one giant honeypot). the giant honeypots are mostly exchanges or active entities who can upgrade to a PQ-address if needed, so mostly not realistically at risk. the hourglass proposal could also further mitigate if we thought long-range Qday was imminent meanwhile, neutral atom tech can only do long range attacks, and google quietly opened a neutral atom lab just prior to their recent paper (maybe just hedging, but possibly an admission of superconducting’s limitstions? unclear, but distinguishing between long & short range is essential, and impacts the satoshi-coin issue) data from @_Checkmatey_ and others also shows that bitcoin markets routinely absorb 1m+ BTC, even just from oct25 to pres, let alone during bull markets. suffer a 50% drawdown (even if it were possible to take all of satoshi’s coins) to preserve bitcoin’s core property rights? i think most bitcoiners would accept that trade off, particularly given the mitigations (satoshi’s many addresses, hourglass, and market’s capability to absorb them if needed) 2) it is good to work on new crypto for bitcoin, post-quantum or otherwise. developing it, testing it, compressing its signatures, proposing and debating implementation — all of these are good for bitcoin the risks are a) this work occupies people’s time, potentially diverting from other important work; b) something untested or too novel is added to the protocol; c) calls to implement on the protocol create consensus gridlock, hamper other upgrades but most people i talked with in las vegas agreed that background work, perhaps resulting in a new PQ implementation being “put on the shelf” in case it’s needed, is unequivocally a good thing. this mostly seemed to be a reasonable middle ground on the contentious mainstage panel as well, despite disagreements on urgency. perhaps with the right funding and resources, good work can be accomplished while 2a and 2b are mitigated? i do think quantum is a problem worth working on, even if there is only a 1% chance that it ever affects bitcoin. i also think alarm bells about urgency have ultimately been positive for pushing these discussions forward. but finally, i am also very encouraged that there are a lot of people who are indeed thinking deeply about the implications, mitigations, and solutions, including many bitcoin developers these are just my impressions and are definitely open to discussion and disagreement

@BoltAndBlocks @SimonDixonTwitt There are already half a dozen actively maintained non-Core implementations that AREN'T simply forks of Core.

@lopp @SimonDixonTwitt I'll take door 3 - an alternative node implementation that competes with Core. Knot that one - a new one.

Bitcoiners need to pay very close attention to what’s happening at the development layer. This is an open-source boardroom. Accountability sits with those writing the code, maintaining it and those committing pull requests need to be watched carefully. Don’t trust. Verify. And when those who allegedly visited Epstein island start trying to discredit investigations and get upset about certain articles, that’s when you pay even closer attention. That’s why we run nodes and keep an eye on miners too. The financial industrial complex have repeatedly tried to infiltrate and we have to always stay alert. Great work on this article. Looking forward to Part 3.

Over the next few months I'll publish a series of essays exploring Bitcoin + quantum issues, such as: * Quantum Attack Game Theory * Governance & Security Precedents * Quantum Resistant Rescue Research Subscribe here to ensure you don't miss them! blog.lopp.net/#/portal/signup

@DanielGKuhn I have google alerts set up.

@lopp frightening. did you update just if you happened to come across a news story or were you proactively filtering for articles?

To give you a better idea of how incomplete the Bitcoin Wrench Attack archive is... the French Prosecutor's office recently released some numbers. 2024: 18 (we had cataloged 1) 2025: 67 (we had cataloged 21) 2026: 47 (we had cataloged 21)

Millions of BTC could be vulnerable to quantum computers Bitcoin may someday need to sunset those addresses, but that could force a public migration Today we published a design to let that migration be costless and silent: Public Address-Control Timestamps (PACTs) Link in 🧵

@KryptoBeard13 Right; we can only know about the attacks that get media coverage. We do get a number of reports that we can't verify.

@lopp The gap between 67 real and 21 cataloged isn't a tracking problem. It's a silence problem. Most victims don't report. Every risk model built on public data is working from a floor, not a ceiling.

🚨Self Hosted Ghost Admins🚨 Critical vulnerability allows an attacker to completely pwn your ghost instance and read your admin keys, thus being able to log in & publish malicious code. Update ASAP, rotate keys, & look for unauthorized users. forum.ghost.org/t/if-you-are-o…

You can just do things. Or you can cry about others doing things.

@rjmacleod @nic_carter My author page got nerfed as well: coindesk.com/author/jameson…

@nic_carter Hey @nic_carter - Ryan from the product team at CoinDesk here. Alas, this certainly wasn't deliberate on our part. It looks like there was a technical issue with a previous migration. It should be back now: coindesk.com/author/nic-car… 🙏

from 2020 to 2025, I wrote 38 opinion pieces for Coindesk. today the link to almost every one is broken. and my author page is gone. so they are effectively erased from the internet. this is why you have to own your own distribution

@intangiblecoins @nic_carter Same. But thankfully I'm a paranoid digital archivist and backed all mine up; they live on my blog now.

@nic_carter wut

@CoopDville2000 Feel free to open an issue or pull request on this repository. Note that we need some sort of verifiable third party evidence such as media coverage / justice system records. github.com/jlopp/physical…

@lopp I still need to add my robbery info to your database of wrench attacks… I can find it on loop.net right?

Chicago drill rapper Lil Zay Osama is among six men facing robbery and kidnapping charges in a federal indictment for their role in a Winnetka home invasion that targeted a victim for their cryptocurrency. chicago.suntimes.com/chicago-gangs/…