• Crypto Insights
  • Security Risks in Bitcoin Protocols Using One-Time Signatures
  • Wrapless: Trustless Lending Protocol on Bitcoin
  • Shakespeare Enabled Vibe Coding on Nostr
  • Lightning Swaps As the Connective Tissue Between Bitcoin Layer 2s
  • Glock vs. BitVM1/2/3: A New Standard for Off-Chain Verification With Lowest On-Chain Cost
  • First USDT transfer from ETH to RGB via Lightning
  • Arkade Introduced Trust-minimized Delegation and Intent Coordination Framework

§Crypto Insights

§Security Risks in Bitcoin Protocols Using One-Time Signatures

The Fairgate team disclosed a vulnerability in Taproot-based protocols using one-time signatures (OTS), such as Winternitz. Attackers can steal funds by forcing a timeout, particularly in turn-based protocols. The flaw stems from verification scripts that fail to restrict the size of hash preimages—while hash outputs are fixed (32 or 20 bytes), preimages can be up to 520 bytes. By exploiting this, attackers can craft oversized preimages that prevent victims from submitting valid on-chain responses within Bitcoin’s transaction size and policy limits. To mitigate this, the team suggests using OP_DUP OP_SIZE OP_EQUALVERIFY in the script to restrict preimage size.

§Wrapless: Trustless Lending Protocol on Bitcoin

This paper introduces Wrapless—a lending protocol that enables the collateralization of bitcoins without requiring a trusted wrapping mechanism. The protocol facilitates a “loan channel” on Bitcoin, allowing Bitcoins to be locked as collateral for loans issued on any blockchain that supports Turing-complete smart contracts. The protocol is designed in a way that makes it economically irrational participants to manipulate the loan rules. However, significant research is still needed to bring the protocol closer to traditional Automated Market Maker financial instruments.

§Shakespeare Enabled Vibe Coding on Nostr

Soapbox has launched Shakespeare—an AI-powered vibe coding website builder built on Nostr. Users can create sites with natural language prompts, leveraging Nostr’s censorship resistance and open-source nature. Shakespeare helps users escape centralized platform lock-in and reclaim digital sovereignty.

§Lightning Swaps As the Connective Tissue Between Bitcoin Layer 2s

This article argues that the Lightning Network is emerging as the connective tissue linking Bitcoin’s many L2 protocols. The author suggests that Bitcoin scaling today falls into two camps:

• Bitcoin-native protocols (e.g., Arkade, Spark) that maintain compatibility with UTXOs and support unilateral exits with pre-signed Bitcoin transactions.
• Borrowed designs (e.g., rollups, EVM sidechains).

The problem is the lack of interoperability between these protocols. The proposed solution is Lightning Gateways, which can connect them to the Lightning Network.

At the Baltic Honeybadger conference, this was showcased in a real-world payment system powered by Arkade. Users paid with different wallets (Lightning, Fedimint, Spark, etc.), and merchants ultimately received Arkade’s VTXOs. The cross-protocol swap was handled by service providers like Boltz via Lightning. This means users and merchants don’t need to care which L2 the other side uses, and those emerging protocols can interoperate through Lightning.

§Glock vs. BitVM1/2/3: A New Standard for Off-Chain Verification With Lowest On-Chain Cost

David Seroy of Alpen Labs compared BitVM1/2/3 with Alpen Labs’ Glock in a recent video. Glock, based on garbled circuit locks, introduces a new cryptographic primitive enabling verification on Bitcoin at minimal on-chain cost.

The core principle is “authenticated” conditional disclosure of secrets—one party “authenticates” the input to the computation, and then using cryptography another party can derive a secret if that computation fails.

§First USDT transfer from ETH to RGB via Lightning

The Tricorn team has completed the first USDT transfer from Ethereum to RGB. This marks the debut of USDT issued as an RGB asset on Bitcoin, with instant settlement enabled through RGB Lightning.

§Arkade Introduced Trust-minimized Delegation and Intent Coordination Framework

Arkade introduced a new lifecycle management framework for VTXOs, addressing the limitations of Ark’s prior batch expiry model, which required users to periodically renew their VTXOs or risk losing unilateral exit rights if expired VTXOs were swept by operators.

The update brings delegation and intent-driven mechanism:

• Delegation: Users can authorize trusted third parties (friends, or professional services) to automatically renew VTXOs, while funds remain self-custodied. Delegates cannot seize or misuse assets.
• Intents: Leveraging BIP322 Bitcoin message signing, users can define intentions for execution. Delegates may only act within the allowed time frame and scope. Expired intents become void.

Users can configure multiple delegates with failover strategies, enhancing both convenience and security.