September 11, 2025 • 58 mins
Join the Bitcoin Veterans as they discuss the importance of Bitcoin Only Wallets and best practices.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Thank you.
(00:30):
Well, good morning, everybody.
It's Tuesday.
Thank you for joining Bitcoin Veteran Spaces number 260.
We're here for your listening pleasure.
Welcome in, welcome in.
Usually we talk about Bitcoin.
(00:51):
My name is Bob Van Kirk.
I'll be your host this morning.
I'm joined by producer Eric and co-host Texas Toast.
Today is Tuesday, September 9th, 2025, and let's take a look at the time chain.
We got TC up here.
Thank you, sir, for this amazing dashboard.
We are at Bitcoin block height number 913,910 with the Bitcoin price sitting just above $112,000,
(01:18):
which means you can pick up 890 sats for each U.S. dollar.
Get it while it's hot.
Awesome couple of announcements.
As a reminder, if you'd like to participate, we'd love to have you up here.
Just make a request to come up by hitting that little microphone button in the bottom left.
If you can't speak but would like to chime in, please do leave a comment in that little purple pill.
(01:41):
Hopefully that will light up here in a second when someone posts.
And remember, this is a Bitcoin-only show.
Second announcement.
Once again, Bitcoin Veterans is having our second annual summit on November 10th and 11th in Nashville, Tennessee.
(02:03):
Day one will be the conference day.
Day two is range day.
You'll be able to fire some firearms, which is pretty cool.
If you're looking to attend, please do visit BitcoinVeterans.org forward slash summit 2025.
I think we're still taking some speaker requests, panel topics, and we also need volunteers.
(02:25):
So please feel free to visit BitcoinVeterans.org forward slash Summit 2025.
Before we hop into the topics today, I want to say good morning to everybody.
Texas Toast, how are you this morning, sir?
I'm doing all right.
(02:45):
It's a beautiful day. It's warming up, though.
I was excited for fall to be in full force, but Texas always has a couple teasers.
We got Matrix toast this morning a little bit.
Yes, second summer is coming in Texas.
(03:06):
TC, thanks for joining us, sir. Good morning.
Oh, hey, good morning, guys.
full disclosure I am not a veteran
massive respect
appreciation to all you guys
for your service
just got to get that out the way
appreciate that
let's see who else are we looking at
(03:27):
here Eric did you want to say good morning
I think we got Neil too
Eric's the producer
you guys haven't followed him please do
rearranging the stage a little
bit. BFP, how are you, sir?
(03:50):
Oh, BFP.
What's going on, man? Captain Trips, how are you?
Good morning, Bob. It's a beautiful day here, at least
in the Washington, D.C. capital region.
And yeah, fall is here. Fall is coming.
I'm excited for the conference here in a few weeks
(04:12):
And hope to see some of the vets make it out here
Yes sir, thanks for that
AC, good morning
Hey, good morning everyone
Another beautiful day here in Colorado
No complaints
Looking forward to the chat this morning
Outstanding
(04:33):
Trying to kneel up on stage
Eric, maybe you can help me out with that
And your mic's live, Eric
Coleman, good morning, sir. How are you?
Hey, good morning, everybody. I am doing fantastic. No complaints on my end.
Awesome. Well, we did have a good discussion yesterday, but also on Friday,
(04:53):
we talked a little bit about maybe what not to do with self-custody.
And I'm hoping just with the name of the room, it's probably not going to take up the entire hour,
but wanted to kick off today with some talk about this NPM compromise
and just maybe lay it out for the listener.
(05:17):
What's going on with it?
Does it matter?
You know, there was a billion downloads they're reporting.
I find that hard to believe.
And I'm guessing a lot of that has to do with shitcoins that run through browsers
because it's a JavaScript thing.
So TC, go ahead, sir.
(05:37):
Thanks again for coming up
and would love to hear your take on this.
Okay.
Sorry if I hog the mic for a few minutes here
because I think it's important to get a better context.
I was really taken aback by the reaction
(05:57):
from the whole Bitcoin scene in my feed to this.
p.m. thing yesterday. There was a lot of shock. There was a lot of fear. There was a lot of worry.
And there was very little clarification and context being given about what exactly happened
and what are the actual like implications and what are the actual surface area of
(06:21):
this sort of hack that occurred. So I took an interest because as a web developer,
I've used NPM for years and years and years and years and it's a core piece of the toolkit
and JavaScript is one of the fundamental languages coding languages that's used to do
(06:51):
a lot of stuff that everybody uses every single day so I thought I first needed to kind of like
look into it and understand it better myself. And when I did come to understand what had happened,
I was a little shocked with the reaction that was had by the whole community because it's an
overreaction in my opinion. So real quick, JavaScript runs in your browser. It's one of the
(07:18):
few scripting languages. It's basically the primary scripting language that runs in your browser.
It's why websites far and wide and all kinds of things on your browser are using JavaScript to be able to make things interactive and functional and look really cool and do all kinds of amazing things.
(07:42):
So JavaScript is kind of like a ubiquitous coding language.
If you use the Internet, you're using JavaScript in your browser.
NPM stands for Node Package Manager.
Node is a particular sort of variant of JavaScript.
And essentially the way to understand this, it's basically a repository of a bunch of packages of code.
(08:04):
Let me help break that down.
You might have heard of GitHub.
It's basically like a central place where a lot of different software projects are stored, including Bitcoin itself.
And we have these centralized places where people coordinate on developing code.
And that also allows end users to download things in the case of open source stuff.
(08:27):
So NPM is kind of like this open source repository of a bunch of little code packages.
Think of it like a library of a bunch of little toolkits that other people have made.
And you install these things in your project, what you're building, in order to add particular functionality to your project.
(08:49):
And just for context, I think it's close to three million, it's about two and a half million MPM packages that exist out there.
So this is not a thing where there's just like a small number of these core little packages that people use.
There's just millions of them and people, anyone can make them.
(09:12):
Anyone can upload them.
There's a system built into NPM.
So you can easily see how many people have downloaded this and use those metrics as a
sense of, is this something new and untested or is this something sort of battle tested
and a little bit more sort of like adopted out there.
(09:32):
So basically what happens when you're building a website or a web application or doing something
with JavaScript, you typically install NPM and you download the packages for the functionality
that you want to use. In the case of this thing that happened, a particular developer that
maintained, I think it was 18 different packages, got a phishing email from some hackers and bit the
(10:00):
hook and basically had his NPM account compromised.
And subsequently, the 18 packages he maintains got updated by the malicious people with malware
that essentially tries to steal your crypto by swapping out addresses at the point of doing
(10:20):
transactions.
So this was kind of really important for me to establish when I first heard everyone saying,
NPM is compromised. JavaScript is compromised. You know, JavaScript has a lot of faults and,
you know, valid criticisms of it, but JavaScript is not compromised and NPM is not compromised.
(10:45):
This was literally a specific developer's account and 18 specific packages out of the two and a half
million that are out there. I looked at the package names. I did not recognize any of them.
I have never used any of those packages.
And fundamentally, if a piece of software had never used any of those packages, it's not even a discussion.
Okay?
(11:05):
Now, the real risk is after these hackers had breached this guy's account and updated these 18 packages,
what would have needed to happen is a piece of software, a developer who's building something,
building a wallet or something would have had to update one of those packages to get the malicious
(11:26):
update after the hack and before npm took these things down because npm did take these things down
so right now you can't download any of these um modified updated malware packages so i i haven't
locked down the exact hours of that but my understanding is it's something around like a day
(11:49):
Like this guy got breached and then NPM shut down the things.
I don't know.
It might even be a couple of days, but just think of it as literally this small window
where, you know, your favorite wallet that you use or whatever would have had to, first
of all, use one of these packages in their product, update the package in that window
(12:10):
of time, and then put out a new version of their software with that updated malicious
thing in there.
So, I mean, all of these things put together, this is like a very small surface area of real problems.
Okay.
And then I dug in a little more and it looked like it was very oriented around Ethereum and Solana stuff.
(12:33):
And so I don't know, man, I really feel like there's an understandable kind of divide between, you know, people like myself who work with this kind of code on a daily basis and have kind of a little more, you know, nuanced mental model of how all these things work.
(12:53):
And then the general like users out there, like all the Bitcoiners out there that are basically using these tools.
And then something like this pops up.
And when you hear the words supply chain attack, and that was one that really irked me.
Because like that is a terminology that we use when we talk about where did you get your hardware wallet?
And where did you, you know, literally who made it and how did it get into your hands from the manufacturer?
(13:18):
And how do you verify it's legit?
But I think the valuable thing in this is to realize the era that you live in and the software tools that you use are almost entirely not.
Let me rephrase that to a great extent.
Use these little third party packages.
(13:40):
And maybe a neat way to understand that in the context of Bitcoin is look at Bitcoin.
How Satoshi didn't just create every component of Bitcoin from scratch himself.
He didn't innovate all the composite pieces that he used to make Bitcoin.
He used other achievements from other people in the past that were functioning and working and used them like components and parts.
(14:04):
It's like, you know, you look under the hood of a car and there's all these different pieces and they were not all manufactured by the same person.
It's just the nature of the world we live in.
When you build sophisticated things, they have component parts.
And so it's one of these things where this is a potential reality for anything that uses software is that some component part that's under the hood gets compromised.
(14:30):
And then that compromised update makes it into the code of the software that you're using.
And then you download that new version that has the compromised piece in it And then problems occur It one of these things where people should just be aware that that part of the process of how software gets made
And what it requires is you've got to have some scrutiny and some skepticism about where you get the tools that you use.
(14:59):
because you, at the very least, should have some sense that the people creating the tools that you depend on care about these things.
We're also in an era where a ton of people are literally vibe coding, jumping on an AI, telling it,
I want to make an app that does blah, blah, blah, and they don't even know anything about the technical stuff under the hood.
(15:21):
And we're hearing a lot of stories in the last six months or a year about software coming out that has incredible vulnerabilities
and massive security flaws.
And so it's just the onus is on you, end user,
to be skeptical and have scrutiny and have standards
and take your time and assess things the best that you can.
(15:43):
There is no magic wand to make this problem go away.
You have to just be aware that you're living in a time
where these sophisticated tools that are magical to use
have component parts under the hood,
and the person who made it didn't make all those component parts.
And this is something I think that will pop up again and again,
(16:04):
but I think it's important when you get a big burst of concern and worry about
wallets getting compromised, it's important to take a step back,
pick it apart, and understand exactly what's going on there.
That was a great intro, and I really do think the community,
the reaction really stemmed from this just deep desire to get away from the
(16:32):
knots and core discussion.
But let's go to AC and would be curious to hear your thoughts as well.
You know, I raised my hand early on in TC's riff and, you know,
he covered a lot of what I was going to dive into. So yeah, that was pretty amazing TC.
(16:55):
But I did want to rewind back to the beginning and that's how everything started. And, you know,
I think a lot of people are looking for action items or actionable information that they can
utilize on their Bitcoin journey. So I want to kind of dive into that, that phishing attack that
kicked it off because that's something actionable for Bitcoiners. If you look at it and I,
(17:19):
I posted screenshots up in the nest for people to look at.
You know, when you decompose that phishing email,
the thing that jumped out at me and probably should jump out at people because
we're getting, you know,
bombarded by these things on a regular basis is that sense of urgency that was
framed in the message, you know,
that enticed him and eventually got the developer to click on that link to
(17:44):
update their 2FA.
So really, it's one of those things that people need to just kind of focus in on when you get these random messages that may look legitimate but weren't expected is, like TC said, to take a breath, zoom out, and, hey, is this legitimate or is this real?
Because if the person had ignored that or identified that as a phishing email and moved on, none of this would have happened.
(18:09):
And the second thing that I think people are looking for as far as actionable is, you know, looking at your security stack and how you conduct regular transactions.
You know, with AirGap hardware that has a screen built by a reputable company that is open source and will kind of rewind back into open source later with a secure element or that has an ephemeral configuration, something like a seed signer would have absolutely mitigated all of this.
(18:39):
You know, I think it's a little bit of sensationalism associated with this NPM hack, you know, and the big one there is air-gapped hardware with the screen.
You know, the attack focused on swapping addresses at the time of transaction.
With an air-gapped, with air-gapped hardware at the screen, you can verify the address offline air-gapped prior to signing.
(19:04):
A lot of these other crypto projects and shit coins, as a lot of people like to call them, you know, they're not necessarily human readable.
You're looking at an Ethereum or Solana smart contract with a bunch of gobbledygook, and it might take somebody a significant amount of time to decompose that on, you know, what is a smart contract doing and what are the addresses going to?
(19:24):
And that's the beauty and simplicity of Bitcoin is it doesn't have all of that extraneous information in a signed transaction.
And then open source, you know, I posted something in the comments.
TC was talking about this as well as the response from the NPM community.
Once those libraries or packages were getting updated by the malicious actor.
(19:50):
And really, it's the open source community that identified it within a matter of minutes.
and that's why you want Bitcoin tools,
whether they're hardware or software,
that are open source or at least source viewable
because there's a community of people
who are looking at and reviewing things.
The flip side of that is you have a closed source,
(20:13):
closed source hardware, closed source software
that no one else but the developers are looking at.
And just imagine the response time it would take
if the information there wasn't transparent
to anybody and everybody with an internet connection.
This potentially could have taken days, weeks, or months.
You look at other attacks or other breaches,
(20:33):
and they're not disclosed for months or years.
So that's the beauty of open source
and why I think a lot of Bitcoiners embrace open source
for some of that level of protection.
I mean, I'll admit I'm not a dev like TC,
so I can't read all the code.
I might've done it in the past,
But it's comforting to know that there are people like TC out there and many others who do have that know-how and are reviewing the code for the benefit of all Bitcoiners.
(21:01):
And I'll kind of land it.
Thanks.
Can I pile back on there just real quick?
If you use best practices in your self-custody, you avoid so many of these situations, and you can look at it and laugh it off if you want to.
Like serious.
Serious. Proper custody, if you do it air-gapped, makes you immune to these things in many respects, at least as far as, you know, your keys and your signing.
(21:33):
You know, it's one of these things that you have to kind of start to build an awareness of, even as a, you know, a non-coder person.
Like, notice the version that you're using of software.
And you need to be the captain.
You need to decide when it's time to update and don't feel pressured to update until you've verified from the person who's created that software that there's an urgent need to.
(21:59):
You know, this is kind of like a weird thing touching on like the node war stuff.
It's like nobody is forcing you to update your node.
If it's working, like leave it alone.
Same thing goes here for like the, you know, the tools you use with your Bitcoin.
Like, really, you should basically have that frame of mind. You should figure out how to use these things. And when you have a good setup, you need compelling reasons to make changes. And you're not as affected at all by all these kind of day-to-day, you know, breaches and hacks and things like that that happen on the web. Because if you're using best practices, your keys and everything are safely air-gapped away from all of that.
(22:39):
yeah thanks for that and i do think one of the good things that come out of that
this whole thing is uh explaining to people that they should be verifying their addresses
on those hardware wallets when they're doing a transaction uh puppy thanks for coming up this
morning see your hand go ahead yeah yeah i just put two things up in a nest here and it's just
(23:03):
like just take a step back and understand it's like fucking great now something else i gotta i
I got to worry about when aren't pilling.
And, you know, I've been here eight years.
First time I ever heard the term NPM.
All right.
And this is when you're in spaces a lot.
And so when we're out there, this is just a reminder for anyone else when you're talking to them.
And, you know, even like last year, terms like ordinals and inscriptions, it's like every year you're learning something new.
(23:26):
And this is just something when you have to understand even people that are here know sort of what they're doing.
You get sort of blindsided by this, so you can understand the hesitancy of anyone coming in and say, oh, yeah, just go ahead and self-custody, and you just leave them at it.
Yeah, go ahead and do it.
It's easy.
How do you not get this?
Well, I was just reminding people, yeah, sometimes stuff like this comes out.
(23:50):
So thankfully, guys like TC and AC and BTC Sessions that were quick to jump on this.
I don't know if TCR didn't want – you talked a bit to this, but it does seem that the Bitcoin only, SparrowWallet and ColdCard and Wasabi, all the Bitcoin-specific type stuff seems to be the least affected.
(24:11):
It seems to be more everything else.
Well, no, it's like they're not affected at all.
And look, I got to be honest.
Dude, I love BTC Sessions to death.
That guy is amazing.
I was shocked at his thing because he has such wide reach and he was coming out with a really like severe warning, take alarm kind of vibes.
And then I saw the sort of tirade of all of these different wallet makers saying our wallet software is not affected by this.
(24:39):
And it's like I didn't see anyone clarifying in any of that stuff because because you if you.
Sorry, Bob. Every time you open your mic, I hear myself echoing.
I'm sorry. I was just going to say, in his defense, and I agree with you,
I think that unfortunately he was informed of this during a live show,
(25:01):
and so he's just kind of going off the cuff, and due to his reach,
it just kind of spread out there like wildfire.
So I don't think he intended it to be like that.
Unfortunately, he hadn't gotten the time to do the full research.
It was kind of like, you know, off the cuff stuff and obviously something he knows about.
And so go ahead.
Yeah. No, I just wanted to say, like, you know, it's it's there's a lot of wallet software out there that doesn't even use JavaScript.
(25:28):
I mean, most wallets shouldn't be using JavaScript.
JavaScript is really for the browser mostly.
And then there is some server side use of it.
But it's basically like, you know, I think sort of coming from a more clarifying place would have actually sort of made a lot of those statements self-evident, you know.
(25:50):
And that's the kind of thing here that kind of triggered me yesterday is that everybody's saying NPM is compromised or that JavaScript is compromised.
And these are, you know, widely used, massive systems.
And when you look at the actual details of what happened here, this is actually very tightly scoped.
(26:11):
And, you know, and that's where, you know, I feel for the the plebs who are just like, oh, great.
What now? You know, you're just like waking up to Monday and like you're being told, oh, no, your your wallets are compromised.
It's like that's a shock that I don't think like people need to have.
And, you know, until it's really something like that, you know, it's kind of a crying wolf thing.
(26:37):
I don't blame Ben for jumping on the story and wanting to spread it if necessary.
But I think it's important that everybody try to clarify.
And, Pubby, you don't have to, like, understand this stuff deeply.
you should know that um i i'm i'm going to be shocked if any actual bitcoin tooling is impacted
(27:02):
here because like i said if they run some software that uses one of these npm packages and there's
only 18 of them by this specific developer out of two and a half million um they would have had to
update with the malicious code uh after the hack and before npm took it down and i believe that's
probably literally like a couple days max.
(27:24):
And so this is a super tight window in which very specific pieces of software
would have needed to be incorporated and then released in someone's product.
And it's just, I don't see it as a real sort of probable problem.
Well, and then specifically now, it should be all patched up and good to go.
(27:48):
I mean, anybody that was using a malicious version of this NPM packet, you would assume has patched it up with the newer non-malicious version.
Yeah, or rolled back to the pre-hack versions.
That's the neat thing about all these repositories.
You can always get the older version of these things.
(28:08):
Version control is really cool that way.
Yeah, I did want to go back to AC.
I see your hand.
Go ahead.
Yeah, thanks, Bob. I just wanted to kind of rewind back to something that you had mentioned as far as verifying addresses. I just added a comment in the bottom right corner.
(28:30):
One takeaway, another takeaway, I should say, for me is while this attack was mostly unsuccessful on shitcoin terms and likely not successful at all on Bitcoin terms, the takeaway here is these bad actors are actually doing their homework and increasing their level of targeted sophistication.
(28:53):
You know, they look at Bitcoiner, I'll call them TTPs from a military perspective, you know, our tactics, techniques and procedures.
You know, a lot of the videos, Ben Sessions included, verify your address, you know, and he used to say, look at the first couple letters and numbers, look at the last couple, make sure that they're good to go.
And then you're cleared hot to send. In his video yesterday, he did say, hey, during this time of uncertainty, verify the entire address.
(29:19):
one of the things that these malicious actors had implemented is that they included an algorithm that would evaluate the address the correct address that you would put in And then they had a list of 40 addresses that they controlled and they were looking for ones that were you know
(29:40):
graphically appeared to be as close to the actual address, but with one of their targeted addresses.
And so really what I'm saying is their level of sophistication is increasing and they're watching our actions and our response actions to events like this to up their level.
(30:01):
And so the takeaway for Bitcoiners is always be upgrading your personal security stack and your security model. Don't rest on your laurels thinking, hey, I've got my Bitcoin secured and I'm good to go and let me focus on something else.
Always, always, always be studying things. Take events like this as lessons learned and lessons observed that you can implement into your own lives. Because really, you know, this is probably the worst that the attack from this is the worst that it's going to be, and they're only going to get better.
(30:37):
And so, like I said, people are looking for things that are actionable.
This is another one that they can take into consideration.
Are you not even verifying your addresses?
Are you verifying, you know, certain portions?
And are you verifying them on a screen offline on a hardware device that is not connected to the Internet?
All things to think about.
Thanks.
(30:58):
Yeah, good stuff.
And I do think that, you know, this CTO at Ledger who kind of sounded the alarm on the quote-unquote supply chain attack did have a good message later on where he said, and I put that up in the nest, if your funds sit in a software wallet or on an exchange, you're one code execution away from losing everything.
(31:23):
And I think that that is why we talk about self-custody.
But as you guys have been discussing, as we've been discussing, there are pitfalls.
And so, you know, our hope is you guys see through all the noise and do this stuff safely.
So good topic. Does anybody have any other thoughts on this? Go ahead, D.C.
(31:46):
Yeah, one more thing. I mean, what AC said can't be repeated enough.
this comes back to a phrase I use regularly called best practices.
Best practices is basically the best that you know how
from what information you have available,
and that's going to evolve over time.
(32:08):
Best practices for me is I have literally three different times
that I verify the address in the process of creating, signing,
and then broadcasting my transaction.
because best practices to me is to use Sparrow on a desktop
where I have my XPUB and I form my transaction
(32:28):
and I'm checking the address that I'm going to be sending to there
very carefully the whole way through, every character.
And then I export the unsigned transaction to my signing device
where I review and verify that address once again and sign.
and then I bring it back to the Sparrow to broadcast
(32:50):
and I verify for a third time.
So you get a good setup that's actually like best security practices
and you're going to be confronted with a direct opportunity
to just do things in the ultimate way.
I seriously tell myself, this bank of TC,
and everybody's going to have their own.
(33:12):
You are your own bank.
like you need to take this seriously and it's absolutely pays dividends to spend an extra
minute or two making sure that where you're sending things is correct because there's no
undue and there's no customer service to call and every transaction is permanent once it's confirmed
(33:32):
so just you know that's it's part of the kind of like reinforcing the understanding of what's
happening. It should, you should kind of want to go through that verification ritual every time you
transact just to reinforce those concepts. Yeah. It kind of reminds me of, you know,
(33:53):
setting goals or, or writing down, you know, being a former banker, um, policy and procedure.
It's like, are you following procedure? And I think, you know, military vets probably have this
same ethos, right? You follow procedure and you do it for a reason and you practice it. And so I
think those are really good points. Anybody else have any other thoughts on this topic before we
(34:19):
move on to a couple other things that I wanted to hit this morning? I think we're going to talk a
little bit about this U.S. House Resolution 5166, CBDCs, Bitcoin. I know that stuff can be a little
boring, but I think it does kind of maybe cast some vision for maybe what's to come coming up.
(34:42):
And then also we got a couple other things that were on the docket and also in the comments.
Putin accused the U.S. of using crypto to urgently address the declining trust in the U.S. dollar.
So that one might be interesting. So, yeah, wanted to see if anybody had any other thoughts on the
NPM compromise or any thoughts on what I just brought up those other two topics.
(35:12):
All right. I'll get out the crickets. I'm just kidding.
Is everybody asleep this morning or what?
I didn't get to say good morning to Neil because I couldn't add him earlier.
Good morning, Neil. How are you?
I'm doing good.
It's just a really good stuff that at D&AC we're saying.
(35:37):
It's really cool to hear that broken down.
It did.
Your mic was a little bad.
We're going to bring up Puncher as well.
I'm guessing he has some thoughts.
Hopefully we can get him up here on stage.
Again, having a little problem this morning adding people to the stage.
(35:59):
But, yeah, we can really take this wherever you want.
Go ahead, Puncher.
Hey, Bob.
Good morning, guys.
I wanted to shift just a tad.
It seems like yesterday, and I'm going to get to it right here in just a second,
but it looks like Pentagon officials are proposing a departure from prioritizing,
(36:23):
protecting, or they are prioritizing protecting the homeland and the Western Hemisphere at
the expense of, you know, the Asia Pacific.
That came out in a policy paper yesterday that that's a huge paradigm shift.
Not sure if you guys saw that or not.
(36:44):
I'll try to post it in the nest.
But, you know, a friend of mine is the commander of the Indo-Pacific, Admiral Sam Paparo.
And that is his, obviously, his area of command.
I don't think people quite understand if that, it's just a section of the policy that came out yesterday.
(37:07):
That's a massive shift in how we're viewing, I guess, our military responsibilities.
So, um, I mean, honestly, puncher, it seems like a recognition of reality and kind of what's
and what's going on because, um, yeah, sorry to get it too far off topic, but this, you
(37:29):
know, I trained for, for those scenarios and going over there, um, and the job that I was
going to do it and it was probably the toughest ask you could, you could, uh, you could ask
poor to try to go head to head against China, protect all these, you know, small islands
(37:50):
and all these shipping lanes.
It's a freaking nightmare.
And it can't really like can't be done, you know, to an effective level.
And I think they're just seeing that there's a lot more juice to squeeze around here in
South America and Central America.
Absolutely.
I think we're heading into a multipolar world and it's a recognition of that.
(38:11):
And that gets to the point about what Russia said about us trying to kind of wither away our debt through stable coins.
And that's what we're doing.
I mean, it's not a secret.
The fact that they're calling us on it is, you know, it is what it is.
(38:32):
And I think that that's what we're going to see playing out here over the next year or so.
I don't know how that turns out, right?
In the global south, I mean, the goal is dollar hegemony.
So in places that we didn't have access to dollars, the global south, Africa, you now will.
(38:53):
And you also have access to Bitcoin, which is great for Bitcoin.
I don't know how great it is for those countries and what the second, third, and fourth order effects of that will be.
typically us exporting our debt and our inflation uh worldwide is not played out well for the
countries that you know that it ended up in but uh we we shall see but that is the plan and the
(39:16):
fact that russia just said it out loud shouldn't surprise anybody yeah i think it's a really good
point we kind of touched on yesterday um in my next comments here about canada um you know i
I think we often forget like this joke of Trump saying that Canada was going to be the 51st state.
They're rich in resources.
(39:37):
And as we move out of other regions and to your point, Puncher, about it being kind of a multipolar world, you know, you can see where Canada becomes even more important.
And if you look at it, I mean, they are really struggling.
Inflation's high.
They just gave stimulus to a certain segment of their population.
(40:01):
Their population is really in trouble based on all the immigration that they've had over the last couple of decades.
And they really have no national identity.
So that part's interesting to me, just being our, you know, quote-unquote closest ally and one of our bigger trade partners.
You really can see how things are shifting.
(40:25):
But Tao, were you wanting to comment on this topic or should we let Wade go and then we can circle back to you?
No, Wade. Yeah, I'll have something else.
Just wanted to say what Texas and what Poncho are hitting on there is, from my opinion, 100% correct.
For anyone who's ever spent any time on or around the Korean DMZ, I mean, that's a quagmire.
(40:50):
That's a nightmare. I mean, that place turns into like a hot war zone in there.
I mean, it's the most heavily mined and fortified land border on the entire planet.
And I just don't for us, you know, strategically kind of redeploying or retrenching here in the Western Hemisphere kind of does make some sense.
Considering where's the win in a hot war between China and the U.S.?
(41:14):
We choke off their oil and air components and they choke off our rare earth materials and minerals.
I mean, I don't see where the where's the when.
Yeah. And also, you know, you have to consider it's like, well, are we giving up on Taiwan and chips?
Well, no, we just acquired 10 percent of Intel instead.
So I think it's interesting to see, you know, kind of the chips moving in some of these these areas, too, in places where traditionally we've said like, hey, we can't let these things go.
(41:44):
Now, whether we let Taiwan go or not remains to be seen, but I do think it's a super interesting topic, Puncher.
And, yeah, thanks for bringing it up.
Does anybody have any other comments on this one?
Go ahead, sir.
It's just one data point.
I live about, you know, a baseball throw away from the new TSC manufacturing plant in Arizona.
(42:06):
And it is massive.
And they are building that thing so quickly, you know that they're in a hurry.
But that Taiwan semiconductor plant in, I think it's in Glendale, Arizona, off of I-17, looks like a city.
So we're not dilly-dallying on trying to pull chip manufacturing here into the United States to kind of offset what could potentially happen in Taiwan.
(42:33):
And I think this is just further evidence of the reality setting in that we're entering into a multipolar world.
Those alliances are monetary and trade alliances, and it's going to come down to kind of pick your side here.
I just hope that we're smart on our Bitcoin strategy as a, I guess, the Western alliance, you would say, because I think that that's the stronger money, and ultimately the stronger money wins the day.
(42:59):
Yeah, hopefully ICE doesn't raid that chip center, too.
yeah we talked about Hyundai yesterday um so appreciate that anybody else have any other
comments on this and I do want to say maybe uh before we do move on uh guys this is your show
I'm just trying to you know kind of steer the ship a little bit and uh do appreciate when people
(43:23):
like Puncher come up and uh give us some of these uh perspectives that I think are relevant to all
of us as people who are interested in Bitcoin.
So, Tao, let's circle back to you.
Did you want to bring up your topic as well here?
No, I just wanted to go back to what you guys were talking about earlier.
(43:44):
I was trying to get up here as soon as possible because you guys were talking about the whole
best practices, and I just wanted to give my opinion on that.
And I was trying to get up really quickly.
Feel free.
Go ahead.
It's an open show, so we're all good.
Okay. Go ahead.
Yeah So some of my best practices is I guess the first one would be whatever setup you going to do make sure that it not too complex where you not able to get back into your coins or if the people that you trust like you giving the keys to as well
(44:20):
that it's not too complicated for them.
So that's the first thing.
The other thing that I do, because I'm pretty paranoid with this whole thing
from the very, very beginning.
I was like, how can I really ensure that if I'm going to get into this
and I want to make sure I protect it fully.
So the second thing would be to have a pristine laptop.
(44:44):
I literally bought a brand new laptop just for the sake of my Bitcoin storage.
Installing only the bare minimum software, whatever I need just for that storage.
It's not used to browse any websites.
It's not used to check my email.
(45:05):
It's not used for anything.
It's literally just, you know, buy a brand new computer and install the necessary wallet software, which is what I use as Sparrow.
And that's it. I don't use it for anything else.
Because that way you'll prevent from accidentally downloading something that may be, you know, malicious.
(45:26):
one thing to do and I think not many people look this far deep into it is when you're doing a
bitcoin transaction there's so many checks that you can do and some people might feel that it may
not be necessary to do the full check and everything but when you're moving large amounts
(45:50):
you really want to be sure right so there's a few ways right of course the first way is
anytime you, you know, paste the destination address.
You're always going to start, right, copy and paste that whole JavaScript
or whatever script that may be used.
Once you paste it into the window, that actually reflects the address
(46:11):
that you wanted to send it to.
That's one check.
The other check is, of course, when you sign it through your device,
like your CodeFact device, it also gives you another confirmation.
So, hey, this transaction that we're generating is going to be sent to this address.
Now, does that address also match to the address that you want to send to as well?
(46:34):
So that's two checks.
The very last check you can do on top of that is, and this is where like, okay, I mean, you want to check it twice.
I have to check it again.
It's like you're using additional sources to check, right?
Because if you're moving a large amount, you want to be sure that it really works.
And so the third check would be actually have you have Bitcoin Core software installed on your computer, right, on your laptop.
(47:03):
And you go to BitcoinCore.org and you download that software.
You use that to open the transaction file that has already been signed.
You open it.
You haven't broadcast, right?
You open it and you can check that as well to see the destination address.
So you have three checks from almost like three different sources, Sparrow, CoCard, and Bitcoin Core.
(47:30):
So with everything all confirming that, hey, this is indeed the address that's sent to, then you can feel pretty safe.
Because like it's not doing a read, right?
after it's signed, after all that process,
it actually does an additional,
you can use, there's an option
to file open on Bitcoin Core
(47:51):
and you can open a transaction and view it.
So I think if you do all those things,
it should be pretty good.
Yeah, and everybody's got their own setup.
I think it's good.
Again, we were kind of talking about,
you know, just policy and procedure.
Follow your own rules.
If you have a good setup
and you're comfortable with it,
(48:11):
then don't go outside of that policy and procedure because hopefully you've had a well thought out policy and procedure and you can carry it through and not make,
you know, that's one of the things Ben was saying yesterday on his live feed is like not to make quick decisions.
(48:33):
And I think that's a really, a really good idea, right?
To slow down, think about what's going on, check your surroundings.
You know, there's all these things.
And so I think this, you know, if there's one good thing that's going to come out of this, it's these reminders, right?
Things that we can learn.
(48:55):
And it was kind of the goal on Friday, right, to talk about some of the pitfalls of self-custody so that people can learn from mistakes.
Now, this show, we have it maybe to draw some people in, but TC really laid out, I think, the truth and the signal.
And when you really look into it, it seems like only maybe a little over $500 worth of, I think, shitcoins were actually compromised from this attack.
(49:25):
So the sky is not falling.
Everything's good.
But learn from this so that future compromises don't put you in a position where you're making quick and fast decisions that could result in a loss of your stack.
So good stuff.
(49:45):
And it's fun, guys.
I love this forum where we can come together, talk about kind of this technical stuff, but then also, you know, some of the things going on globally that I think we're all somewhat interested in just because of the implications on Bitcoin.
Some of this geopolitical stuff is certainly interesting.
(50:07):
Hopefully we're not boring you as a listener, but we do this every weekday, 10 a.m. Eastern.
We'll do it again tomorrow.
And before we close it out here, kind of wanted to go around and see, you know,
we can have other topics here if you guys want or continue in on this NPM,
not so big of a compromise.
(50:27):
Go ahead, Tom.
Yeah, I wanted to make a comment earlier when Puncher was here
and you guys were talking about the dollar hegemony and how that works.
More of a question, actually, because, you know, my basic understanding,
it's not enough, right? I need to understand a little bit more. So we were talking about
the goal of spreading the dollar all across the world so that it's going to be used by
(50:53):
every country. And if that's the case, though, wouldn't that mean that there's going to be
so much dollars out there? And wouldn't that also imply that, hey, it's kind of like inflation?
I'm not sure if I'm getting it right
because the more dollars that are out there
the more that everybody's using it
(51:15):
doesn't that also
signal to people
wow, it's everywhere
and we understand
that when you have something that's so much of it
that it's inflation
it's not worth as much
so am I
understanding it wrong or something?
(51:35):
Well I'll let other people chime in
but one thing
it makes me think of is, and I think a lot of people have pushed this maybe same idea,
which is that, you know, a strengthening dollar or a prevalent dollar or ever increasing dollar
occurs first in what you could see where it would come first internationally from people who have
(52:01):
seen inflation and, you know, the debasement of their own currencies. And so they choose to use
the dollar, which is now going to be easier through stable coins.
And then it's like a rubber band where then that impacts to some degree us here in the
(52:22):
U.S., people who use U.S. dollars because there are so many U.S. dollars.
So I think, you know, then maybe some of these people would say, hey, maybe I should find
something that can't just be printed.
but I think this all takes time
and so maybe some other people have some thoughts on this or want to chime in
(52:43):
but I do think that this all comes back to
no matter where dollars increase
it impacts us all in some form or fashion
and this is why we Bitcoin
so anybody else want to chime in on that
or Tao, did that kind of help at all?
yeah no i think we're we're thinking along the same lines right so like you said anywhere that
(53:09):
the dollar increases whether it's the u.s or whether it's a different country if there's
going to be more dollars ultimately it's it's gonna not be worth as much so yeah i guess i guess
i do i do agree there yeah it's interesting too maybe in light of that uh maybe coleman wants to
(53:29):
continue to dance a little dance because gold hit another new all-time high.
And so we do see this continued lack of confidence in the dollar based on Putin's remarks.
And obviously, central banks continue to put pressure on the gold price by continuing to
(53:50):
accumulate it and not accumulate U.S. treasuries.
And so as much as the stable coins that we were just talking about will be prevalent, central banks certainly are not interested in dollars or dollar-denominated debt at this point based on what they're seeing.
(54:10):
And I think this kind of circles around back to kind of what Puncher's topic was, right, which is that it's going to be a bipolar world.
And everything that we see is kind of pointing to that fact.
So hopefully, you know, we're starting to put some of the pieces together.
And maybe before we close out the show, just other people want to chime in on that or final thoughts.
(54:31):
Wade, I know this topic is near and dear to your heart.
So curious to hear your thoughts.
I just wanted to look back, just doing like a yearly review of the neutral reserve asset charts, specifically gold and Bitcoin.
And I threw it up in the I posted it in the space and I'm just stunned at the price performance.
(54:57):
I mean, just multiples over a one year time period.
And just to see like gold and Bitcoin screaming the way they are, it just seems like something's wrong.
I can't quite put my finger on it. I don't know where it's going.
But, I mean, I don't think we've ever historically seen price appreciation and neutral reserve assets at this clip before, have we?
(55:19):
I don't think so. I don't have all the data. Anybody else want to chime in on that?
I'm sure there's been periods where hoarding of hoarding of gold has happened, but maybe not to this degree.
Yeah, it's kind of crazy that the movements are huge.
And I just kind of like, I feel it because I did recently sell some gold when Bitcoin was at $65,000.
(55:49):
And I was like, man, did I sell it at the wrong time, etc.?
But luckily, I bought gold. I mean, I bought Bitcoin with that when I sold the gold.
So in a way, well, I can't complain because it almost pretty much doubled.
so it's kind of like i think both uh assets are tremendous and it just goes to show that
(56:12):
when you have something that's finite and i'm gonna use this as my basic premise right that's
so the base premise is that hey you have something that's finite that has all the properties of money
there's just that way to go that's why people have been um holding assets like this from the
very beginning. And so what, why would that change? Right.
(56:35):
Why would that sort of thinking change when it's been around for thousands of
years and now you have even a more pristine asset that can be programmable
and can just be utilized in so many different ways. It's like,
it's just like a no brainer, I guess.
Yeah. Appreciate that.
(56:56):
I did want to give people one last chance here at the top of the hour.
any final thoughts AC
you had a lot to say this morning
anything you want to leave with everybody
before we wrap it up
I struck out and I had to do it
(57:17):
sorry about that alright guys well
that's a wrap we do this
every weekday 10am eastern hopefully you guys
enjoyed the show this morning
I know we bounced around a lot
but do appreciate all the speakers everybody
who listens in the background.
And please do follow the people that come up here.
I think they're out to help you.
And you should probably follow people who want to help you.
(57:39):
But if you do have further questions on your Bitcoin journey,
please do reach out to us, bitcoinveterans.org.
You can fill out the Connect form.
We'll get you plugged in to valuable resources to help you on your Bitcoin journey.
But that's all we have for today.
I want to wish you guys a wonderful Tuesday.
And remember, do not shitcoin.
(58:02):
It's like wearing cutoff jeans to a funeral.
And again, a lot of it is driven by the baby boomers.
So now let me explain to you why baby boomers suck.
(58:23):
And they suck for three main reasons.
People that use fiat currency as a store of value, we call them, we core.
We call them, we core.
(58:53):
Thank you.
Thank you.
(00:30):
Well, good morning, everybody.
It's Tuesday.
Thank you for joining Bitcoin Veteran Spaces number 260.
We're here for your listening pleasure.
Welcome in, welcome in.
Usually we talk about Bitcoin.
(00:51):
My name is Bob Van Kirk.
I'll be your host this morning.
I'm joined by producer Eric and co-host Texas Toast.
Today is Tuesday, September 9th, 2025, and let's take a look at the time chain.
We got TC up here.
Thank you, sir, for this amazing dashboard.
We are at Bitcoin block height number 913,910 with the Bitcoin price sitting just above $112,000,
(01:18):
which means you can pick up 890 sats for each U.S. dollar.
Get it while it's hot.
Awesome couple of announcements.
As a reminder, if you'd like to participate, we'd love to have you up here.
Just make a request to come up by hitting that little microphone button in the bottom left.
If you can't speak but would like to chime in, please do leave a comment in that little purple pill.
(01:41):
Hopefully that will light up here in a second when someone posts.
And remember, this is a Bitcoin-only show.
Second announcement.
Once again, Bitcoin Veterans is having our second annual summit on November 10th and 11th in Nashville, Tennessee.
(02:03):
Day one will be the conference day.
Day two is range day.
You'll be able to fire some firearms, which is pretty cool.
If you're looking to attend, please do visit BitcoinVeterans.org forward slash summit 2025.
I think we're still taking some speaker requests, panel topics, and we also need volunteers.
(02:25):
So please feel free to visit BitcoinVeterans.org forward slash Summit 2025.
Before we hop into the topics today, I want to say good morning to everybody.
Texas Toast, how are you this morning, sir?
I'm doing all right.
(02:45):
It's a beautiful day. It's warming up, though.
I was excited for fall to be in full force, but Texas always has a couple teasers.
We got Matrix toast this morning a little bit.
Yes, second summer is coming in Texas.
(03:06):
TC, thanks for joining us, sir. Good morning.
Oh, hey, good morning, guys.
full disclosure I am not a veteran
massive respect
appreciation to all you guys
for your service
just got to get that out the way
appreciate that
let's see who else are we looking at
(03:27):
here Eric did you want to say good morning
I think we got Neil too
Eric's the producer
you guys haven't followed him please do
rearranging the stage a little
bit. BFP, how are you, sir?
(03:50):
Oh, BFP.
What's going on, man? Captain Trips, how are you?
Good morning, Bob. It's a beautiful day here, at least
in the Washington, D.C. capital region.
And yeah, fall is here. Fall is coming.
I'm excited for the conference here in a few weeks
(04:12):
And hope to see some of the vets make it out here
Yes sir, thanks for that
AC, good morning
Hey, good morning everyone
Another beautiful day here in Colorado
No complaints
Looking forward to the chat this morning
Outstanding
(04:33):
Trying to kneel up on stage
Eric, maybe you can help me out with that
And your mic's live, Eric
Coleman, good morning, sir. How are you?
Hey, good morning, everybody. I am doing fantastic. No complaints on my end.
Awesome. Well, we did have a good discussion yesterday, but also on Friday,
(04:53):
we talked a little bit about maybe what not to do with self-custody.
And I'm hoping just with the name of the room, it's probably not going to take up the entire hour,
but wanted to kick off today with some talk about this NPM compromise
and just maybe lay it out for the listener.
(05:17):
What's going on with it?
Does it matter?
You know, there was a billion downloads they're reporting.
I find that hard to believe.
And I'm guessing a lot of that has to do with shitcoins that run through browsers
because it's a JavaScript thing.
So TC, go ahead, sir.
(05:37):
Thanks again for coming up
and would love to hear your take on this.
Okay.
Sorry if I hog the mic for a few minutes here
because I think it's important to get a better context.
I was really taken aback by the reaction
(05:57):
from the whole Bitcoin scene in my feed to this.
p.m. thing yesterday. There was a lot of shock. There was a lot of fear. There was a lot of worry.
And there was very little clarification and context being given about what exactly happened
and what are the actual like implications and what are the actual surface area of
(06:21):
this sort of hack that occurred. So I took an interest because as a web developer,
I've used NPM for years and years and years and years and it's a core piece of the toolkit
and JavaScript is one of the fundamental languages coding languages that's used to do
(06:51):
a lot of stuff that everybody uses every single day so I thought I first needed to kind of like
look into it and understand it better myself. And when I did come to understand what had happened,
I was a little shocked with the reaction that was had by the whole community because it's an
overreaction in my opinion. So real quick, JavaScript runs in your browser. It's one of the
(07:18):
few scripting languages. It's basically the primary scripting language that runs in your browser.
It's why websites far and wide and all kinds of things on your browser are using JavaScript to be able to make things interactive and functional and look really cool and do all kinds of amazing things.
(07:42):
So JavaScript is kind of like a ubiquitous coding language.
If you use the Internet, you're using JavaScript in your browser.
NPM stands for Node Package Manager.
Node is a particular sort of variant of JavaScript.
And essentially the way to understand this, it's basically a repository of a bunch of packages of code.
(08:04):
Let me help break that down.
You might have heard of GitHub.
It's basically like a central place where a lot of different software projects are stored, including Bitcoin itself.
And we have these centralized places where people coordinate on developing code.
And that also allows end users to download things in the case of open source stuff.
(08:27):
So NPM is kind of like this open source repository of a bunch of little code packages.
Think of it like a library of a bunch of little toolkits that other people have made.
And you install these things in your project, what you're building, in order to add particular functionality to your project.
(08:49):
And just for context, I think it's close to three million, it's about two and a half million MPM packages that exist out there.
So this is not a thing where there's just like a small number of these core little packages that people use.
There's just millions of them and people, anyone can make them.
(09:12):
Anyone can upload them.
There's a system built into NPM.
So you can easily see how many people have downloaded this and use those metrics as a
sense of, is this something new and untested or is this something sort of battle tested
and a little bit more sort of like adopted out there.
(09:32):
So basically what happens when you're building a website or a web application or doing something
with JavaScript, you typically install NPM and you download the packages for the functionality
that you want to use. In the case of this thing that happened, a particular developer that
maintained, I think it was 18 different packages, got a phishing email from some hackers and bit the
(10:00):
hook and basically had his NPM account compromised.
And subsequently, the 18 packages he maintains got updated by the malicious people with malware
that essentially tries to steal your crypto by swapping out addresses at the point of doing
(10:20):
transactions.
So this was kind of really important for me to establish when I first heard everyone saying,
NPM is compromised. JavaScript is compromised. You know, JavaScript has a lot of faults and,
you know, valid criticisms of it, but JavaScript is not compromised and NPM is not compromised.
(10:45):
This was literally a specific developer's account and 18 specific packages out of the two and a half
million that are out there. I looked at the package names. I did not recognize any of them.
I have never used any of those packages.
And fundamentally, if a piece of software had never used any of those packages, it's not even a discussion.
Okay?
(11:05):
Now, the real risk is after these hackers had breached this guy's account and updated these 18 packages,
what would have needed to happen is a piece of software, a developer who's building something,
building a wallet or something would have had to update one of those packages to get the malicious
(11:26):
update after the hack and before npm took these things down because npm did take these things down
so right now you can't download any of these um modified updated malware packages so i i haven't
locked down the exact hours of that but my understanding is it's something around like a day
(11:49):
Like this guy got breached and then NPM shut down the things.
I don't know.
It might even be a couple of days, but just think of it as literally this small window
where, you know, your favorite wallet that you use or whatever would have had to, first
of all, use one of these packages in their product, update the package in that window
(12:10):
of time, and then put out a new version of their software with that updated malicious
thing in there.
So, I mean, all of these things put together, this is like a very small surface area of real problems.
Okay.
And then I dug in a little more and it looked like it was very oriented around Ethereum and Solana stuff.
(12:33):
And so I don't know, man, I really feel like there's an understandable kind of divide between, you know, people like myself who work with this kind of code on a daily basis and have kind of a little more, you know, nuanced mental model of how all these things work.
(12:53):
And then the general like users out there, like all the Bitcoiners out there that are basically using these tools.
And then something like this pops up.
And when you hear the words supply chain attack, and that was one that really irked me.
Because like that is a terminology that we use when we talk about where did you get your hardware wallet?
And where did you, you know, literally who made it and how did it get into your hands from the manufacturer?
(13:18):
And how do you verify it's legit?
But I think the valuable thing in this is to realize the era that you live in and the software tools that you use are almost entirely not.
Let me rephrase that to a great extent.
Use these little third party packages.
(13:40):
And maybe a neat way to understand that in the context of Bitcoin is look at Bitcoin.
How Satoshi didn't just create every component of Bitcoin from scratch himself.
He didn't innovate all the composite pieces that he used to make Bitcoin.
He used other achievements from other people in the past that were functioning and working and used them like components and parts.
(14:04):
It's like, you know, you look under the hood of a car and there's all these different pieces and they were not all manufactured by the same person.
It's just the nature of the world we live in.
When you build sophisticated things, they have component parts.
And so it's one of these things where this is a potential reality for anything that uses software is that some component part that's under the hood gets compromised.
(14:30):
And then that compromised update makes it into the code of the software that you're using.
And then you download that new version that has the compromised piece in it And then problems occur It one of these things where people should just be aware that that part of the process of how software gets made
And what it requires is you've got to have some scrutiny and some skepticism about where you get the tools that you use.
(14:59):
because you, at the very least, should have some sense that the people creating the tools that you depend on care about these things.
We're also in an era where a ton of people are literally vibe coding, jumping on an AI, telling it,
I want to make an app that does blah, blah, blah, and they don't even know anything about the technical stuff under the hood.
(15:21):
And we're hearing a lot of stories in the last six months or a year about software coming out that has incredible vulnerabilities
and massive security flaws.
And so it's just the onus is on you, end user,
to be skeptical and have scrutiny and have standards
and take your time and assess things the best that you can.
(15:43):
There is no magic wand to make this problem go away.
You have to just be aware that you're living in a time
where these sophisticated tools that are magical to use
have component parts under the hood,
and the person who made it didn't make all those component parts.
And this is something I think that will pop up again and again,
(16:04):
but I think it's important when you get a big burst of concern and worry about
wallets getting compromised, it's important to take a step back,
pick it apart, and understand exactly what's going on there.
That was a great intro, and I really do think the community,
the reaction really stemmed from this just deep desire to get away from the
(16:32):
knots and core discussion.
But let's go to AC and would be curious to hear your thoughts as well.
You know, I raised my hand early on in TC's riff and, you know,
he covered a lot of what I was going to dive into. So yeah, that was pretty amazing TC.
(16:55):
But I did want to rewind back to the beginning and that's how everything started. And, you know,
I think a lot of people are looking for action items or actionable information that they can
utilize on their Bitcoin journey. So I want to kind of dive into that, that phishing attack that
kicked it off because that's something actionable for Bitcoiners. If you look at it and I,
(17:19):
I posted screenshots up in the nest for people to look at.
You know, when you decompose that phishing email,
the thing that jumped out at me and probably should jump out at people because
we're getting, you know,
bombarded by these things on a regular basis is that sense of urgency that was
framed in the message, you know,
that enticed him and eventually got the developer to click on that link to
(17:44):
update their 2FA.
So really, it's one of those things that people need to just kind of focus in on when you get these random messages that may look legitimate but weren't expected is, like TC said, to take a breath, zoom out, and, hey, is this legitimate or is this real?
Because if the person had ignored that or identified that as a phishing email and moved on, none of this would have happened.
(18:09):
And the second thing that I think people are looking for as far as actionable is, you know, looking at your security stack and how you conduct regular transactions.
You know, with AirGap hardware that has a screen built by a reputable company that is open source and will kind of rewind back into open source later with a secure element or that has an ephemeral configuration, something like a seed signer would have absolutely mitigated all of this.
(18:39):
You know, I think it's a little bit of sensationalism associated with this NPM hack, you know, and the big one there is air-gapped hardware with the screen.
You know, the attack focused on swapping addresses at the time of transaction.
With an air-gapped, with air-gapped hardware at the screen, you can verify the address offline air-gapped prior to signing.
(19:04):
A lot of these other crypto projects and shit coins, as a lot of people like to call them, you know, they're not necessarily human readable.
You're looking at an Ethereum or Solana smart contract with a bunch of gobbledygook, and it might take somebody a significant amount of time to decompose that on, you know, what is a smart contract doing and what are the addresses going to?
(19:24):
And that's the beauty and simplicity of Bitcoin is it doesn't have all of that extraneous information in a signed transaction.
And then open source, you know, I posted something in the comments.
TC was talking about this as well as the response from the NPM community.
Once those libraries or packages were getting updated by the malicious actor.
(19:50):
And really, it's the open source community that identified it within a matter of minutes.
and that's why you want Bitcoin tools,
whether they're hardware or software,
that are open source or at least source viewable
because there's a community of people
who are looking at and reviewing things.
The flip side of that is you have a closed source,
(20:13):
closed source hardware, closed source software
that no one else but the developers are looking at.
And just imagine the response time it would take
if the information there wasn't transparent
to anybody and everybody with an internet connection.
This potentially could have taken days, weeks, or months.
You look at other attacks or other breaches,
(20:33):
and they're not disclosed for months or years.
So that's the beauty of open source
and why I think a lot of Bitcoiners embrace open source
for some of that level of protection.
I mean, I'll admit I'm not a dev like TC,
so I can't read all the code.
I might've done it in the past,
But it's comforting to know that there are people like TC out there and many others who do have that know-how and are reviewing the code for the benefit of all Bitcoiners.
(21:01):
And I'll kind of land it.
Thanks.
Can I pile back on there just real quick?
If you use best practices in your self-custody, you avoid so many of these situations, and you can look at it and laugh it off if you want to.
Like serious.
Serious. Proper custody, if you do it air-gapped, makes you immune to these things in many respects, at least as far as, you know, your keys and your signing.
(21:33):
You know, it's one of these things that you have to kind of start to build an awareness of, even as a, you know, a non-coder person.
Like, notice the version that you're using of software.
And you need to be the captain.
You need to decide when it's time to update and don't feel pressured to update until you've verified from the person who's created that software that there's an urgent need to.
(21:59):
You know, this is kind of like a weird thing touching on like the node war stuff.
It's like nobody is forcing you to update your node.
If it's working, like leave it alone.
Same thing goes here for like the, you know, the tools you use with your Bitcoin.
Like, really, you should basically have that frame of mind. You should figure out how to use these things. And when you have a good setup, you need compelling reasons to make changes. And you're not as affected at all by all these kind of day-to-day, you know, breaches and hacks and things like that that happen on the web. Because if you're using best practices, your keys and everything are safely air-gapped away from all of that.
(22:39):
yeah thanks for that and i do think one of the good things that come out of that
this whole thing is uh explaining to people that they should be verifying their addresses
on those hardware wallets when they're doing a transaction uh puppy thanks for coming up this
morning see your hand go ahead yeah yeah i just put two things up in a nest here and it's just
(23:03):
like just take a step back and understand it's like fucking great now something else i gotta i
I got to worry about when aren't pilling.
And, you know, I've been here eight years.
First time I ever heard the term NPM.
All right.
And this is when you're in spaces a lot.
And so when we're out there, this is just a reminder for anyone else when you're talking to them.
And, you know, even like last year, terms like ordinals and inscriptions, it's like every year you're learning something new.
(23:26):
And this is just something when you have to understand even people that are here know sort of what they're doing.
You get sort of blindsided by this, so you can understand the hesitancy of anyone coming in and say, oh, yeah, just go ahead and self-custody, and you just leave them at it.
Yeah, go ahead and do it.
It's easy.
How do you not get this?
Well, I was just reminding people, yeah, sometimes stuff like this comes out.
(23:50):
So thankfully, guys like TC and AC and BTC Sessions that were quick to jump on this.
I don't know if TCR didn't want – you talked a bit to this, but it does seem that the Bitcoin only, SparrowWallet and ColdCard and Wasabi, all the Bitcoin-specific type stuff seems to be the least affected.
(24:11):
It seems to be more everything else.
Well, no, it's like they're not affected at all.
And look, I got to be honest.
Dude, I love BTC Sessions to death.
That guy is amazing.
I was shocked at his thing because he has such wide reach and he was coming out with a really like severe warning, take alarm kind of vibes.
And then I saw the sort of tirade of all of these different wallet makers saying our wallet software is not affected by this.
(24:39):
And it's like I didn't see anyone clarifying in any of that stuff because because you if you.
Sorry, Bob. Every time you open your mic, I hear myself echoing.
I'm sorry. I was just going to say, in his defense, and I agree with you,
I think that unfortunately he was informed of this during a live show,
(25:01):
and so he's just kind of going off the cuff, and due to his reach,
it just kind of spread out there like wildfire.
So I don't think he intended it to be like that.
Unfortunately, he hadn't gotten the time to do the full research.
It was kind of like, you know, off the cuff stuff and obviously something he knows about.
And so go ahead.
Yeah. No, I just wanted to say, like, you know, it's it's there's a lot of wallet software out there that doesn't even use JavaScript.
(25:28):
I mean, most wallets shouldn't be using JavaScript.
JavaScript is really for the browser mostly.
And then there is some server side use of it.
But it's basically like, you know, I think sort of coming from a more clarifying place would have actually sort of made a lot of those statements self-evident, you know.
(25:50):
And that's the kind of thing here that kind of triggered me yesterday is that everybody's saying NPM is compromised or that JavaScript is compromised.
And these are, you know, widely used, massive systems.
And when you look at the actual details of what happened here, this is actually very tightly scoped.
(26:11):
And, you know, and that's where, you know, I feel for the the plebs who are just like, oh, great.
What now? You know, you're just like waking up to Monday and like you're being told, oh, no, your your wallets are compromised.
It's like that's a shock that I don't think like people need to have.
And, you know, until it's really something like that, you know, it's kind of a crying wolf thing.
(26:37):
I don't blame Ben for jumping on the story and wanting to spread it if necessary.
But I think it's important that everybody try to clarify.
And, Pubby, you don't have to, like, understand this stuff deeply.
you should know that um i i'm i'm going to be shocked if any actual bitcoin tooling is impacted
(27:02):
here because like i said if they run some software that uses one of these npm packages and there's
only 18 of them by this specific developer out of two and a half million um they would have had to
update with the malicious code uh after the hack and before npm took it down and i believe that's
probably literally like a couple days max.
(27:24):
And so this is a super tight window in which very specific pieces of software
would have needed to be incorporated and then released in someone's product.
And it's just, I don't see it as a real sort of probable problem.
Well, and then specifically now, it should be all patched up and good to go.
(27:48):
I mean, anybody that was using a malicious version of this NPM packet, you would assume has patched it up with the newer non-malicious version.
Yeah, or rolled back to the pre-hack versions.
That's the neat thing about all these repositories.
You can always get the older version of these things.
(28:08):
Version control is really cool that way.
Yeah, I did want to go back to AC.
I see your hand.
Go ahead.
Yeah, thanks, Bob. I just wanted to kind of rewind back to something that you had mentioned as far as verifying addresses. I just added a comment in the bottom right corner.
(28:30):
One takeaway, another takeaway, I should say, for me is while this attack was mostly unsuccessful on shitcoin terms and likely not successful at all on Bitcoin terms, the takeaway here is these bad actors are actually doing their homework and increasing their level of targeted sophistication.
(28:53):
You know, they look at Bitcoiner, I'll call them TTPs from a military perspective, you know, our tactics, techniques and procedures.
You know, a lot of the videos, Ben Sessions included, verify your address, you know, and he used to say, look at the first couple letters and numbers, look at the last couple, make sure that they're good to go.
And then you're cleared hot to send. In his video yesterday, he did say, hey, during this time of uncertainty, verify the entire address.
(29:19):
one of the things that these malicious actors had implemented is that they included an algorithm that would evaluate the address the correct address that you would put in And then they had a list of 40 addresses that they controlled and they were looking for ones that were you know
(29:40):
graphically appeared to be as close to the actual address, but with one of their targeted addresses.
And so really what I'm saying is their level of sophistication is increasing and they're watching our actions and our response actions to events like this to up their level.
(30:01):
And so the takeaway for Bitcoiners is always be upgrading your personal security stack and your security model. Don't rest on your laurels thinking, hey, I've got my Bitcoin secured and I'm good to go and let me focus on something else.
Always, always, always be studying things. Take events like this as lessons learned and lessons observed that you can implement into your own lives. Because really, you know, this is probably the worst that the attack from this is the worst that it's going to be, and they're only going to get better.
(30:37):
And so, like I said, people are looking for things that are actionable.
This is another one that they can take into consideration.
Are you not even verifying your addresses?
Are you verifying, you know, certain portions?
And are you verifying them on a screen offline on a hardware device that is not connected to the Internet?
All things to think about.
Thanks.
(30:58):
Yeah, good stuff.
And I do think that, you know, this CTO at Ledger who kind of sounded the alarm on the quote-unquote supply chain attack did have a good message later on where he said, and I put that up in the nest, if your funds sit in a software wallet or on an exchange, you're one code execution away from losing everything.
(31:23):
And I think that that is why we talk about self-custody.
But as you guys have been discussing, as we've been discussing, there are pitfalls.
And so, you know, our hope is you guys see through all the noise and do this stuff safely.
So good topic. Does anybody have any other thoughts on this? Go ahead, D.C.
(31:46):
Yeah, one more thing. I mean, what AC said can't be repeated enough.
this comes back to a phrase I use regularly called best practices.
Best practices is basically the best that you know how
from what information you have available,
and that's going to evolve over time.
(32:08):
Best practices for me is I have literally three different times
that I verify the address in the process of creating, signing,
and then broadcasting my transaction.
because best practices to me is to use Sparrow on a desktop
where I have my XPUB and I form my transaction
(32:28):
and I'm checking the address that I'm going to be sending to there
very carefully the whole way through, every character.
And then I export the unsigned transaction to my signing device
where I review and verify that address once again and sign.
and then I bring it back to the Sparrow to broadcast
(32:50):
and I verify for a third time.
So you get a good setup that's actually like best security practices
and you're going to be confronted with a direct opportunity
to just do things in the ultimate way.
I seriously tell myself, this bank of TC,
and everybody's going to have their own.
(33:12):
You are your own bank.
like you need to take this seriously and it's absolutely pays dividends to spend an extra
minute or two making sure that where you're sending things is correct because there's no
undue and there's no customer service to call and every transaction is permanent once it's confirmed
(33:32):
so just you know that's it's part of the kind of like reinforcing the understanding of what's
happening. It should, you should kind of want to go through that verification ritual every time you
transact just to reinforce those concepts. Yeah. It kind of reminds me of, you know,
(33:53):
setting goals or, or writing down, you know, being a former banker, um, policy and procedure.
It's like, are you following procedure? And I think, you know, military vets probably have this
same ethos, right? You follow procedure and you do it for a reason and you practice it. And so I
think those are really good points. Anybody else have any other thoughts on this topic before we
(34:19):
move on to a couple other things that I wanted to hit this morning? I think we're going to talk a
little bit about this U.S. House Resolution 5166, CBDCs, Bitcoin. I know that stuff can be a little
boring, but I think it does kind of maybe cast some vision for maybe what's to come coming up.
(34:42):
And then also we got a couple other things that were on the docket and also in the comments.
Putin accused the U.S. of using crypto to urgently address the declining trust in the U.S. dollar.
So that one might be interesting. So, yeah, wanted to see if anybody had any other thoughts on the
NPM compromise or any thoughts on what I just brought up those other two topics.
(35:12):
All right. I'll get out the crickets. I'm just kidding.
Is everybody asleep this morning or what?
I didn't get to say good morning to Neil because I couldn't add him earlier.
Good morning, Neil. How are you?
I'm doing good.
It's just a really good stuff that at D&AC we're saying.
(35:37):
It's really cool to hear that broken down.
It did.
Your mic was a little bad.
We're going to bring up Puncher as well.
I'm guessing he has some thoughts.
Hopefully we can get him up here on stage.
Again, having a little problem this morning adding people to the stage.
(35:59):
But, yeah, we can really take this wherever you want.
Go ahead, Puncher.
Hey, Bob.
Good morning, guys.
I wanted to shift just a tad.
It seems like yesterday, and I'm going to get to it right here in just a second,
but it looks like Pentagon officials are proposing a departure from prioritizing,
(36:23):
protecting, or they are prioritizing protecting the homeland and the Western Hemisphere at
the expense of, you know, the Asia Pacific.
That came out in a policy paper yesterday that that's a huge paradigm shift.
Not sure if you guys saw that or not.
(36:44):
I'll try to post it in the nest.
But, you know, a friend of mine is the commander of the Indo-Pacific, Admiral Sam Paparo.
And that is his, obviously, his area of command.
I don't think people quite understand if that, it's just a section of the policy that came out yesterday.
(37:07):
That's a massive shift in how we're viewing, I guess, our military responsibilities.
So, um, I mean, honestly, puncher, it seems like a recognition of reality and kind of what's
and what's going on because, um, yeah, sorry to get it too far off topic, but this, you
(37:29):
know, I trained for, for those scenarios and going over there, um, and the job that I was
going to do it and it was probably the toughest ask you could, you could, uh, you could ask
poor to try to go head to head against China, protect all these, you know, small islands
(37:50):
and all these shipping lanes.
It's a freaking nightmare.
And it can't really like can't be done, you know, to an effective level.
And I think they're just seeing that there's a lot more juice to squeeze around here in
South America and Central America.
Absolutely.
I think we're heading into a multipolar world and it's a recognition of that.
(38:11):
And that gets to the point about what Russia said about us trying to kind of wither away our debt through stable coins.
And that's what we're doing.
I mean, it's not a secret.
The fact that they're calling us on it is, you know, it is what it is.
(38:32):
And I think that that's what we're going to see playing out here over the next year or so.
I don't know how that turns out, right?
In the global south, I mean, the goal is dollar hegemony.
So in places that we didn't have access to dollars, the global south, Africa, you now will.
(38:53):
And you also have access to Bitcoin, which is great for Bitcoin.
I don't know how great it is for those countries and what the second, third, and fourth order effects of that will be.
typically us exporting our debt and our inflation uh worldwide is not played out well for the
countries that you know that it ended up in but uh we we shall see but that is the plan and the
(39:16):
fact that russia just said it out loud shouldn't surprise anybody yeah i think it's a really good
point we kind of touched on yesterday um in my next comments here about canada um you know i
I think we often forget like this joke of Trump saying that Canada was going to be the 51st state.
They're rich in resources.
(39:37):
And as we move out of other regions and to your point, Puncher, about it being kind of a multipolar world, you know, you can see where Canada becomes even more important.
And if you look at it, I mean, they are really struggling.
Inflation's high.
They just gave stimulus to a certain segment of their population.
(40:01):
Their population is really in trouble based on all the immigration that they've had over the last couple of decades.
And they really have no national identity.
So that part's interesting to me, just being our, you know, quote-unquote closest ally and one of our bigger trade partners.
You really can see how things are shifting.
(40:25):
But Tao, were you wanting to comment on this topic or should we let Wade go and then we can circle back to you?
No, Wade. Yeah, I'll have something else.
Just wanted to say what Texas and what Poncho are hitting on there is, from my opinion, 100% correct.
For anyone who's ever spent any time on or around the Korean DMZ, I mean, that's a quagmire.
(40:50):
That's a nightmare. I mean, that place turns into like a hot war zone in there.
I mean, it's the most heavily mined and fortified land border on the entire planet.
And I just don't for us, you know, strategically kind of redeploying or retrenching here in the Western Hemisphere kind of does make some sense.
Considering where's the win in a hot war between China and the U.S.?
(41:14):
We choke off their oil and air components and they choke off our rare earth materials and minerals.
I mean, I don't see where the where's the when.
Yeah. And also, you know, you have to consider it's like, well, are we giving up on Taiwan and chips?
Well, no, we just acquired 10 percent of Intel instead.
So I think it's interesting to see, you know, kind of the chips moving in some of these these areas, too, in places where traditionally we've said like, hey, we can't let these things go.
(41:44):
Now, whether we let Taiwan go or not remains to be seen, but I do think it's a super interesting topic, Puncher.
And, yeah, thanks for bringing it up.
Does anybody have any other comments on this one?
Go ahead, sir.
It's just one data point.
I live about, you know, a baseball throw away from the new TSC manufacturing plant in Arizona.
(42:06):
And it is massive.
And they are building that thing so quickly, you know that they're in a hurry.
But that Taiwan semiconductor plant in, I think it's in Glendale, Arizona, off of I-17, looks like a city.
So we're not dilly-dallying on trying to pull chip manufacturing here into the United States to kind of offset what could potentially happen in Taiwan.
(42:33):
And I think this is just further evidence of the reality setting in that we're entering into a multipolar world.
Those alliances are monetary and trade alliances, and it's going to come down to kind of pick your side here.
I just hope that we're smart on our Bitcoin strategy as a, I guess, the Western alliance, you would say, because I think that that's the stronger money, and ultimately the stronger money wins the day.
(42:59):
Yeah, hopefully ICE doesn't raid that chip center, too.
yeah we talked about Hyundai yesterday um so appreciate that anybody else have any other
comments on this and I do want to say maybe uh before we do move on uh guys this is your show
I'm just trying to you know kind of steer the ship a little bit and uh do appreciate when people
(43:23):
like Puncher come up and uh give us some of these uh perspectives that I think are relevant to all
of us as people who are interested in Bitcoin.
So, Tao, let's circle back to you.
Did you want to bring up your topic as well here?
No, I just wanted to go back to what you guys were talking about earlier.
(43:44):
I was trying to get up here as soon as possible because you guys were talking about the whole
best practices, and I just wanted to give my opinion on that.
And I was trying to get up really quickly.
Feel free.
Go ahead.
It's an open show, so we're all good.
Okay. Go ahead.
Yeah So some of my best practices is I guess the first one would be whatever setup you going to do make sure that it not too complex where you not able to get back into your coins or if the people that you trust like you giving the keys to as well
(44:20):
that it's not too complicated for them.
So that's the first thing.
The other thing that I do, because I'm pretty paranoid with this whole thing
from the very, very beginning.
I was like, how can I really ensure that if I'm going to get into this
and I want to make sure I protect it fully.
So the second thing would be to have a pristine laptop.
(44:44):
I literally bought a brand new laptop just for the sake of my Bitcoin storage.
Installing only the bare minimum software, whatever I need just for that storage.
It's not used to browse any websites.
It's not used to check my email.
(45:05):
It's not used for anything.
It's literally just, you know, buy a brand new computer and install the necessary wallet software, which is what I use as Sparrow.
And that's it. I don't use it for anything else.
Because that way you'll prevent from accidentally downloading something that may be, you know, malicious.
(45:26):
one thing to do and I think not many people look this far deep into it is when you're doing a
bitcoin transaction there's so many checks that you can do and some people might feel that it may
not be necessary to do the full check and everything but when you're moving large amounts
(45:50):
you really want to be sure right so there's a few ways right of course the first way is
anytime you, you know, paste the destination address.
You're always going to start, right, copy and paste that whole JavaScript
or whatever script that may be used.
Once you paste it into the window, that actually reflects the address
(46:11):
that you wanted to send it to.
That's one check.
The other check is, of course, when you sign it through your device,
like your CodeFact device, it also gives you another confirmation.
So, hey, this transaction that we're generating is going to be sent to this address.
Now, does that address also match to the address that you want to send to as well?
(46:34):
So that's two checks.
The very last check you can do on top of that is, and this is where like, okay, I mean, you want to check it twice.
I have to check it again.
It's like you're using additional sources to check, right?
Because if you're moving a large amount, you want to be sure that it really works.
And so the third check would be actually have you have Bitcoin Core software installed on your computer, right, on your laptop.
(47:03):
And you go to BitcoinCore.org and you download that software.
You use that to open the transaction file that has already been signed.
You open it.
You haven't broadcast, right?
You open it and you can check that as well to see the destination address.
So you have three checks from almost like three different sources, Sparrow, CoCard, and Bitcoin Core.
(47:30):
So with everything all confirming that, hey, this is indeed the address that's sent to, then you can feel pretty safe.
Because like it's not doing a read, right?
after it's signed, after all that process,
it actually does an additional,
you can use, there's an option
to file open on Bitcoin Core
(47:51):
and you can open a transaction and view it.
So I think if you do all those things,
it should be pretty good.
Yeah, and everybody's got their own setup.
I think it's good.
Again, we were kind of talking about,
you know, just policy and procedure.
Follow your own rules.
If you have a good setup
and you're comfortable with it,
(48:11):
then don't go outside of that policy and procedure because hopefully you've had a well thought out policy and procedure and you can carry it through and not make,
you know, that's one of the things Ben was saying yesterday on his live feed is like not to make quick decisions.
(48:33):
And I think that's a really, a really good idea, right?
To slow down, think about what's going on, check your surroundings.
You know, there's all these things.
And so I think this, you know, if there's one good thing that's going to come out of this, it's these reminders, right?
Things that we can learn.
(48:55):
And it was kind of the goal on Friday, right, to talk about some of the pitfalls of self-custody so that people can learn from mistakes.
Now, this show, we have it maybe to draw some people in, but TC really laid out, I think, the truth and the signal.
And when you really look into it, it seems like only maybe a little over $500 worth of, I think, shitcoins were actually compromised from this attack.
(49:25):
So the sky is not falling.
Everything's good.
But learn from this so that future compromises don't put you in a position where you're making quick and fast decisions that could result in a loss of your stack.
So good stuff.
(49:45):
And it's fun, guys.
I love this forum where we can come together, talk about kind of this technical stuff, but then also, you know, some of the things going on globally that I think we're all somewhat interested in just because of the implications on Bitcoin.
Some of this geopolitical stuff is certainly interesting.
(50:07):
Hopefully we're not boring you as a listener, but we do this every weekday, 10 a.m. Eastern.
We'll do it again tomorrow.
And before we close it out here, kind of wanted to go around and see, you know,
we can have other topics here if you guys want or continue in on this NPM,
not so big of a compromise.
(50:27):
Go ahead, Tom.
Yeah, I wanted to make a comment earlier when Puncher was here
and you guys were talking about the dollar hegemony and how that works.
More of a question, actually, because, you know, my basic understanding,
it's not enough, right? I need to understand a little bit more. So we were talking about
the goal of spreading the dollar all across the world so that it's going to be used by
(50:53):
every country. And if that's the case, though, wouldn't that mean that there's going to be
so much dollars out there? And wouldn't that also imply that, hey, it's kind of like inflation?
I'm not sure if I'm getting it right
because the more dollars that are out there
the more that everybody's using it
(51:15):
doesn't that also
signal to people
wow, it's everywhere
and we understand
that when you have something that's so much of it
that it's inflation
it's not worth as much
so am I
understanding it wrong or something?
(51:35):
Well I'll let other people chime in
but one thing
it makes me think of is, and I think a lot of people have pushed this maybe same idea,
which is that, you know, a strengthening dollar or a prevalent dollar or ever increasing dollar
occurs first in what you could see where it would come first internationally from people who have
(52:01):
seen inflation and, you know, the debasement of their own currencies. And so they choose to use
the dollar, which is now going to be easier through stable coins.
And then it's like a rubber band where then that impacts to some degree us here in the
(52:22):
U.S., people who use U.S. dollars because there are so many U.S. dollars.
So I think, you know, then maybe some of these people would say, hey, maybe I should find
something that can't just be printed.
but I think this all takes time
and so maybe some other people have some thoughts on this or want to chime in
(52:43):
but I do think that this all comes back to
no matter where dollars increase
it impacts us all in some form or fashion
and this is why we Bitcoin
so anybody else want to chime in on that
or Tao, did that kind of help at all?
yeah no i think we're we're thinking along the same lines right so like you said anywhere that
(53:09):
the dollar increases whether it's the u.s or whether it's a different country if there's
going to be more dollars ultimately it's it's gonna not be worth as much so yeah i guess i guess
i do i do agree there yeah it's interesting too maybe in light of that uh maybe coleman wants to
(53:29):
continue to dance a little dance because gold hit another new all-time high.
And so we do see this continued lack of confidence in the dollar based on Putin's remarks.
And obviously, central banks continue to put pressure on the gold price by continuing to
(53:50):
accumulate it and not accumulate U.S. treasuries.
And so as much as the stable coins that we were just talking about will be prevalent, central banks certainly are not interested in dollars or dollar-denominated debt at this point based on what they're seeing.
(54:10):
And I think this kind of circles around back to kind of what Puncher's topic was, right, which is that it's going to be a bipolar world.
And everything that we see is kind of pointing to that fact.
So hopefully, you know, we're starting to put some of the pieces together.
And maybe before we close out the show, just other people want to chime in on that or final thoughts.
(54:31):
Wade, I know this topic is near and dear to your heart.
So curious to hear your thoughts.
I just wanted to look back, just doing like a yearly review of the neutral reserve asset charts, specifically gold and Bitcoin.
And I threw it up in the I posted it in the space and I'm just stunned at the price performance.
(54:57):
I mean, just multiples over a one year time period.
And just to see like gold and Bitcoin screaming the way they are, it just seems like something's wrong.
I can't quite put my finger on it. I don't know where it's going.
But, I mean, I don't think we've ever historically seen price appreciation and neutral reserve assets at this clip before, have we?
(55:19):
I don't think so. I don't have all the data. Anybody else want to chime in on that?
I'm sure there's been periods where hoarding of hoarding of gold has happened, but maybe not to this degree.
Yeah, it's kind of crazy that the movements are huge.
And I just kind of like, I feel it because I did recently sell some gold when Bitcoin was at $65,000.
(55:49):
And I was like, man, did I sell it at the wrong time, etc.?
But luckily, I bought gold. I mean, I bought Bitcoin with that when I sold the gold.
So in a way, well, I can't complain because it almost pretty much doubled.
so it's kind of like i think both uh assets are tremendous and it just goes to show that
(56:12):
when you have something that's finite and i'm gonna use this as my basic premise right that's
so the base premise is that hey you have something that's finite that has all the properties of money
there's just that way to go that's why people have been um holding assets like this from the
very beginning. And so what, why would that change? Right.
(56:35):
Why would that sort of thinking change when it's been around for thousands of
years and now you have even a more pristine asset that can be programmable
and can just be utilized in so many different ways. It's like,
it's just like a no brainer, I guess.
Yeah. Appreciate that.
(56:56):
I did want to give people one last chance here at the top of the hour.
any final thoughts AC
you had a lot to say this morning
anything you want to leave with everybody
before we wrap it up
I struck out and I had to do it
(57:17):
sorry about that alright guys well
that's a wrap we do this
every weekday 10am eastern hopefully you guys
enjoyed the show this morning
I know we bounced around a lot
but do appreciate all the speakers everybody
who listens in the background.
And please do follow the people that come up here.
I think they're out to help you.
And you should probably follow people who want to help you.
(57:39):
But if you do have further questions on your Bitcoin journey,
please do reach out to us, bitcoinveterans.org.
You can fill out the Connect form.
We'll get you plugged in to valuable resources to help you on your Bitcoin journey.
But that's all we have for today.
I want to wish you guys a wonderful Tuesday.
And remember, do not shitcoin.
(58:02):
It's like wearing cutoff jeans to a funeral.
And again, a lot of it is driven by the baby boomers.
So now let me explain to you why baby boomers suck.
(58:23):
And they suck for three main reasons.
People that use fiat currency as a store of value, we call them, we core.
We call them, we core.
(58:53):
Thank you.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!