easyBTX
English
Download
BTX Wallet

Wallet changelog

Every release of the post-quantum BTX Wallet — what changed, and why.

v0.16.0

Latest
2026-06-18

A recovery-and-usability release: read-only wallets, a clearer recovery flow, and a fix that stops a successful node-funds sweep from ever looking like it failed. The post-quantum send core and key derivation are unchanged.

Fixed

  • Recovering node funds no longer looks like it failed when it actually worked. Moving funds from a node wallet builds a deterministic transaction, so re-sending one that had already confirmed made the wallet show "Nothing moved" with a raw node error — even though the coins had already arrived. The wallet now recognises this and shows "already in your wallet, confirmed on-chain," with a link to verify.
  • Recovering node funds before you've set up a wallet here is now seamless. Instead of a dead-end that told you to create a wallet and start over — re-uploading your file and scanning again — the wallet now helps you set up (or restore) your wallet first, then continues straight into finding and moving your funds.
  • History stays smooth on wallets with thousands of transactions (like a watched miner address): it caches confirmed transactions and fetches only what's new, instead of reloading the whole list on every refresh.

Added

  • Read-only (watch-only) wallets. Add any btx1z address to follow its balance and history — for example a wallet you want to keep an eye on. It is clearly badged READ-ONLY (with a small "view only" chip in the wallet list): sending and the master-key backup are hidden, and it can never be used as a recovery destination.
  • Copy a full explorer link from any transaction. The sweep result, the send receipt, and History now give you a one-click Copy link (a complete explorer URL), plus Copy ID and Open, so a paste is a clickable link instead of a bare transaction hash.

Changed

  • Shielded (SMILE) is not planned for this wallet: BTX is moving applications and shielding to an upcoming EVX layer-2. This wallet stays transparent-only.

Notes

  • Still a test build: unsigned, mainnet, one address per wallet. Verify your download against the SHA-256 and the VirusTotal link on the download page.

v0.15.0

2026-06-15

A usability and correctness release, now available on macOS, Windows, and Linux. The post-quantum send core and key derivation are unchanged. Transparent funds only, and verified compatible with the BTX node through 0.32.11 (the block-125,000 shielded sunset does not affect this transparent-only wallet).

Fixed

  • Full transaction history. The history view used to stop at your 25 most recent transactions, so an active wallet looked like it was missing older ones. It now follows the explorer's pagination, shows an honest count, and always links to the full history in the explorer. (The minebtx explorer's own index may still omit a few; that is server-side, not the wallet.)
  • Pending funds are visible. An incoming deposit that is still confirming now shows as a pending line under the balance and a PENDING chip in History, so a payment you just received no longer looks like nothing arrived. Your spendable balance still counts confirmed coins only.
  • A just-sent transaction no longer briefly looks missing — history and balance re-check on a short escalating schedule after a broadcast.
  • Plain-language send errors for an empty or mistyped address, an out-of-range fee rate, and the fee safety cap, instead of raw decoder text.

Changed

  • More accurate transaction labels: self-transfers and consolidations show the fee paid instead of a misleading "-0 BTX".
  • Corrected live fee estimate (about 26% lower for a one-input send).

Notes

  • Still a test build: unsigned, mainnet, one address per wallet. Verify your download against the SHA-256 and the VirusTotal link on the download page.

v0.14.3

2026-06-13

A security-hardening release from multiple in-depth rounds of AI-assisted adversarial review (Anthropic Claude — Fable 5 and Opus 4.8 across rounds), each finding independently re-verified. No new features. The post-quantum send core and key derivation are byte-pinned to and verified against the BTX node, and confirmed compatible with the latest BTX release (0.32.8). An independent third-party audit is still planned.

Security

  • The node-recovery sweep now derives its destination from authenticated key material instead of a stored value, so a local attacker can no longer redirect recovered funds.
  • Removed an unauthenticated network-allowlist file that could be forged to widen where the wallet talks — closing a seed-exfiltration path a compromised page plus a local write could otherwise reach.
  • The release pipeline now runs the vendored-crypto-bundle integrity check before building the installer, so a tampered bundle can never ship.
  • Recovery files are written owner-only; recovery / wallet.dat reads are size-capped and the seed match is linear (no freeze on a hostile file); a poisoned address-book entry can no longer block the wallet screen; the recovery scan warns on an unverifiable balance instead of reading it as empty.

Notes

  • Still a test build: unsigned, mainnet, one address per wallet. Verify your download against the SHA-256 on the download page.

v0.14.2

2026-06-12

Shows the app version in the header, and records a compatibility check against the current BTX node. No new crypto.

Changed

  • The app version now appears in the header on the wallet-selector and unlock screens.

Verified

  • Compatible with BTX 0.32.6 / 0.32.7: the transparent P2MR consensus rules the wallet reproduces — key derivation, opcodes, the P2MR leaf and tags, the sighash path, the witness-v2 address, and the relay/dust policy — are byte-identical upstream.

v0.14.0

2026-06-11

Rebrand to BTX PQ wallet, a full theming system, and a batch of send and privacy fixes. The post-quantum send core is unchanged, so existing wallets and recovery files keep working.

Added

  • Theming (Settings → Appearance): a logo, a colour (Green / Ocean / Violet / Amber), and a mode (System / Dark / Light), with a live macOS Dock icon to match.
  • A post-send receipt with the full transaction hash, a copy button, and an explorer link.

Changed

  • Renamed to BTX PQ wallet across the app, window title, and icons.
  • The privacy-eye now also masks transaction amounts in History.

Fixed

  • Received is always green and Sent always red, in every theme.

v0.12.1

2026-06-03

Recover funds from a node wallet — from the recovery .txt or the binary wallet.dat — and move them into a wallet here. Plus native macOS Touch ID unlock, an address book, and a round of security hardening. The post-quantum keys and the node-verified send core are unchanged.

Recover node-era funds

  • A new Recover node funds flow restores a wallet created by the BTX node (btxd) or the easyBTX built-in wallet, with no node and no sync — from either the recovery .txt or the binary wallet.dat. Many users only kept the .dat; both now work.
  • It reads the post-quantum descriptor and derives every node address with the same crypto the node uses (verified byte-for-byte against btxd), scans each address's real balance from the explorer, and shows the total before you move anything.
  • Every extracted seed is trusted only when SHA256(seed)[:4] matches the descriptor's own fingerprint, so a parsing slip fails closed — it can never hand back a key that wouldn't reproduce the wallet's real addresses. Encrypted wallet.dat files are detected and explained, not mis-read.
  • On confirmation, the funds move into a wallet you already control here — the same master key, not a new wallet — one transaction per address, with a review screen showing the exact amount, network fee, and destination before anything is broadcast.

Native unlock and an address book

  • Native macOS Touch ID unlock: a device-only biometric Keychain seal, the same one-tap experience already available with Windows Hello.
  • An address book — human labels for public btx1z addresses, shown in history and offered when you send. It never stores keys.

Security hardening

  • The external-link opener and the explorer proxy are now validated and shell-less, closing a command-execution path and an SSRF/cleartext-downgrade gap.
  • Restoring from a recovery file shows and confirms the derived btx1z address and rejects an address/key mismatch (anti recovery-file poisoning).
  • Minimum passphrase length raised to 12; GitHub Actions pinned to commit SHAs with Dependabot.

Notes

  • Transparent btx1z funds only; shielded (SMILE) balances are not shown here. Still a test build: unsigned, mainnet, single address per wallet. Moving recovered funds broadcasts real transactions and pays a network fee.

v0.10.0

2026-06-02

The multi-wallet update: hold several wallets in one app and choose which to open at sign-on, with encrypted recovery files, a stronger key-derivation function, and a redesigned Settings panel. The post-quantum keys and the node-verified send core are unchanged.

Multiple wallets

  • The start screen is now a wallet list — each row shows the name, the protection kind, a truncated btx1z address, and the balance. Tap a row to unlock it.
  • Add, rename, and forget wallets; a centered header switcher changes the active wallet without returning to the lock screen.
  • Each wallet is independently a no-passphrase, passphrase, or passkey wallet.
  • New storage model: btxw.wallets.v1 holds [{ id, name, address, kind, seal }] plus btxw.active. The address is public, so it is stored in clear for the list; only the 32-byte seed is sealed.
  • Your existing single wallet migrates in automatically, losslessly, and idempotently on first launch. The legacy keys (btxw.sealed.v1, qid.wrapped.v1) are kept untouched as a rollback path, and migration never runs twice.

Security

  • New passphrase wallets now derive their encryption key with Argon2id (64 MiB, 3 passes) instead of PBKDF2. Existing PBKDF2 seals still open and are upgraded to Argon2id on the next unlock.
  • Settings → Security: set, change, or remove a wallet's passphrase. Changing or removing requires the current passphrase. The 64-character master key is never altered — a passphrase only protects the local copy.
  • Save / Restore to a file: export a wallet to a checksummed BTX-WALLET-RECOVERY text file, optionally encrypted with a file passphrase (AES-256-GCM), through native OS save and open dialogs. Restore validates the magic header and SHA-256 checksum, so it rejects foreign or corrupted files.

Under the hood

  • Wallet storage, migration, and the seal crypto were extracted into a DOM-free wallets.js module with 25 unit tests.
  • passkey.js now returns and accepts a per-wallet { credId, iv, ct } blob, so several passkey wallets can coexist on one device.
  • A redesigned two-pane Settings panel (category sidebar + scroll-synced content), per-wallet balances on the list, and a BTX Telegram community link.

Notes

  • Transparent btx1z funds only; shielded (SMILE) balances are not shown here. Still a test build: unsigned, mainnet, single address per wallet.

v0.9.1

2026-06-01

The first public release — the build you can actually download, on macOS and Windows, with passkey unlock and a full transaction history.

Highlights

  • Public macOS (.dmg) and Windows (.exe) downloads. The Windows installer (NSIS) is built reproducibly in GitHub Actions on windows-latest.
  • Passkey unlock via the WebAuthn PRF extension: the 32-byte seed is sealed with AES-256-GCM under a key minted inside the authenticator (Touch ID / Windows Hello / security key), and the design fails closed if PRF is unavailable rather than storing the seed unprotected.
  • Transaction history — per-transaction RECEIVED / SENT with a signed amount, date, counterparty address, and explorer link, computed locally from the transaction vin/vout deltas.

Trust

  • An "Is it safe?" section publishes the SHA-256 and VirusTotal lookup for every build, and explains plainly why a brand-new unsigned installer draws a SmartScreen reputation warning and a few machine-learning antivirus flags.

Notes

  • Test build: unsigned and on mainnet (sends move real BTX). Passkeys work on Windows (WebView2); on the unsigned macOS build they fall back to a passphrase until the app is code-signed.

v0.5.0

2026-05-31

The first build where the whole loop works: receive, hold, and send real BTX on mainnet.

Highlights

  • Real post-quantum sends confirmed on BTX mainnet (P2MR with ML-DSA signatures), including Send all (full sweep).
  • A Receive tab with an address QR code and a one-line, copyable btx1z address.
  • A Settings panel: configurable Esplora explorer URL, an auto-refresh interval, and the master-key backup.
  • Auto-refresh of balance and history on a timer, and explorer deep-links on every history row.

Safety

  • A dust guard and a hard 0.02 BTX maximum-fee clamp are enforced before any broadcast, with a preview of the fee, change, and input count and an explicit confirm step.

Notes

  • All network requests run in the Rust layer — the webview never reaches the internet directly — while the seed stays in the webview. Single address (v1).

v0.1.0

2026-05-31

The first build: a native desktop wallet on the node-verified post-quantum send core.

Highlights

  • Post-quantum keys derived on-device from a single 32-byte master seed: ML-DSA (the spending/login key) and SLH-DSA (the recovery key), combined into a btx1z P2MR address.
  • Receive, balance, and send on the node-verified qID core — multi-input P2MR construction (selectAndBuild, buildSweepAll) with every sighash commitment rebuilt per input.
  • Self-custodial: keys are generated on the device and never leave it; a one-time 64-character master-key backup is the only recovery.

Architecture

  • A Tauri 2 desktop shell with a Rust chain_request command proxying all chain traffic, a passphrase seal using PBKDF2 (210k iterations) + AES-256-GCM in local storage, and strict safe-DOM rendering (no innerHTML of any external string).

Notes

  • Test build on BTX mainnet — sends move real BTX. Transparent funds only.