diff --git a/lnbits/extensions/bleskomat/crud.py b/lnbits/extensions/bleskomat/crud.py
index 470d87cbb..690793501 100644
--- a/lnbits/extensions/bleskomat/crud.py
+++ b/lnbits/extensions/bleskomat/crud.py
@@ -6,19 +6,30 @@ from . import db
 from .models import Bleskomat, BleskomatLnurl
 from .helpers import generate_bleskomat_lnurl_hash
 
+
 async def create_bleskomat(
     *, wallet_id: str, name: str, fiat_currency: str, exchange_rate_provider: str, fee: str
 ) -> Bleskomat:
     bleskomat_id = uuid4().hex
     api_key_id = secrets.token_hex(8)
     api_key_secret = secrets.token_hex(32)
-    api_key_encoding = "hex";
+    api_key_encoding = "hex"
     await db.execute(
         """
         INSERT INTO bleskomats (id, wallet, api_key_id, api_key_secret, api_key_encoding, name, fiat_currency, exchange_rate_provider, fee)
         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
         """,
-        (bleskomat_id, wallet_id, api_key_id, api_key_secret, api_key_encoding, name, fiat_currency, exchange_rate_provider, fee),
+        (
+            bleskomat_id,
+            wallet_id,
+            api_key_id,
+            api_key_secret,
+            api_key_encoding,
+            name,
+            fiat_currency,
+            exchange_rate_provider,
+            fee,
+        ),
     )
     bleskomat = await get_bleskomat(bleskomat_id)
     assert bleskomat, "Newly created bleskomat couldn't be retrieved"
@@ -65,7 +76,19 @@ async def create_bleskomat_lnurl(
         INSERT INTO bleskomat_lnurls (id, bleskomat, wallet, hash, tag, params, api_key_id, initial_uses, remaining_uses, created_time, updated_time)
         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
         """,
-        (bleskomat_lnurl_id, bleskomat.id, bleskomat.wallet, hash, tag, params, bleskomat.api_key_id, uses, uses, now, now),
+        (
+            bleskomat_lnurl_id,
+            bleskomat.id,
+            bleskomat.wallet,
+            hash,
+            tag,
+            params,
+            bleskomat.api_key_id,
+            uses,
+            uses,
+            now,
+            now,
+        ),
     )
     bleskomat_lnurl = await get_bleskomat_lnurl(secret)
     assert bleskomat_lnurl, "Newly created bleskomat LNURL couldn't be retrieved"
diff --git a/lnbits/extensions/bleskomat/exchange_rates.py b/lnbits/extensions/bleskomat/exchange_rates.py
index 15547370c..6d9297c60 100644
--- a/lnbits/extensions/bleskomat/exchange_rates.py
+++ b/lnbits/extensions/bleskomat/exchange_rates.py
@@ -2,39 +2,41 @@ import httpx
 import json
 import os
 
-fiat_currencies = json.load(open(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'fiat_currencies.json'), 'r'))
+fiat_currencies = json.load(
+    open(os.path.join(os.path.dirname(os.path.realpath(__file__)), "fiat_currencies.json"), "r")
+)
 
 exchange_rate_providers = {
     "bitfinex": {
         "name": "Bitfinex",
         "domain": "bitfinex.com",
         "api_url": "https://api.bitfinex.com/v1/pubticker/{from}{to}",
-        "getter": lambda data, replacements: data["last_price"]
+        "getter": lambda data, replacements: data["last_price"],
     },
     "bitstamp": {
         "name": "Bitstamp",
         "domain": "bitstamp.net",
         "api_url": "https://www.bitstamp.net/api/v2/ticker/{from}{to}/",
-        "getter": lambda data, replacements: data["last"]
+        "getter": lambda data, replacements: data["last"],
     },
     "coinbase": {
         "name": "Coinbase",
         "domain": "coinbase.com",
         "api_url": "https://api.coinbase.com/v2/exchange-rates?currency={FROM}",
-        "getter": lambda data, replacements: data["data"]["rates"][replacements["TO"]]
+        "getter": lambda data, replacements: data["data"]["rates"][replacements["TO"]],
     },
     "coinmate": {
         "name": "CoinMate",
         "domain": "coinmate.io",
         "api_url": "https://coinmate.io/api/ticker?currencyPair={FROM}_{TO}",
-        "getter": lambda data, replacements: data["data"]["last"]
+        "getter": lambda data, replacements: data["data"]["last"],
     },
     "kraken": {
         "name": "Kraken",
         "domain": "kraken.com",
         "api_url": "https://api.kraken.com/0/public/Ticker?pair=XBT{TO}",
-        "getter": lambda data, replacements: data["result"]["XXBTZ" + replacements["TO"]]["c"][0]
-    }
+        "getter": lambda data, replacements: data["result"]["XXBTZ" + replacements["TO"]]["c"][0],
+    },
 }
 
 exchange_rate_providers_serializable = {}
@@ -48,12 +50,7 @@ for ref, exchange_rate_provider in exchange_rate_providers.items():
 
 async def fetch_fiat_exchange_rate(currency: str, provider: str):
 
-    replacements = {
-        "FROM"  : "BTC",
-        "from"  : "btc",
-        "TO"    : currency.upper(),
-        "to"    : currency.lower()
-    }
+    replacements = {"FROM": "BTC", "from": "btc", "TO": currency.upper(), "to": currency.lower()}
 
     url = exchange_rate_providers[provider]["api_url"]
     for key in replacements.keys():
diff --git a/lnbits/extensions/bleskomat/helpers.py b/lnbits/extensions/bleskomat/helpers.py
index 439795be0..9b745c797 100644
--- a/lnbits/extensions/bleskomat/helpers.py
+++ b/lnbits/extensions/bleskomat/helpers.py
@@ -21,11 +21,7 @@ def generate_bleskomat_lnurl_signature(payload: str, api_key_secret: str, api_ke
         key = base64.b64decode(api_key_secret)
     else:
         key = bytes(f"{api_key_secret}")
-    return hmac.new(
-        key=key,
-        msg=payload.encode(),
-        digestmod=hashlib.sha256
-    ).hexdigest()
+    return hmac.new(key=key, msg=payload.encode(), digestmod=hashlib.sha256).hexdigest()
 
 
 def generate_bleskomat_lnurl_secret(api_key_id: str, signature: str):
@@ -58,19 +54,21 @@ class LnurlValidationError(Exception):
 def prepare_lnurl_params(tag: str, query: Dict[str, str]):
     params = {}
     if not is_supported_lnurl_subprotocol(tag):
-        raise LnurlValidationError(f"Unsupported subprotocol: \"{tag}\"")
+        raise LnurlValidationError(f'Unsupported subprotocol: "{tag}"')
     if tag == "withdrawRequest":
         params["minWithdrawable"] = float(query["minWithdrawable"])
         params["maxWithdrawable"] = float(query["maxWithdrawable"])
         params["defaultDescription"] = query["defaultDescription"]
         if not params["minWithdrawable"] > 0:
-            raise LnurlValidationError("\"minWithdrawable\" must be greater than zero")
+            raise LnurlValidationError('"minWithdrawable" must be greater than zero')
         if not params["maxWithdrawable"] >= params["minWithdrawable"]:
-            raise LnurlValidationError("\"maxWithdrawable\" must be greater than or equal to \"minWithdrawable\"")
+            raise LnurlValidationError('"maxWithdrawable" must be greater than or equal to "minWithdrawable"')
     return params
 
 
 encode_uri_component_safe_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.!~*'()"
+
+
 def query_to_signing_payload(query: Dict[str, str]) -> str:
     # Sort the query by key, then stringify it to create the payload.
     sorted_keys = sorted(query.keys(), key=str.lower)
@@ -84,35 +82,17 @@ def query_to_signing_payload(query: Dict[str, str]) -> str:
 
 
 unshorten_rules = {
-    "query": {
-        "n": "nonce",
-        "s": "signature",
-        "t": "tag"
-    },
-    "tags": {
-        "c": "channelRequest",
-        "l": "login",
-        "p": "payRequest",
-        "w": "withdrawRequest"
-    },
+    "query": {"n": "nonce", "s": "signature", "t": "tag"},
+    "tags": {"c": "channelRequest", "l": "login", "p": "payRequest", "w": "withdrawRequest"},
     "params": {
-        "channelRequest": {
-            "pl": "localAmt",
-            "pp": "pushAmt"
-        },
+        "channelRequest": {"pl": "localAmt", "pp": "pushAmt"},
         "login": {},
-        "payRequest": {
-            "pn": "minSendable",
-            "px": "maxSendable",
-            "pm": "metadata"
-        },
-        "withdrawRequest": {
-            "pn": "minWithdrawable",
-            "px": "maxWithdrawable",
-            "pd": "defaultDescription"
-        }
-    }
+        "payRequest": {"pn": "minSendable", "px": "maxSendable", "pm": "metadata"},
+        "withdrawRequest": {"pn": "minWithdrawable", "px": "maxWithdrawable", "pd": "defaultDescription"},
+    },
 }
+
+
 def unshorten_lnurl_query(query: Dict[str, str]) -> Dict[str, str]:
     new_query = {}
     rules = unshorten_rules
@@ -121,14 +101,14 @@ def unshorten_lnurl_query(query: Dict[str, str]) -> Dict[str, str]:
     elif "t" in query:
         tag = query["t"]
     else:
-        raise LnurlValidationError("Missing required query parameter: \"tag\"")
+        raise LnurlValidationError('Missing required query parameter: "tag"')
     # Unshorten tag:
     if tag in rules["tags"]:
         long_tag = rules["tags"][tag]
         new_query["tag"] = long_tag
         tag = long_tag
     if not tag in rules["params"]:
-        raise LnurlValidationError(f"Unknown tag: \"{tag}\"")
+        raise LnurlValidationError(f'Unknown tag: "{tag}"')
     for key in query:
         if key in rules["params"][tag]:
             short_param_key = key
diff --git a/lnbits/extensions/bleskomat/lnurl_api.py b/lnbits/extensions/bleskomat/lnurl_api.py
index 35d93032d..c7df81d1b 100644
--- a/lnbits/extensions/bleskomat/lnurl_api.py
+++ b/lnbits/extensions/bleskomat/lnurl_api.py
@@ -47,7 +47,7 @@ async def api_bleskomat_lnurl():
             # The API key ID, nonce, and tag should be present in the query string.
             for field in ["id", "nonce", "tag"]:
                 if not field in query:
-                    raise LnurlHttpError(f"Failed API key signature check: Missing \"{field}\"", HTTPStatus.BAD_REQUEST)
+                    raise LnurlHttpError(f'Failed API key signature check: Missing "{field}"', HTTPStatus.BAD_REQUEST)
 
             # URL signing scheme is described here:
             # https://github.com/chill117/lnurl-node#how-to-implement-url-signing-scheme
@@ -72,8 +72,7 @@ async def api_bleskomat_lnurl():
                     params = prepare_lnurl_params(tag, query)
                     if "f" in query:
                         rate = await fetch_fiat_exchange_rate(
-                            currency=query["f"],
-                            provider=bleskomat.exchange_rate_provider
+                            currency=query["f"], provider=bleskomat.exchange_rate_provider
                         )
                         # Convert fee (%) to decimal:
                         fee = float(bleskomat.fee) / 100
@@ -88,13 +87,7 @@ async def api_bleskomat_lnurl():
                     raise LnurlHttpError(e.message, HTTPStatus.BAD_REQUEST)
                 # Create a new LNURL using the query parameters provided in the signed URL.
                 params = json.JSONEncoder().encode(params)
-                lnurl = await create_bleskomat_lnurl(
-                    bleskomat=bleskomat,
-                    secret=secret,
-                    tag=tag,
-                    params=params,
-                    uses=1
-                )
+                lnurl = await create_bleskomat_lnurl(bleskomat=bleskomat, secret=secret, tag=tag, params=params, uses=1)
 
             # Reply with LNURL response object.
             return jsonify(lnurl.get_info_response_object(secret)), HTTPStatus.OK
diff --git a/lnbits/extensions/bleskomat/models.py b/lnbits/extensions/bleskomat/models.py
index 8a671a716..8ea973385 100644
--- a/lnbits/extensions/bleskomat/models.py
+++ b/lnbits/extensions/bleskomat/models.py
@@ -39,7 +39,7 @@ class BleskomatLnurl(NamedTuple):
     def get_info_response_object(self, secret: str) -> Dict[str, str]:
         tag = self.tag
         params = json.loads(self.params)
-        response = { "tag": tag }
+        response = {"tag": tag}
         if tag == "withdrawRequest":
             for key in ["minWithdrawable", "maxWithdrawable", "defaultDescription"]:
                 response[key] = params[key]
@@ -54,7 +54,7 @@ class BleskomatLnurl(NamedTuple):
         if tag == "withdrawRequest":
             for field in ["pr"]:
                 if not field in query:
-                    raise LnurlValidationError(f"Missing required parameter: \"{field}\"")
+                    raise LnurlValidationError(f'Missing required parameter: "{field}"')
             # Check the bolt11 invoice(s) provided.
             pr = query["pr"]
             if "," in pr:
@@ -62,13 +62,13 @@ class BleskomatLnurl(NamedTuple):
             try:
                 invoice = bolt11.decode(pr)
             except ValueError as e:
-                raise LnurlValidationError("Invalid parameter (\"pr\"): Lightning payment request expected")
+                raise LnurlValidationError('Invalid parameter ("pr"): Lightning payment request expected')
             if invoice.amount_msat < params["minWithdrawable"]:
-                raise LnurlValidationError("Amount in invoice must be greater than or equal to \"minWithdrawable\"")
+                raise LnurlValidationError('Amount in invoice must be greater than or equal to "minWithdrawable"')
             if invoice.amount_msat > params["maxWithdrawable"]:
-                raise LnurlValidationError("Amount in invoice must be less than or equal to \"maxWithdrawable\"")
+                raise LnurlValidationError('Amount in invoice must be less than or equal to "maxWithdrawable"')
         else:
-            raise LnurlValidationError(f"Unknown subprotocol: \"{tag}\"")
+            raise LnurlValidationError(f'Unknown subprotocol: "{tag}"')
 
     async def execute_action(self, query: Dict[str, str]):
         self.validate_action(query)
@@ -105,6 +105,6 @@ class BleskomatLnurl(NamedTuple):
             WHERE id = ?
                 AND remaining_uses > 0
             """,
-            (now, self.id)
+            (now, self.id),
         )
         return result.rowcount > 0
diff --git a/lnbits/extensions/bleskomat/views.py b/lnbits/extensions/bleskomat/views.py
index 16e986eee..52f63499f 100644
--- a/lnbits/extensions/bleskomat/views.py
+++ b/lnbits/extensions/bleskomat/views.py
@@ -7,6 +7,7 @@ from . import bleskomat_ext
 from .exchange_rates import exchange_rate_providers_serializable, fiat_currencies
 from .helpers import get_callback_url
 
+
 @bleskomat_ext.route("/")
 @validate_uuids(["usr"], required=True)
 @check_user_exists()
@@ -14,6 +15,6 @@ async def index():
     bleskomat_vars = {
         "callback_url": get_callback_url(),
         "exchange_rate_providers": exchange_rate_providers_serializable,
-        "fiat_currencies": fiat_currencies
+        "fiat_currencies": fiat_currencies,
     }
     return await render_template("bleskomat/index.html", user=g.user, bleskomat_vars=bleskomat_vars)
diff --git a/lnbits/extensions/bleskomat/views_api.py b/lnbits/extensions/bleskomat/views_api.py
index aed4d02ea..8256ece86 100644
--- a/lnbits/extensions/bleskomat/views_api.py
+++ b/lnbits/extensions/bleskomat/views_api.py
@@ -58,13 +58,13 @@ async def api_bleskomat_create_or_update(bleskomat_id=None):
     try:
         fiat_currency = g.data["fiat_currency"]
         exchange_rate_provider = g.data["exchange_rate_provider"]
-        rate = await fetch_fiat_exchange_rate(
-            currency=fiat_currency,
-            provider=exchange_rate_provider
-        )
+        rate = await fetch_fiat_exchange_rate(currency=fiat_currency, provider=exchange_rate_provider)
     except Exception as e:
         print(e)
-        return jsonify({"message": f"Failed to fetch BTC/{fiat_currency} currency pair from \"{exchange_rate_provider}\""}), HTTPStatus.INTERNAL_SERVER_ERROR
+        return (
+            jsonify({"message": f'Failed to fetch BTC/{fiat_currency} currency pair from "{exchange_rate_provider}"'}),
+            HTTPStatus.INTERNAL_SERVER_ERROR,
+        )
 
     if bleskomat_id:
         bleskomat = await get_bleskomat(bleskomat_id)
diff --git a/lnbits/extensions/captcha/static/js/captcha.js b/lnbits/extensions/captcha/static/js/captcha.js
index 6d86e865a..b23872897 100644
--- a/lnbits/extensions/captcha/static/js/captcha.js
+++ b/lnbits/extensions/captcha/static/js/captcha.js
@@ -1,65 +1,80 @@
 var ciframeLoaded = !1,
-    captchaStyleAdded = !1;
+  captchaStyleAdded = !1
 
 function ccreateIframeElement(t = {}) {
-    const e = document.createElement("iframe");
-    // e.style.marginLeft = "25px",
-    e.style.border = "none", e.style.width = "100%", e.style.height = "100%",  e.scrolling = "no", e.id = "captcha-iframe";
-    t.dest, t.amount, t.currency, t.label, t.opReturn;
-    var captchaid = document.getElementById("captchascript").getAttribute("data-captchaid");
-    return e.src = "http://localhost:5000/captcha/" + captchaid, e
+  const e = document.createElement('iframe')
+  // e.style.marginLeft = "25px",
+  ;(e.style.border = 'none'),
+    (e.style.width = '100%'),
+    (e.style.height = '100%'),
+    (e.scrolling = 'no'),
+    (e.id = 'captcha-iframe')
+  t.dest, t.amount, t.currency, t.label, t.opReturn
+  var captchaid = document
+    .getElementById('captchascript')
+    .getAttribute('data-captchaid')
+  return (e.src = 'http://localhost:5000/captcha/' + captchaid), e
 }
-document.addEventListener("DOMContentLoaded", function() {
-    if (captchaStyleAdded) console.log("Captcha stuff already added!");
-    else {
-        console.log("Adding captcha stuff"), captchaStyleAdded = !0;
-        var t = document.createElement("style");
-        t.innerHTML = "\t/*Button*/\t\t.button-captcha-filled\t\t\t{\t\t\tdisplay: flex;\t\t\talign-items: center;\t\t\tjustify-content: center;\t\t\twidth: 120px;\t\t\tmin-width: 30px;\t\t\theight: 40px;\t\t\tline-height: 2.5;\t\t\ttext-align: center;\t\t\tcursor: pointer;\t\t\t/* Rectangle 2: */\t\t\tbackground: #FF7979;\t\t\tbox-shadow: 0 2px 4px 0 rgba(0,0,0,0.20);\t\t\tborder-radius: 20px;\t\t\t/* Sign up: */\t\t\tfont-family: 'Avenir-Heavy', Futura, Helvetica, Arial;\t\t\tfont-size: 16px;\t\t\tcolor: #FFFFFF;\t\t}\t\t.button-captcha-filled:hover\t\t{\t\t\tbackground:#FFFFFF;\t\t\tcolor: #FF7979;\t\t\tbox-shadow: 0 0 4px 0 rgba(0,0,0,0.20);\t\t}\t\t.button-captcha-filled:active\t\t{\t\t\tbackground:#FFFFFF;\t\t\tcolor: #FF7979;\t\t\t/*Move it down a little bit*/\t\t\tposition: relative;\t\t\ttop: 1px;\t\t}\t\t.button-captcha-filled-dark\t\t\t{\t\t\tdisplay: flex;\t\t\talign-items: center;\t\t\tjustify-content: center;\t\t\twidth: 120px;\t\t\tmin-width: 30px;\t\t\theight: 40px;\t\t\tline-height: 2.5;\t\t\ttext-align: center;\t\t\tcursor: pointer;\t\t\t/* Rectangle 2: */\t\t\tbackground: #161C38;\t\t\tbox-shadow: 0 0px 4px 0 rgba(0,0,0,0.20);\t\t\tborder-radius: 20px;\t\t\t/* Sign up: */\t\t\tfont-family: 'Avenir-Heavy', Futura, Helvetica, Arial;\t\t\tfont-size: 16px;\t\t\tcolor: #FFFFFF;\t\t}\t\t.button-captcha-filled-dark:hover\t\t{\t\t\tbackground:#FFFFFF;\t\t\tcolor: #161C38;\t\t\tbox-shadow: 0 0px 4px 0 rgba(0,0,0,0.20);\t\t}\t\t.button-captcha-filled-dark:active\t\t{\t\t\tbackground:#FFFFFF;\t\t\tcolor: #161C38;\t\t\t/*Move it down a little bit*/\t\t\tposition: relative;\t\t\ttop: 1px;\t\t}\t\t.modal-captcha-container {\t\t    position: fixed;\t\t    z-index: 1000;\t\t    text-align: left;/*Si no añado esto, a veces hereda el text-align:center del body, y entonces el popup queda movido a la derecha, por center + margin left que aplico*/\t\t    left: 0;\t\t    top: 0;\t\t    width: 100%;\t\t    height: 100%;\t\t    background-color: rgba(0, 0, 0, 0.5);\t\t    opacity: 0;\t\t    visibility: hidden;\t\t    transform: scale(1.1);\t\t    transition: visibility 0s linear 0.25s, opacity 0.25s 0s, transform 0.25s;\t\t}\t\t.modal-captcha-content {\t\t    position: absolute;\t\t    top: 50%;\t\t    left: 50%;\t\t    transform: translate(-50%, -50%);\t\t    background-color: white;\t\t    width: 100%;\t\t    height: 100%;\t\t    border-radius: 0.5rem;\t\t    /*Rounded shadowed borders*/\t\t\tbox-shadow: 2px 2px 4px 0 rgba(0,0,0,0.15);\t\t\tborder-radius: 5px;\t\t}\t\t.close-button-captcha {\t\t    float: right;\t\t    width: 1.5rem;\t\t    line-height: 1.5rem;\t\t    text-align: center;\t\t    cursor: pointer;\t\t    margin-right:20px;\t\t    margin-top:10px;\t\t    border-radius: 0.25rem;\t\t    background-color: lightgray;\t\t}\t\t.close-button-captcha:hover {\t\t    background-color: darkgray;\t\t}\t\t.show-modal-captcha {\t\t    opacity: 1;\t\t    visibility: visible;\t\t    transform: scale(1.0);\t\t    transition: visibility 0s linear 0s, opacity 0.25s 0s, transform 0.25s;\t\t}\t\t/* Mobile */\t\t@media screen and (min-device-width: 160px) and ( max-width: 1077px ) /*No tendria ni por que poner un min-device, porq abarca todo lo humano...*/\t\t{\t\t}";
-        var e = document.querySelector("script");
-        e.parentNode.insertBefore(t, e);
-        var i = document.getElementById("captchacheckbox"),
-            n = i.dataset,
-            o = "true" === n.dark;
-        var a = document.createElement("div");
-        a.className += " modal-captcha-container", a.innerHTML = '\t\t<div class="modal-captcha-content">        \t<span class="close-button-captcha" style="display: none;">&times;</span>\t\t</div>\t', document.getElementsByTagName("body")[0].appendChild(a);
-        var r = document.getElementsByClassName("modal-captcha-content").item(0);
-        document.getElementsByClassName("close-button-captcha").item(0).addEventListener("click", d), window.addEventListener("click", function(t) {
-            t.target === a && d()
-        }), i.addEventListener("change", function() {
-            if(this.checked){
-                // console.log("checkbox checked");
-                if (0 == ciframeLoaded) {
-                    // console.log("n: ", n);
-                    var t = ccreateIframeElement(n);
-                    r.appendChild(t), ciframeLoaded = !0
-                }
-                d()                
-            }
-        })
-    }
+document.addEventListener('DOMContentLoaded', function () {
+  if (captchaStyleAdded) console.log('Captcha stuff already added!')
+  else {
+    console.log('Adding captcha stuff'), (captchaStyleAdded = !0)
+    var t = document.createElement('style')
+    t.innerHTML =
+      "\t/*Button*/\t\t.button-captcha-filled\t\t\t{\t\t\tdisplay: flex;\t\t\talign-items: center;\t\t\tjustify-content: center;\t\t\twidth: 120px;\t\t\tmin-width: 30px;\t\t\theight: 40px;\t\t\tline-height: 2.5;\t\t\ttext-align: center;\t\t\tcursor: pointer;\t\t\t/* Rectangle 2: */\t\t\tbackground: #FF7979;\t\t\tbox-shadow: 0 2px 4px 0 rgba(0,0,0,0.20);\t\t\tborder-radius: 20px;\t\t\t/* Sign up: */\t\t\tfont-family: 'Avenir-Heavy', Futura, Helvetica, Arial;\t\t\tfont-size: 16px;\t\t\tcolor: #FFFFFF;\t\t}\t\t.button-captcha-filled:hover\t\t{\t\t\tbackground:#FFFFFF;\t\t\tcolor: #FF7979;\t\t\tbox-shadow: 0 0 4px 0 rgba(0,0,0,0.20);\t\t}\t\t.button-captcha-filled:active\t\t{\t\t\tbackground:#FFFFFF;\t\t\tcolor: #FF7979;\t\t\t/*Move it down a little bit*/\t\t\tposition: relative;\t\t\ttop: 1px;\t\t}\t\t.button-captcha-filled-dark\t\t\t{\t\t\tdisplay: flex;\t\t\talign-items: center;\t\t\tjustify-content: center;\t\t\twidth: 120px;\t\t\tmin-width: 30px;\t\t\theight: 40px;\t\t\tline-height: 2.5;\t\t\ttext-align: center;\t\t\tcursor: pointer;\t\t\t/* Rectangle 2: */\t\t\tbackground: #161C38;\t\t\tbox-shadow: 0 0px 4px 0 rgba(0,0,0,0.20);\t\t\tborder-radius: 20px;\t\t\t/* Sign up: */\t\t\tfont-family: 'Avenir-Heavy', Futura, Helvetica, Arial;\t\t\tfont-size: 16px;\t\t\tcolor: #FFFFFF;\t\t}\t\t.button-captcha-filled-dark:hover\t\t{\t\t\tbackground:#FFFFFF;\t\t\tcolor: #161C38;\t\t\tbox-shadow: 0 0px 4px 0 rgba(0,0,0,0.20);\t\t}\t\t.button-captcha-filled-dark:active\t\t{\t\t\tbackground:#FFFFFF;\t\t\tcolor: #161C38;\t\t\t/*Move it down a little bit*/\t\t\tposition: relative;\t\t\ttop: 1px;\t\t}\t\t.modal-captcha-container {\t\t    position: fixed;\t\t    z-index: 1000;\t\t    text-align: left;/*Si no añado esto, a veces hereda el text-align:center del body, y entonces el popup queda movido a la derecha, por center + margin left que aplico*/\t\t    left: 0;\t\t    top: 0;\t\t    width: 100%;\t\t    height: 100%;\t\t    background-color: rgba(0, 0, 0, 0.5);\t\t    opacity: 0;\t\t    visibility: hidden;\t\t    transform: scale(1.1);\t\t    transition: visibility 0s linear 0.25s, opacity 0.25s 0s, transform 0.25s;\t\t}\t\t.modal-captcha-content {\t\t    position: absolute;\t\t    top: 50%;\t\t    left: 50%;\t\t    transform: translate(-50%, -50%);\t\t    background-color: white;\t\t    width: 100%;\t\t    height: 100%;\t\t    border-radius: 0.5rem;\t\t    /*Rounded shadowed borders*/\t\t\tbox-shadow: 2px 2px 4px 0 rgba(0,0,0,0.15);\t\t\tborder-radius: 5px;\t\t}\t\t.close-button-captcha {\t\t    float: right;\t\t    width: 1.5rem;\t\t    line-height: 1.5rem;\t\t    text-align: center;\t\t    cursor: pointer;\t\t    margin-right:20px;\t\t    margin-top:10px;\t\t    border-radius: 0.25rem;\t\t    background-color: lightgray;\t\t}\t\t.close-button-captcha:hover {\t\t    background-color: darkgray;\t\t}\t\t.show-modal-captcha {\t\t    opacity: 1;\t\t    visibility: visible;\t\t    transform: scale(1.0);\t\t    transition: visibility 0s linear 0s, opacity 0.25s 0s, transform 0.25s;\t\t}\t\t/* Mobile */\t\t@media screen and (min-device-width: 160px) and ( max-width: 1077px ) /*No tendria ni por que poner un min-device, porq abarca todo lo humano...*/\t\t{\t\t}"
+    var e = document.querySelector('script')
+    e.parentNode.insertBefore(t, e)
+    var i = document.getElementById('captchacheckbox'),
+      n = i.dataset,
+      o = 'true' === n.dark
+    var a = document.createElement('div')
+    ;(a.className += ' modal-captcha-container'),
+      (a.innerHTML =
+        '\t\t<div class="modal-captcha-content">        \t<span class="close-button-captcha" style="display: none;">&times;</span>\t\t</div>\t'),
+      document.getElementsByTagName('body')[0].appendChild(a)
+    var r = document.getElementsByClassName('modal-captcha-content').item(0)
+    document
+      .getElementsByClassName('close-button-captcha')
+      .item(0)
+      .addEventListener('click', d),
+      window.addEventListener('click', function (t) {
+        t.target === a && d()
+      }),
+      i.addEventListener('change', function () {
+        if (this.checked) {
+          // console.log("checkbox checked");
+          if (0 == ciframeLoaded) {
+            // console.log("n: ", n);
+            var t = ccreateIframeElement(n)
+            r.appendChild(t), (ciframeLoaded = !0)
+          }
+          d()
+        }
+      })
+  }
 
-    function d() {
-        a.classList.toggle("show-modal-captcha")
-    }
-});
+  function d() {
+    a.classList.toggle('show-modal-captcha')
+  }
+})
 
-function receiveMessage(event){
-   if (event.data.includes("paymenthash")){
-        // console.log("paymenthash received: ", event.data);
-        document.getElementById("captchapayhash").value = event.data.split("_")[1];
-   }
-   if (event.data.includes("removetheiframe")){
-      if (event.data.includes("nok")){
-        //invoice was NOT paid
-        // console.log("receiveMessage not paid")
-        document.getElementById("captchacheckbox").checked = false;
-      }
-      ciframeLoaded = !1;
-      var element = document.getElementById('captcha-iframe');
-      document.getElementsByClassName("modal-captcha-container")[0].classList.toggle("show-modal-captcha");
-      element.parentNode.removeChild(element);
-   }
+function receiveMessage(event) {
+  if (event.data.includes('paymenthash')) {
+    // console.log("paymenthash received: ", event.data);
+    document.getElementById('captchapayhash').value = event.data.split('_')[1]
+  }
+  if (event.data.includes('removetheiframe')) {
+    if (event.data.includes('nok')) {
+      //invoice was NOT paid
+      // console.log("receiveMessage not paid")
+      document.getElementById('captchacheckbox').checked = false
+    }
+    ciframeLoaded = !1
+    var element = document.getElementById('captcha-iframe')
+    document
+      .getElementsByClassName('modal-captcha-container')[0]
+      .classList.toggle('show-modal-captcha')
+    element.parentNode.removeChild(element)
+  }
 }
-window.addEventListener("message", receiveMessage, false);
-
-
+window.addEventListener('message', receiveMessage, false)
diff --git a/lnbits/extensions/captcha/templates/captcha/display.html b/lnbits/extensions/captcha/templates/captcha/display.html
index af40ff4a2..80e59e63d 100644
--- a/lnbits/extensions/captcha/templates/captcha/display.html
+++ b/lnbits/extensions/captcha/templates/captcha/display.html
@@ -46,7 +46,11 @@
               <q-btn outline color="grey" @click="copyText(paymentReq)"
                 >Copy invoice</q-btn
               >
-              <q-btn @click="cancelPayment(false)" flat color="grey" class="q-ml-auto"
+              <q-btn
+                @click="cancelPayment(false)"
+                flat
+                color="grey"
+                class="q-ml-auto"
                 >Cancel</q-btn
               >
             </div>
@@ -58,7 +62,7 @@
             Captcha accepted. You are probably human.<br />
             <!-- <strong>{% raw %}{{ redirectUrl }}{% endraw %}</strong> -->
           </p>
-  <!--         <div class="row q-mt-lg">
+          <!--         <div class="row q-mt-lg">
             <q-btn outline color="grey" type="a" :href="redirectUrl"
               >Open URL</q-btn>
           </div> -->
diff --git a/lnbits/extensions/captcha/templates/captcha/index.html b/lnbits/extensions/captcha/templates/captcha/index.html
index a83e1029a..2250bcedf 100644
--- a/lnbits/extensions/captcha/templates/captcha/index.html
+++ b/lnbits/extensions/captcha/templates/captcha/index.html
@@ -106,7 +106,7 @@
           label="Wallet *"
         >
         </q-select>
-<!--         <q-input
+        <!--         <q-input
           filled
           dense
           v-model.trim="formDialog.data.url"
@@ -148,7 +148,8 @@
               <q-item-label>Remember payments</q-item-label>
               <q-item-label caption
                 >A succesful payment will be registered in the browser's
-                storage, so the user doesn't need to pay again to prove they are human.</q-item-label
+                storage, so the user doesn't need to pay again to prove they are
+                human.</q-item-label
               >
             </q-item-section>
           </q-item>
@@ -173,7 +174,7 @@
     <q-card v-if="qrCodeDialog.data" class="q-pa-lg lnbits__dialog-card">
       {% raw %}
       <q-responsive :ratio="1" class="q-mx-xl q-mb-md">
-   <!--      <qrcode
+        <!--      <qrcode
           :value="qrCodeDialog.data.lnurl"
           :options="{width: 800}"
           class="rounded-borders"
@@ -181,12 +182,15 @@
         <code style="word-break: break-all">
           {{ qrCodeDialog.data.snippet }}
         </code>
-        <p style="margin-top: 20px;">Copy the snippet above and paste into your website/form. The checkbox can be in checked state only after user pays.</p>
+        <p style="margin-top: 20px">
+          Copy the snippet above and paste into your website/form. The checkbox
+          can be in checked state only after user pays.
+        </p>
       </q-responsive>
       <p style="word-break: break-all">
         <strong>ID:</strong> {{ qrCodeDialog.data.id }}<br />
         <strong>Amount:</strong> {{ qrCodeDialog.data.amount }}<br />
-   <!--      <span v-if="qrCodeDialog.data.currency"
+        <!--      <span v-if="qrCodeDialog.data.currency"
           ><strong>{{ qrCodeDialog.data.currency }} price:</strong> {{
           fiatRates[qrCodeDialog.data.currency] ?
           fiatRates[qrCodeDialog.data.currency] + ' sat' : 'Loading...' }}<br
@@ -305,7 +309,7 @@
       createCaptcha: function () {
         var data = {
           // url: this.formDialog.data.url,
-          url: "http://dummy.com",
+          url: 'http://dummy.com',
           memo: this.formDialog.data.memo,
           amount: this.formDialog.data.amount,
           description: this.formDialog.data.description,
@@ -355,7 +359,7 @@
               })
           })
       },
-      buildCaptchaSnippet: function(captchaId){
+      buildCaptchaSnippet: function (captchaId) {
         var locationPath = [
           window.location.protocol,
           '//',
@@ -363,14 +367,19 @@
           window.location.pathname
         ].join('')
 
-        var captchasnippet = '<!-- Captcha Checkbox Start -->\n'
-          + '<input type="checkbox" id="captchacheckbox">\n'
-          + '<label for="captchacheckbox">I\'m not a robot</label><br/>\n'
-          + '<input type="text" id="captchapayhash" style="display: none;"/>\n'
-          + '<script type="text/javascript" src="'+ locationPath +'static/js/captcha.js" id="captchascript" data-captchaid="'+ captchaId +'">\n'
-          + '<\/script>\n'
-          + '<!-- Captcha Checkbox End -->';
-        return captchasnippet;
+        var captchasnippet =
+          '<!-- Captcha Checkbox Start -->\n' +
+          '<input type="checkbox" id="captchacheckbox">\n' +
+          '<label for="captchacheckbox">I\'m not a robot</label><br/>\n' +
+          '<input type="text" id="captchapayhash" style="display: none;"/>\n' +
+          '<script type="text/javascript" src="' +
+          locationPath +
+          'static/js/captcha.js" id="captchascript" data-captchaid="' +
+          captchaId +
+          '">\n' +
+          '<\/script>\n' +
+          '<!-- Captcha Checkbox End -->'
+        return captchasnippet
       },
       openQrCodeDialog(captchaId) {
         // var link = _.findWhere(this.payLinks, {id: linkId})
@@ -380,9 +389,9 @@
         this.qrCodeDialog.data = {
           id: captcha.id,
           amount: captcha.amount,
-            // (link.min === link.max ? link.min : `${link.min} - ${link.max}`) +
-            // ' ' +
-            // (link.currency || 'sat'),
+          // (link.min === link.max ? link.min : `${link.min} - ${link.max}`) +
+          // ' ' +
+          // (link.currency || 'sat'),
           snippet: this.buildCaptchaSnippet(captcha.id)
           // currency: link.currency,
           // comments: link.comment_chars
diff --git a/lnbits/extensions/withdraw/crud.py b/lnbits/extensions/withdraw/crud.py
index 78fd7f566..18f77db03 100644
--- a/lnbits/extensions/withdraw/crud.py
+++ b/lnbits/extensions/withdraw/crud.py
@@ -3,7 +3,7 @@ from typing import List, Optional, Union
 from lnbits.helpers import urlsafe_short_hash
 
 from . import db
-from .models import WithdrawLink
+from .models import WithdrawLink, HashCheck
 
 
 async def create_withdraw_link(
@@ -98,3 +98,31 @@ async def delete_withdraw_link(link_id: str) -> None:
 def chunks(lst, n):
     for i in range(0, len(lst), n):
         yield lst[i : i + n]
+
+
+async def create_hash_check(
+    the_hash: str,
+    lnurl_id: str,
+) -> HashCheck:
+    await db.execute(
+        """
+        INSERT INTO hash_check (
+            id,
+            lnurl_id
+        )
+        VALUES (?, ?)
+        """,
+        (
+            the_hash,
+            lnurl_id,
+        ),
+    )
+    hashCheck = await get_hash_check(the_hash, lnurl_id)
+    row = await db.fetchone("SELECT * FROM hash_check WHERE id = ?", (the_hash,))
+    return HashCheck.from_row(row) if row else None
+
+
+async def get_hash_check(the_hash: str, lnurl_id: str) -> Optional[HashCheck]:
+    row = await db.fetchone("SELECT * FROM hash_check WHERE id = ?", (the_hash,))
+
+    return HashCheck.from_row(row) if row else None
\ No newline at end of file
diff --git a/lnbits/extensions/withdraw/migrations.py b/lnbits/extensions/withdraw/migrations.py
index 4af24f8fa..2cb802d44 100644
--- a/lnbits/extensions/withdraw/migrations.py
+++ b/lnbits/extensions/withdraw/migrations.py
@@ -94,3 +94,17 @@ async def m002_change_withdraw_table(db):
             ),
         )
     await db.execute("DROP TABLE withdraw_links")
+
+
+async def m003_make_hash_check(db):
+    """
+    Creates a hash check table.
+    """
+    await db.execute(
+        """
+        CREATE TABLE IF NOT EXISTS hash_check (
+            id TEXT PRIMARY KEY,
+            lnurl_id TEXT
+        );
+    """
+    )
\ No newline at end of file
diff --git a/lnbits/extensions/withdraw/models.py b/lnbits/extensions/withdraw/models.py
index 9a4dfb7c2..4c485ea33 100644
--- a/lnbits/extensions/withdraw/models.py
+++ b/lnbits/extensions/withdraw/models.py
@@ -59,3 +59,12 @@ class WithdrawLink(NamedTuple):
             max_withdrawable=self.max_withdrawable * 1000,
             default_description=self.title,
         )
+
+
+class HashCheck(NamedTuple):
+    id: str
+    lnurl_id: str
+
+    @classmethod
+    def from_row(cls, row: Row) -> "Hash":
+        return cls(**dict(row))
\ No newline at end of file
diff --git a/lnbits/extensions/withdraw/templates/withdraw/_api_docs.html b/lnbits/extensions/withdraw/templates/withdraw/_api_docs.html
index 18a0a5420..484464baf 100644
--- a/lnbits/extensions/withdraw/templates/withdraw/_api_docs.html
+++ b/lnbits/extensions/withdraw/templates/withdraw/_api_docs.html
@@ -129,7 +129,6 @@
     dense
     expand-separator
     label="Delete a withdraw link"
-    class="q-pb-md"
   >
     <q-card>
       <q-card-section>
@@ -149,4 +148,52 @@
       </q-card-section>
     </q-card>
   </q-expansion-item>
+  <q-expansion-item
+    group="api"
+    dense
+    expand-separator
+    label="Get hash check (for captchas to prevent milking)"
+  >
+    <q-card>
+      <q-card-section>
+        <code
+          ><span class="text-blue">GET</span>
+          /withdraw/api/v1/links/&lt;the_hash&gt;/&lt;lnurl_id&gt;</code
+        >
+        <h5 class="text-caption q-mt-sm q-mb-none">Headers</h5>
+        <code>{"X-Api-Key": &lt;invoice_key&gt;}</code><br />
+        <h5 class="text-caption q-mt-sm q-mb-none">Body (application/json)</h5>
+        <h5 class="text-caption q-mt-sm q-mb-none">
+          Returns 201 CREATED (application/json)
+        </h5>
+        <code>{"status": &lt;bool&gt;}</code>
+        <h5 class="text-caption q-mt-sm q-mb-none">Curl example</h5>
+        <code
+          >curl -X GET {{ request.url_root
+          }}api/v1/links/&lt;the_hash&gt;/&lt;lnurl_id&gt; -H "X-Api-Key: {{
+          g.user.wallets[0].inkey }}"
+        </code>
+      </q-card-section>
+    </q-card>
+  </q-expansion-item>
+  <q-expansion-item
+    group="api"
+    dense
+    expand-separator
+    label="Get image to embed"
+    class="q-pb-md"
+  >
+    <q-card>
+      <q-card-section>
+        <code
+          ><span class="text-blue">GET</span>
+          /withdraw/img/&lt;lnurl_id&gt;</code
+        >
+        <h5 class="text-caption q-mt-sm q-mb-none">Curl example</h5>
+        <code
+          >curl -X GET {{ request.url_root }}/withdraw/img/&lt;lnurl_id&gt;"
+        </code>
+      </q-card-section>
+    </q-card>
+  </q-expansion-item>
 </q-expansion-item>
diff --git a/lnbits/extensions/withdraw/views_api.py b/lnbits/extensions/withdraw/views_api.py
index cb8b7f0a7..2f80aab5e 100644
--- a/lnbits/extensions/withdraw/views_api.py
+++ b/lnbits/extensions/withdraw/views_api.py
@@ -12,6 +12,8 @@ from .crud import (
     get_withdraw_links,
     update_withdraw_link,
     delete_withdraw_link,
+    create_hash_check,
+    get_hash_check,
 )
 
 
@@ -111,3 +113,15 @@ async def api_link_delete(link_id):
     await delete_withdraw_link(link_id)
 
     return "", HTTPStatus.NO_CONTENT
+
+
+@withdraw_ext.route("/api/v1/links/<the_hash>/<lnurl_id>", methods=["GET"])
+@api_check_wallet_key("invoice")
+async def api_hash_retrieve(the_hash, lnurl_id):
+    hashCheck = await get_hash_check(the_hash, lnurl_id)
+
+    if not hashCheck:
+        hashCheck = await create_hash_check(the_hash, lnurl_id)
+        return jsonify({"status": False}), HTTPStatus.OK
+
+    return jsonify({"status": True}), HTTPStatus.OK