pull down to refresh
Coracle accidentally shared private keys with error tracking toolnjump.me/nevent1qqsrz6g5ds3dfht4a6zgdt7k593ujhnrz4njn6mke2fmpwxjc3sgafcpzemhxue69uhhyetvv9ujumn0wd68ytnzv9hxgqg6waehxw309aex2mrp0yh8wetnw3jhymnzw33jucm0d5q3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7q3qjlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3q5afcmh
Guess Nostr's still at the stage where each user should audit code and network access themselves.
Wonder what the disclosure timeline on this was. Did he just open up the bug tool one day and go wow that's bad or did someone alert him.
The fun part is hodlbod can never prove that he doesn't have all those nsecs so lots of people should be setting up new npubs and deprecating existing ones. Might turn into a sort of proof of alive followers event.
Second sentence actually 👀
Read again the note. Is about those users that didn't used an external keys extension signer and directly used nsec to login.
Always use Alby, nos2x or hardware signer to login on nostr clients.
Do not use directly plain text nsec.
more nostr signers:
Putting your nsec in plain text is like pasting your BTC wallet seed in plain text on a random webpage...
People always say that but it also seems reasonable to expect an app not to send the nsec anywhere. It's not like it was hacked. A signer app may separate concerns but it's still more code to audit.
It's a common practice now that you as a developer need "external" tools to know what's is going on in your own program, sad... but true.
If I read this correctly. Someone else had the API key also
view on primal.net