THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
Thread
Login to reply
Replies ()
follow unfollow new ACCOUNT account account HAS BEEN this our THIS @npub1w27m...z70r COMPROMISED
Please and
@npub12ekp...tq0f Just confirming.
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
wtf...
How would one know that this message is from coinos itself and not a fake?
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
Confirming this from my personal account
How'd the nsec get compromised?
Shoe on head please.
Shoe on head prompt activated
Stored on a web-accessible database, I assume.
How did you confirm compromise?
It's #shoeonhead and thanks. π€
Yup he said all the user nsecs at least used to be stored online but since has been moved, but that he thought many may have been leaked before.
Yikes π§ lol
I'm not exactly sure unfortunately
my webcam is too crappy to capture the date i wrote out 
You're good. +10 style points.
How do you know itβs compromised then?
Dang, sorry to hear that!
Crappy is good. LLMs struggle with crappy
Nice shoe π
π«ΆπΌππΎ
I've never seen a banana hammock that big.
Looks like it could transport an elephant.
Followed the new account. π«‘
Someone was able to publish a kind 0 that changed our nip05 and lud16 fields to bogus addresses
Who is this? @npub1t3pw...vn7w
NIP 05 isn't pointing to the new profile in OP π€·ββοΈ
well done
in the case of a leaked nsec, the easiest way to prove it is just drop the nsec
#ShoeOnHead!
FYI...
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
π§
π«‘
Nostr security is hard.. every application has the option to paste your nsec but very little way to ensure itβs not compromised. Nsec signers and other ways to log-in with Nostr needs to be improved..
Yup. Most Nostr users that have been here for a little while have done things that, from a raw security perspective, mean we should assume our nsecs are already compromised and continue to use them with that in mind. Once this is better addressed users arriving afterwards will be in a better place.
Some of us have been telling everyone else for like three years that pasting nsec's into websites (or allowing such) is bad practice. Some people need to learn the hard way.
Bunkers are the way
yup
Nostr signers . The copy paste is the weak point , if only human brain can memorise that key .
The good way would be generate your seed phrase ( mnemonic) on offline device to prevent any network exposure
ππ
View quoted note β
Rekt
π
View quoted note β
Never got around to giving this wallet a go,guess I won't now
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
This is a perfect example why Nostr Sec is easy!
You write βcompromisedβ and post a new Npub.
Or the hacker does so.
nip05
Who stops the "hacker" doing the same? π
![Anhern Sarsalor [IQ: 102]'s avatar](https://image.nostr.build/0ef9488eed98a6091f4c3aa85d4acde81615321da8f156bdd8020c6eca9125c3.jpg){kind=small}
How does one go through this many security failures in so little time?
I don't want to be rude, I really like what you guys are doing, and I don't want to make a bad situation worse, we bitcoiners should stick together.
This is coming one after another. Please take care of your security.
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
How do we know this message has not been compromised?
π€
If it wasnβt then he wouldnβt be telling you itβs compromised.
Exactly
nip05
Ehhh.. that's more to prove the person owns the account, not that they posted the message.
in the post, they gave an npub, and that npub has a nip05 name with their domain name.
so this confirms the given npub is correct, which means the message is not lying.
Unless the one who compromised, posted it?
Oh jeez ...their domain....my bad ... πππ«
Ok
But how do I know this npub had any nip-05 alias configured and it has changed to another npub?
I followed this npub, not the NIP-05 alias...
I don't remember which DNS name was defined this npub....
coinos is a company.
https://coinos.io is their domain.
are you for real asking how do we know the new npub belongs to coinos?
or are you trying to ask a more general question about how to verify people with compromised nsecs?
The second one.
I understand nip-05 use for a company with a known DNS name to point to it's 'official' npub.
But I think that is of no use for people's npubs.
I think WoT is a better option there.
π«
π³
π€―π³
Cc @JΓΆrg Lohrer
Maybe recommending coinos to you was not such a good idea..
Let's take this as a lesson and we should set up our own @Alby hub for #edufeed
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
how do I know that's a verified post?
PGP? π
YOU CAN JUST GROW A NEW PAIR π€
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
Olha sΓ³ rapaz kkkkk
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
Conta da Coinos comprometida
SerΓ‘ que agora vΓ£o entender que o nostr precisa de rotatividade de chaves, revoke e subkeys como GPG?
GitHub
NIP-102: Subkey Attestation by ynniv Β· Pull Request #1450 Β· nostr-protocol/nips
This NIP defines a way to separate identity from authentication using hierarchical deterministic (HD) keys. This allows people to use one key pair ...
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
sounds like a bluff, followed
View quoted note β
Doesn't give me a lot of confidence in your wallet, tbh.
Shit, if my associated lightning url gets cooked, that's gonna be the last straw.
View quoted note β
ffs
Getting your nsec compromised shouldnβt make you lose all your followers.
We need to decouple private keys and identity. Private keys should never leave the device that generated them.
Anyone working on the equivalent of a SAFE multisig for Nostr?
I know about Frostr. Is anyone using it? Any other explorations?
View quoted note β
@Amethyst , it would be nice seeing in the UI the last time a npub profile has been updated for cases like this one.
π«
cc. @Vitor Pamplona
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
lol #coinos is toast!
THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account @npub1w27m...z70r
View quoted note →
mark