It sounds like you have more than one nsec. Likely the one in Alby is auto-generated. You can use it, but it's not connected to your same identity. It would be separate.
If your nsec is being stored in Coinos, there is a chance that it has been compromised:
Confirm that the nsec stored in Coinos is your correct nsec by putting it into Amber and using Amber to log into any Nostr app. If your correct "account" comes up, then Coinos had your nsec stored on their servers and it should be considered compromised.
We're still investigating what happened here. It seems a handful of accounts may have been compromised and had their autowithdrawal settings tampered with, including our own "coinos@coinos.io" account.
We ran a script to search for accounts that had the attacker's "speed.app" withdrawal address in place and found about 9 that seem to have been affected. There could be more though, we will update as we have more information.
I worry that this may be the same attacker who exploited a password reset vulnerability back in January which allowed them to gain access to a number of accounts. It's possible that since that time they have been sitting on the account data and working to brute force the encrypted nostr private keys that we had on file for some accounts that had imported their nostr key into Coinos. Those keys were encrypted at rest in our database but it's possible they may have been cracked.
We no longer store nostr private keys for accounts and have since added support for external signing apps and browser extension login, but there was a time when we were storing encrypted nsec private keys.
Having a users nsec would allow an attacker to authenticate into Coinos by signing a nostr event and change the user settings. It also means your entire nostr profile and identity may be compromised.
This is only a hypothesis at this point and we need to investigate further but we may end up recommending that affected users rotate their nostr keys.
View quoted note →
View quoted note →