Thank you for your work and for communicating openly about this. Sending you love from Brussels.

cautionary tale but if you only keep a small amount of sats, it's a tradeoff between security and laziness. Hope you guys at @Mysterious Hamster get back on track soon View quoted note →

Thanks for the transparency on the issue. I feel sorry for the stress you are having. I am always impressed how many people / merchants you onboarded in western Canada. Keep going!

Oh no, I just started with #nostr and the #coinos wallet a couple days ago. Wishing you all the best repairing everything!

Here it goes. Thankyou @coinos ya'll have been a great. Keep up the good work.

Are there problems with your channel management? I have problems to send 5000 sats. Great to see ecash tho! Thanks for the Service! 🧡

Thanks for the transparency 💜

All of a sudden 6000 sats for albyhub don't sound too bad now does it lol

Hahaha

This is such a shame. didn't use your services for over a year because of instability. Came back a week ago, put all my incoming donation and zap stuff on coinos. and now this. Hope you get things under control.

I’m sorry you’re going through that, as a fellow dev who’s gone through hacks you have all my sympathies. You’re providing a great service, I’ve gotten a bunch of family members onto lightning with you, and you’re my daily wallet for zaps.

It’s common practice to either have a bug bounty program as a product, or as a white hat hacker ask for reasonable compensation during disclosure. Unsurprisingly there’s also a lot of scamming. I had a customer who got conned and paid 3.5 ETH for fake vulnerability disclosures.

This is what a great custodian looks like. This is also what trusting a custodian looks like.

Does all accounts have no balance or I had bad luck ⛓️‍💥

Nice job stopping them!! Hang in there.

Thank you all by your efert!

Thanks for letting us know. Keep up the great work @npub12ekp...tq0f 🫡

Oh no not at all. The scammers tried to extort him for more money, and meanwhile I was told to engage this guy on Telegram to get more information on how to reproduce the error. He tried to get me to buy his “vulnerability detection kit” or whatever, which I’m sure was a virus of some kind. I forgot to mention that the entire company, including the customer’s non technical CFO, tried to convince him not to post the ransom in the first place.

Thanks for the transparency. Love the app.

Fren karma will catch up with the bad actor involved in harming others joy that youve brought them through your hard work. Keep going and it'll be even better now #ProofOfWork

Thanks for being transparent about this

Parabéns. "Na guerra é que se forja o verdadeiro caráter". Avante!

*Stops using Alby since it was acting up *Swaps to CoinOs *CoinOs gets hacked 🙃

🫂🧡

Thanks Sir, for the honesty, the effort and all the work. 🫂

ALL CLASS ADAM. THANK YOU FOR BEING SO VIGILANT.

🤔 I can't remember the last time a hunk of metal was hacked...

I like my thieves within FAFO range.

Just zaped you with @Mysterious Hamster 🙏

No they were able to change some account passwords but would not have learned anyone's existing password.

Please check again, we're still restoring some accounts

Thank you!! You're doing a tremendous service. I'm patient. I know this stuff can happen, I signed up for it with full knowledge of the tradeoffs in security vs full self custody. These things happen.

Damn it. I was one of the 80 accounts. 5k sats gone. Thank god I look at lightning as the medium of exchange and not the store of value. Sucks though.

Well, that sucks. Literally switched three days ago 👀 Yikes. Bad actors man! What a shame. But I guess exposing vulnerabilities is a good thing when you have 1000 sats instead of a lot more.

Looking better now? Sorry for the scare, we're still restoring some accounts.

😂

will the transactions be automatically re-added? my history of transactions are gone

My account has been restore, thank you 🫡

Incredible! Thank you! May the zaps continue to flow! ⚡️⚡️⚡️🫡

Yes, we'll get them back please hang tight as we're still reviewing accounts one by one

Ok should be looking better now.

Hope you can provide a post incident report once the dust is settled. Wishing you the best.

Lol tell me how you really feel

Hi sorry we just reset your account. Can you try again?

Cheers to the transparency, and thank you for the work that you do. To those who don’t know, Coinos does have a self custody option to be able to pull down your sats on-chain which should be resistant to these kind of attack.

I cannot access my account.

great

I need to send a larger amount of sats to buy a plane ticket.. wen? Pretty please 🥹

Hi you should be whitelisted for withdrawals now, sorry for the delay

We banned some IP addresses that the attacker was using. You may be using the same VPN as them. Please DM or send your IP to support@coinos.io and we'll look at unblocking it for you.

Thanks! Sending to my other wallet worked but paying Travala did not

I use a VPN, but it's working now again.

Hi. CoinOS website is completely inaccessible for me as well even with my VPN disabled.

Please DM your IP or send to support@coinos.io

Sorry this may be too late for you but we're opening a new channel to OpenNode

The Mempool Open Source Project®

Explore the full Bitcoin ecosystem with The Mempool Open Source Project®. See the real-time status of your transactions, get network info, and more.

which hopefully will help in the future

Perfect! Thank you 🙏

I just notice that. I was affected. I tried clear the browser cache clearing solution and It didn't work.

Same issue here

Hey @npub12ekp...tq0f, any update on the status of withdrawals? I just tried this GM without success.

We might have run low on liquidity. Can you try again?

I was able to send 21 sats but larger amounts fail. I also tried increasing the max routing fee (e.g. from 50 to 500 for 10K sats) but no luck.

Same problem here

@Qas don't know if you saw this

Thanks, I’ll reach out to them shortly!

Sorry to hear this, I’m a penetration tester and happy to work with you to validate that the fix you’ve implemented has worked?

Any luck @npub12ekp...tq0f?

I could withdraw up to 500 sats. But no more at a time

I think he fixed it. Got a large autowithdraw just now. 🙏

We lifted the limits yesterday, should be back to normal now.

Thanks for this report... seconding @EVAN KALOUDIS request for an incident report... would be useful for @npub19hg5...yv9p implementors especially. My main question is this: Is there anything NWC-specific about this vulnerability? From what I see in your post, it looks like a more vanilla-flavored attack on your auth/login mechanism, which THEN allowed the attacker to mess with the NWC codes. But if you're learned anything NWC-specific that would be very useful for others to learn from...

Totally appreciate the transparency.

Was hacked!

I’m unable to pay for Alby Hub which is a little more than 21k sats. Any idea?

Used @Wallet of Satoshi to pay for it and I’m up and running ✌️ note1nt7xwadtrsru3q9g5wzkw2c9tj4awf44g0kekxskse90tgkj792qz7wtvv

We are looking for an investor who can loan our holding company 237,000 US dollars. With this money, we will open a farm in Baku, Azerbaijan to produce animal-based food. We will also make our own animal feed, so our products will be healthier, better quality, and cheaper. Because we sell quality products for less and have strong advertising, we will sell more worldwide and make big profits. Why Azerbaijan? Because animal farming makes a lot of money there, but few people do it. That’s why we will earn more by starting in Azerbaijan. Additionally, by producing our own animal feed, we will be able to sell healthier, higher quality animal products at a lower price. Since we can sell quality products cheaply and thanks to our strong advertising network, we will be able to sell more internationally and make huge profits. The reason for establishing the business in Azerbaijan is that animal husbandry is a very profitable business in Azerbaijan, but since there are very few people doing animal husbandry, establishing the farm in Azerbaijan will provide us with more income. Your profit: You will lend 237,000 US dollars to our holding company and when 22.03.2026 comes, you will receive your money back as 953,000 US dollars. Your earnings will be great. When 22.03.2026 comes, you will get your money back as 953.00 US dollars. You will lend 237,000 US dollars to our holding company and when 22.03.2026 comes, you will receive your money back as 953,000 US dollars. When 22.03.2026 comes, I will give you back your money in the amount of 953,000 US dollars. That means you will earn 716,000 US dollars profit in just 9 months. If you like this project and want to loan us money, message me on WhatsApp or Telegram for more details. If our project is suitable for you and you would like to lend money to our holding, send a message to my WhatsApp number or Telegram username below and I will give you detailed information. For detailed information and to lend money to our holding, send a message to my whatsapp number or telegram username below and I will give you detailed information. My WhatsApp phone number: +44 7842 572711 My telegram username: @adenholding