THIS ACCOUNT HAS BEEN COMPROMISED
Please unfollow this account and follow our new account nostr:npub1w27mc4aa6m0ufe3xs5z3m6qyr52gc0rglept7vqlwx4xeaf72tasnqz70r
Login to reply
Replies (81)
follow unfollow new ACCOUNT account account HAS BEEN this our THIS nostr:npub1w27mc4aa6m0ufe3xs5z3m6qyr52gc0rglept7vqlwx4xeaf72tasnqz70r COMPROMISED
Please and
nostr:nprofile1qqs9vmqkduad4vxglwja5q2mpvauer4nd9452he2r4pml0vhqktyd2qpzemhxue69uhhyetvv9ujucm0d9hx7uewd9hj7aqfmp9 Just confirming.
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwsppemhxue69uhkummn9ekx7mp0qgst4qyeqenw7zm0fwjsty68h6cnys5jre2xd8ngqpjv5a2j26s78fsrqsqqqqqpcueh0v
wtf...
How would one know that this message is from coinos itself and not a fake?
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg96szvsveh0pdh5hfg9jdrmavfjg2fpu4rxne5qqex2w4f9dg0r5cpsgqqqqqqsaxf4gj
Confirming this from my personal account
How'd the nsec get compromised?
Shoe on head please.
Shoe on head prompt activated
Stored on a web-accessible database, I assume.
How did you confirm compromise?
FYI...
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg96szvsveh0pdh5hfg9jdrmavfjg2fpu4rxne5qqex2w4f9dg0r5cpsgqqqqqqsaxf4gj
π§
It's #shoeonhead and thanks. π€
π«‘
Yup he said all the user nsecs at least used to be stored online but since has been moved, but that he thought many may have been leaked before.
Yikes π§ lol
Nostr security is hard.. every application has the option to paste your nsec but very little way to ensure itβs not compromised. Nsec signers and other ways to log-in with Nostr needs to be improved..
Yup. Most Nostr users that have been here for a little while have done things that, from a raw security perspective, mean we should assume our nsecs are already compromised and continue to use them with that in mind. Once this is better addressed users arriving afterwards will be in a better place.
ππ
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspr9mhxue69uhkuurjdau8jtntwf5hxarpwpekktnvwc4zmvnm
I'm not exactly sure unfortunately
Rekt
my webcam is too crappy to capture the date i wrote out 
ππ
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwsppemhxue69uhkummn9ekx7mp0qgst4qyeqenw7zm0fwjsty68h6cnys5jre2xd8ngqpjv5a2j26s78fsrqsqqqqqpcueh0v
π
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspr9mhxue69uhkuurjdau8jtntwf5hxarpwpekktnvwcpzpw5qnyrxdmctda962pvng7ltzvjzjg09ge57dqqxfjn42ft2rcaxqvzqqqqqqydhsxrn
You're good. +10 style points.
How do you know itβs compromised then?
Never got around to giving this wallet a go,guess I won't now
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwsppemhxue69uhkummn9ekx7mp0qgst4qyeqenw7zm0fwjsty68h6cnys5jre2xd8ngqpjv5a2j26s78fsrqsqqqqqpcueh0v
This is a perfect example why Nostr Sec is easy!
You write βcompromisedβ and post a new Npub.
How does one go through this many security failures in so little time?
I don't want to be rude, I really like what you guys are doing, and I don't want to make a bad situation worse, we bitcoiners should stick together.
This is coming one after another. Please take care of your security.
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg96szvsveh0pdh5hfg9jdrmavfjg2fpu4rxne5qqex2w4f9dg0r5cpsgqqqqqqsaxf4gj
Dang, sorry to hear that!
Crappy is good. LLMs struggle with crappy
Some of us have been telling everyone else for like three years that pasting nsec's into websites (or allowing such) is bad practice. Some people need to learn the hard way.
Bunkers are the way
How do we know this message has not been compromised?
π€
π³
Nice shoe π
Or the hacker does so.
π€―π³
If it wasnβt then he wouldnβt be telling you itβs compromised.
Cc nostr:nprofile1qqsylfw3csf79dz7zr2qhu6k92msrffnzgrwxkwfpw4wp6vml4kxusgpp4mhxue69uhkummn9ekx7mqpz4mhxue69uhk2er9dchxummnw3ezumrpdejqzrmhwden5te0dehhxarj9ekk7mgz5wqse
Maybe recommending coinos to you was not such a good idea..
Let's take this as a lesson and we should set up our own nostr:nprofile1qqsyv47lazt9h6ycp2fsw270khje5egjgsrdkrupjg27u796g7f5k0spzemhxue69uhk2er9dchxummnw3ezumrpdejz7qgwwaehxw309ahx7uewd3hkctcprdmhxue69uhkummnw3ez6vfwde3x7tnpdenkzmnf9e3k75xqss4 hub for #edufeed
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtczyzagpxgxvmhskm6t55zex3a7kyey9ys723nfu6qqvn9825jk5836vqcyqqqqqqguqkfhn
Exactly
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspz9mhxue69uhkummnw3ezuamfdejj7q3qh2qfjpnxau9k7ja9qkf50043xfpfy8j5v60xsqryef64y44puwnqxpqqqqqqznfyrhd
how do I know that's a verified post?
nip05
nip05
YOU CAN JUST GROW A NEW PAIR π€
nostr:nevent1qgst4qyeqenw7zm0fwjsty68h6cnys5jre2xd8ngqpjv5a2j26s78fspzdmhxue69uhhgetdwqhxjunfwvh8gme0qyfhwumn8ghj7ar9d4czu6tjd9ejuar09uqzqf75t2lzqpjk7a7ew6jk6hwny4slz6ahkmpwzku4dfpl8phs2vd6lxyeve
π«ΆπΌππΎ
PGP? π
Ehhh.. that's more to prove the person owns the account, not that they posted the message.
in the post, they gave an npub, and that npub has a nip05 name with their domain name.
so this confirms the given npub is correct, which means the message is not lying.
I've never seen a banana hammock that big.
Olha sΓ³ rapaz kkkkk
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspy9mhxue69uhhyetvv9ujumr90p5kuem5dahxy6t5vdhkjm3wdaexwtczyzagpxgxvmhskm6t55zex3a7kyey9ys723nfu6qqvn9825jk5836vqcyqqqqqqgzv5hd2
Conta da Coinos comprometida
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg96szvsveh0pdh5hfg9jdrmavfjg2fpu4rxne5qqex2w4f9dg0r5cpsgqqqqqqsaxf4gj
SerΓ‘ que agora vΓ£o entender que o nostr precisa de rotatividade de chaves, revoke e subkeys como GPG?
https://github.com/nostr-protocol/nips/pull/1450
How could that be. Imagine if GPG keys were just a single static key?
nostr:nevent1qqstezfxergmhj9dws467gc5hgevq30tk65zwudgcda7q3jnph3qqaqppemhxue69uhkummn9ekx7mp0qgs9wmfrms7myptdyzyyj330ac6ce70s7vcs5trredkzv7jtnavy37grqsqqqqqp8tfeqc
Unless the one who compromised, posted it?
Looks like it could transport an elephant.
Oh jeez ...their domain....my bad ... πππ«
Ok
But how do I know this npub had any nip-05 alias configured and it has changed to another npub?
I followed this npub, not the NIP-05 alias...
I don't remember which DNS name was defined this npub....
Followed the new account. π«‘
coinos is a company.
https://coinos.io is their domain.
are you for real asking how do we know the new npub belongs to coinos?
or are you trying to ask a more general question about how to verify people with compromised nsecs?
The second one.
I understand nip-05 use for a company with a known DNS name to point to it's 'official' npub.
But I think that is of no use for people's npubs.
I think WoT is a better option there.
π«
sounds like a bluff, followed
nostr:nevent1qvzqqqqqqypzpw5qnyrxdmctda962pvng7ltzvjzjg09ge57dqqxfjn42ft2rcaxqqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwsjj7gty
Shit, if my associated lightning url gets cooked, that's gonna be the last straw.
nostr:note1yl29403qqet0wlvhdftdthfj2c03dwmmdshptw2k5slnsmc9xxaqw2n4g4
Someone was able to publish a kind 0 that changed our nip05 and lud16 fields to bogus addresses
Who is this? nostr:nprofile1qqs9csh89uezjd4f4z0xfycuc99qea0x0j7p0dzmcqg5ez7grl6e7kgmsm9uw
NIP 05 isn't pointing to the new profile in OP π€·ββοΈ
ffs
Who stops the "hacker" doing the same? π
Getting your nsec compromised shouldnβt make you lose all your followers.
We need to decouple private keys and identity. Private keys should never leave the device that generated them.
Anyone working on the equivalent of a SAFE multisig for Nostr?
I know about Frostr. Is anyone using it? Any other explorations?
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspr9mhxue69uhkuurjdau8jtntwf5hxarpwpekktnvwc4zmvnm
well done
in the case of a leaked nsec, the easiest way to prove it is just drop the nsec
#ShoeOnHead!
nostr:nprofile1qqs24yz8xftq8kkdf7q5yzf4v7tn2ek78v0zp2y427mj3sa7f34ggjcpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcppemhxue69uhkummn9ekx7mp0qyg8wumn8ghj7mn0wd68ytnddakj703s8dt , it would be nice seeing in the UI the last time a npub profile has been updated for cases like this one.
π«
cc. nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspz9mhxue69uhkummnw3ezuamfdejj7q3qh2qfjpnxau9k7ja9qkf50043xfpfy8j5v60xsqryef64y44puwnqxpqqqqqqznfyrhd
yup
Nostr signers . The copy paste is the weak point , if only human brain can memorise that key .
The good way would be generate your seed phrase ( mnemonic) on offline device to prevent any network exposure
lol #coinos is toast!
nostr:nevent1qqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwspz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg96szvsveh0pdh5hfg9jdrmavfjg2fpu4rxne5qqex2w4f9dg0r5cpsgqqqqqqsaxf4gj
mark
nostr:nevent1qvzqqqqqqypzpw5qnyrxdmctda962pvng7ltzvjzjg09ge57dqqxfjn42ft2rcaxqqsz04z6hcsqv4hh0ktk54k4m5e9v8ckhdakcts4h9t2g0ecduznrwsjj7gty
nostr:nevent1qvzqqqqqqypzq4nvzehn4k4sera6tksptv9nhnywkd5kk32l9gw580aajuzev34gqqs98jhu9muy4kvhvn0fjuam085zu84zt3keht2lxy4k5xd782w3keqvqyf5v