PSA: An autowithdraw exploit for @OVO has been confirmed. Check your settings if you’re using this wallet.
Felt bad for not giving them more time to respond privately, but hopefully this saves some of your sats.
Login to reply
Replies (17)
I can't remember why I stopped using #coinos but it wasn't something this bad. ouch!
#exploit
#bitcoin #btc #ln #asknostr #nostr
#smij #zapd #freedom #decentralized #unity #rossisfree #grownostr
I blame the bad vibes, damn that "Vibe Coding"!!!
Damn. Didn't they need to restore their DB & rebuild histories a couple months ago?
😖 I don't know, but that really sounds like a shitty situation. Best of luck to that team!
Yes.
No DevOps, apparently.
DevOops
Holy fuck every month there's a new issue/exploit on Coinos...
Yeah, I ain't ever using that shit now
This reminds me of the time @npub1c878...8avm pushed an update to the demo server without testing it, that led to loss of multiple BTC
And they said “oops this is a beta software we are not responsible”
And how they had multiple ways for “read only” API keys to empty wallets
And that one time where it took them months of nagging to fix a critical SQLi vulnerability (this affected their entire codebase(!!!!))
And how they called me a FUDer for pointing out their security track record is shit
A lot of them are really rich. For most of us, even losing €10 is painful.
We're doing some digging over at SN: 
The coinos nsec may be compromised too because the kind 0 changed 4h20m ago.
Stacker News
Coinos autowithdrawal exploit \ stacker news
Two users have reported that their lightning address for autowithdrawals from Coinos has been changed without their consent: https://primal.net/e/n...
FYI, I never turned on ‘Auto Withdraw’, unless it ‘Auto Turned On’..
Yea I’ll be done using them. Never really needed it anyway.
Good to hear it didn’t get enabled for you. It did for Sergio.
View quoted note →
Thankfully my 5 sat burner account is safe
👀👀