nostr:npub17lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0qlk9uux I don’t have all the context, but session token theft doesn’t necessarily mean they interacted with a phishing website. Could have been endpoint malware that stole it from browser.