Oddbean new post about login | logout We did, then I made a new nym and was moving sats around . I fucked up
Fakkkkkkkk
Everyone wish it was them ; 185k sats richer. I’ll just stop zapping for the rest of 2023
Did you at least get your wallet/zaps sorted out?
Yo wtf kat we told you to burn that shit and never use it again!
LOLLLLL, they got into my stacker.news some how
I think getAlby had me compromised
You exposed your entire getalby everything you needed to get an entirely new lightning wallet ugh I’m so sorry this happened to you :-(
⭐ Starknet Whitelist Registration is now live. ⭐ https://telegra.ph/starknet-10-10 Claim Your free $STRK.
Damn.... burn that entire alby account and all wallets associated with it. I'd consider anything touching it compromised... vic was right to be worried
I feel Vic’s anxiety now :-( sorry kat
HAHAHA, yea. It was just fun tho, I’m not trying to worry . I’ll do better . 😭
Thanks 🙏 I luckily moved most of it before they got to everything. I’ll just cry a little, and I will be just fine. At least it wasn’t 1m sats
That was a lot of fun at #thecasine someone just stole tho :-(
Yeah fuck those fuckers. Kat do you have an uncompromised wallet address?
I just made a strike account
Hrmmm zaps not working?
They not? 🥲
https://i.nostr.build/RXBZ.jpg
Just to be clear, the hack had nothing to do with #thecasine. Kat accidentally exposed her keys and it was noticed by someone at casine and the plebs there tried to help her fix. Shit got ducked up the next morning and she got hacked. Again, this has nothing to do with casine or frogtalk. In fact the exact opposite, casine tried to help.
All tru 🥲
Which keys? Nostr or Bitcoin?
@Alby keys got exposed via a wallet connect link which exposed everything connected to get alby
Hey, what happened? Sad to hear about loss... Be careful with granting NWC permissions to sites!
LNAuth link was posted in the LNURL location in a nostr profile, giving access to alby. Noobs don’t know enough to know the difference. Hide LNAuth behind more advanced area, make LNURL address more prominent and obvious for nostr noobs to set up zapping
Ayy, can you provide more context to the story? We hope no more such things happen!
@Vic might be able to help with more technical details but I believe it was the Auth code/script/whatever that allows Alby to control other wallets that was accidentally exposed. It was published as the lnaddress or something like that. Seems there was no validation check on the client side. It was originally believed that only the Zeus wallet was at risk but it was later found afyer the wallet was drained that the stacker.news account (and all other linked accounts) were apparently also at risk.
Could you share more details of what happend with support@ getalby. com? So we can investigate what happened?
I put my lnauth into my lightening address , and my getAlby was attached to my primal/damus which has my nsec
