Oddbean new post about | logout
 Wait I thought you guys sorted this out last night?! 
 We did, then I made a new nym and was moving sats  around . I fucked up 
 Fakkkkkkkk 
 Everyone wish it was them ; 185k sats richer. I’ll just stop zapping for the rest of 2023 
 Did you at least get your wallet/zaps sorted out? 
 Yo wtf kat we told you to burn that shit and never use it again! 
 LOLLLLL, they got into my stacker.news some how 
 I think getAlby had me compromised 
 You exposed your entire getalby everything you needed to get an entirely new lightning wallet ugh I’m so sorry this happened to you :-( 
  ⭐ Starknet Whitelist Registration is now live. 

 ⭐ https://telegra.ph/starknet-10-10 Claim Your free $STRK. 
 Damn.... burn that entire alby account and all wallets associated with it. I'd consider anything touching it compromised... vic was right to be worried 
 I feel Vic’s anxiety now :-( sorry kat 
 HAHAHA, yea. It was just fun tho, I’m not trying to worry . 
I’ll do better . 😭 
 🫂 🤗 🫂 🤗 
 Thanks 🙏 I luckily moved most of it before they got to everything. I’ll just cry a little, and I will be just fine. At least it wasn’t 1m sats 
 That was a lot of fun at #thecasine someone just stole tho :-( 
 Yeah fuck those fuckers.
Kat do you have an uncompromised wallet address? 
 I just made a strike account 
 Hrmmm zaps not working? 
 Just to be clear, the hack had nothing to do with #thecasine. Kat accidentally exposed her keys and it was noticed by someone at casine and the plebs there tried to help her fix. Shit got ducked up the next morning and she got hacked. Again, this has nothing to do with casine or frogtalk. In fact the exact opposite, casine tried to help. 
 All tru 🥲 
 Which keys?  Nostr or Bitcoin? 
 @Alby  keys got exposed via  a wallet connect link which exposed everything connected to get alby 
 Hey, what happened? Sad to hear about loss... Be careful with granting NWC permissions to sites! 
 LNAuth link was posted in the LNURL location in a nostr profile, giving access to alby.

Noobs don’t know enough to know the difference. Hide LNAuth behind more advanced area, make LNURL address more prominent and obvious for nostr noobs to set up zapping 
 Ayy, can you provide more context to the story? We hope no more such things happen! 
 @Vic might be able to help with more technical details but I believe it was the Auth code/script/whatever that allows Alby to control other wallets that was accidentally exposed. It was published as the lnaddress or something like that. Seems there was no validation check on the client side.
It was originally believed that only the Zeus wallet was at risk but it was later found afyer the wallet was drained that the stacker.news account (and all other linked accounts) were apparently also at risk. 
 Could you share more details of what happend with support@ getalby. com? So we can investigate what happened? 
 I put my lnauth into my lightening address , and my getAlby was attached to my primal/damus which has my nsec 
 Was that not actually a new wallet?? Was it just a new LNurl pointing back to the old exposed wallet? Wtf