16.000 leaks. Who's affected?
Is your key secure?
Find out now on npub.world
Login to reply
Replies (54)
It's real
Pip the WoT guy
16.000 leaks. Who
It happened slowly and over time.
Pip the WoT guy
16.000 leaks. Who
Detection system is now live and integrated in npub.world
View quoted note →
Haha, I thought you were providing a solution for profile switching sir, given that intro 😉.
After about one hour the banner decided to change color from red to white. Oh how much I love javascript and css
View quoted note →
check if your nsec has been leaked on
key rotation is next (joking)
If not Vertex than who tho?
One of the HUGE benefits with @primal ‘s new wallet is that it is no longer accessible via your nsec like their old custodial wallet was. You have to restore your 12-word phrase on every device you want to use the wallet on, or use a NWC connection, both of which are far more secure than linking the wallet directly to your nsec.
If you haven’t upgraded to Primal 3.0 yet, it would be prudent to do so in case this ever happens to you.
View quoted note →
me affected damn. now what
Where did the attacks/vulnerabilities happen?
Great tool!
kudos to @VincenzoImp that helped with his Big Brotr archival capabilities
View quoted note →
nice! love to see it
Thanks for doing this
Pulled up my npub on that tool, and didn't see anything but my profile, so I assume I'm safe?
Important to check! Just tried it and I'm safe 🙏
View quoted note →
SEC-06 finishes today and we had some credible proposals on key rotation and identity continuity. Stay tuned for updates from this cohort.
View quoted note →
Honestly, best to just post the eventid it's already leaked.
npub.world uses a service called @Vertex, which returns a proof of the leak. That's it's a signature using the leaked nsec
thank you!
anything sniffed from bunker by ur opsec team ?
Interesting
Ok cool cool, my nsec didn't leak x3
I tried so hard for 1-3 days trying to figure out a deterministicly publicly verifiable way to rotate keys (without making a 'trust me' announcement/decleration post) without putting a parent key at risk because of child leaks, but couldn't figure out a solution x3
Now as I type this, an idea came into my head i'll juggle... but i'm assuming I won't reach an answer (but hey, won't hurt to think about it for a bit and try, who knows x3)
This is useful for detecting compromised keys. If you've created an identity with Inkan, you can then revoke the compromised key and replace it with a new one, without losing your followers.
How can I check mine?
I don't even mind the trust-me kind of solution, just need to agree on one
I was not affected, I only really use amethyst anyways,
SAFU
any idea the way by which the people's npubs got snarfed? i see mine definitely isn't. i'm not exactly that careful but then i think anyone silly enough to use nostr on windows is asking for it and probably not so much better on mac.
i remember some nonsense with that project fiatjaf was working for at one point, keeping the nsecs on servers.
but also, just a few weeks back i posted a meme as well - "opencraw, leaky nsex for all" my money is on opencraw users leaking their keys through incautious LLM usage. also just sayin, but claude knows what a secret looks like and will warn you that you are asking it to leak your nsex.
wow, my key hasnt leaked (yet)?!
Não foi vazada minha nsec...🙏
@Smiffy You seen yet? Your acct is in here.....
I won’t pretend I wasn’t a bit anxious when entering my npub… 😅
Feeling relieved now. Thanks @Pip the WoT guy for building this tool!
View quoted note →
Love love love love this!!!!!
View quoted note →
Seed safu?
this
View quoted note →
Really appreciate this 🫡
Wow I will check
It . Thats a good features
Bot Nsec is owned by the owner of the bot .
Same.. I don't get it 😕
Are hex keys detected in here too? or was it just nsec..?
only nsecs. Hex keys aren't detected because they could be event IDs, pubjeys, blossom blobs.
Just re-analyzed the archive of events and found 3600 more leaks.
All uploaded
View quoted note →
Assuming I'm not wrong (and hopefully not x3 because this would be gold then), I've figured something out:
Nostr Deterministic Keypair Rotation
(didn't make a reference implementation yet)
Keypair rotation without a trust-me announcement, all deterministic/verifiable
Gitea
DNN/docs/NIPS/NIP-DKR.md at main
DNN - A decentralized, Bitcoin-anchored naming system for nostr and the web.
Looking safe over here. Shew.
Yes thanks. Funds are safu.
Now the painful but necessary migration to a new key..
How?
went to site, looked myself up -- now what?
thank you 🤙🏻
If no banner, most likely your key has not been leaked
Visionairies
Bitcoin is better with friends. Security tips, tools & a tribe for your sovereign future.