It's real

Pip the WoT guy

16.000 leaks. Who

It happened slowly and over time.

Pip the WoT guy

16.000 leaks. Who

Detection system is now live and integrated in npub.world View quoted note →

👀 View quoted note →

Haha, I thought you were providing a solution for profile switching sir, given that intro 😉.

After about one hour the banner decided to change color from red to white. Oh how much I love javascript and css View quoted note →

phew no nsec leak for me check if your nsec has been leaked on

npub.world

View quoted note →

key rotation is next (joking)

If not Vertex than who tho?

One of the HUGE benefits with @primal ‘s new wallet is that it is no longer accessible via your nsec like their old custodial wallet was. You have to restore your 12-word phrase on every device you want to use the wallet on, or use a NWC connection, both of which are far more secure than linking the wallet directly to your nsec. If you haven’t upgraded to Primal 3.0 yet, it would be prudent to do so in case this ever happens to you. View quoted note →

me affected damn. now what

Where did the attacks/vulnerabilities happen?

Great tool!

kudos to @VincenzoImp that helped with his Big Brotr archival capabilities View quoted note →

nice! love to see it

Thanks for doing this Pulled up my npub on that tool, and didn't see anything but my profile, so I assume I'm safe?

Important to check! Just tried it and I'm safe 🙏 View quoted note →

SEC-06 finishes today and we had some credible proposals on key rotation and identity continuity. Stay tuned for updates from this cohort. View quoted note →

Honestly, best to just post the eventid it's already leaked.

npub.world uses a service called @Vertex, which returns a proof of the leak. That's it's a signature using the leaked nsec

thank you!

anything sniffed from bunker by ur opsec team ?

Interesting

Ok cool cool, my nsec didn't leak x3

I tried so hard for 1-3 days trying to figure out a deterministicly publicly verifiable way to rotate keys (without making a 'trust me' announcement/decleration post) without putting a parent key at risk because of child leaks, but couldn't figure out a solution x3 Now as I type this, an idea came into my head i'll juggle... but i'm assuming I won't reach an answer (but hey, won't hurt to think about it for a bit and try, who knows x3)

This is useful for detecting compromised keys. If you've created an identity with Inkan, you can then revoke the compromised key and replace it with a new one, without losing your followers.

How can I check mine?

I don't even mind the trust-me kind of solution, just need to agree on one

I was not affected, I only really use amethyst anyways,

So if it says nothing that means I'm safe right?

SAFU

any idea the way by which the people's npubs got snarfed? i see mine definitely isn't. i'm not exactly that careful but then i think anyone silly enough to use nostr on windows is asking for it and probably not so much better on mac.

i remember some nonsense with that project fiatjaf was working for at one point, keeping the nsecs on servers. but also, just a few weeks back i posted a meme as well - "opencraw, leaky nsex for all" my money is on opencraw users leaking their keys through incautious LLM usage. also just sayin, but claude knows what a secret looks like and will warn you that you are asking it to leak your nsex.

wow, my key hasnt leaked (yet)?!

Não foi vazada minha nsec...🙏

@Smiffy You seen yet? Your acct is in here.....

I won’t pretend I wasn’t a bit anxious when entering my npub… 😅 Feeling relieved now. Thanks @Pip the WoT guy for building this tool! View quoted note →

Love love love love this!!!!! View quoted note →

Seed safu?

this View quoted note →

Really appreciate this 🫡

زغى5ىخبف6يخب86لخق2غة8خبغلخ

Thanks for sharing! Do we know how these keys may have leaked? 🤔

Wow I will check It . Thats a good features

Bot Nsec is owned by the owner of the bot .

Same.. I don't get it 😕

Oops. Had to watch the short video, it shows what to look for (a notice in red)

Are hex keys detected in here too? or was it just nsec..?

only nsecs. Hex keys aren't detected because they could be event IDs, pubjeys, blossom blobs.

WoT by @Mickey #introductions

Just re-analyzed the archive of events and found 3600 more leaks. All uploaded View quoted note →

Make a new key, then use this.

Clonable by Mutable: Migrate your Nostr identity to a new key

Clone your profile, follows, mutes, and relays from an old key to a new one. Essential tool for recovering from a compromised nsec.

Assuming I'm not wrong (and hopefully not x3 because this would be gold then), I've figured something out: Nostr Deterministic Keypair Rotation (didn't make a reference implementation yet) Keypair rotation without a trust-me announcement, all deterministic/verifiable

Gitea

DNN/docs/NIPS/NIP-DKR.md at main

DNN - A decentralized, Bitcoin-anchored naming system for nostr and the web.

We are looking for someone who can lend our holding company 300,000 US dollars. We are looking for an investor who can lend our holding company 300,000 US dollars. We are looking for an investor who can invest 300,000 US dollars in our holding company. With the 300,000 US dollars you will lend to our holding company, we will develop a multi-functional device that can both heat and cool, also has a cooking function, and provides more efficient cooling and heating than an air conditioner. With your investment of 300,000 US dollars in our holding company, we will produce a multi-functional device that will attract a great deal of interest from people. With the device we're developing, people will be able to heat or cool their rooms more effectively, and thanks to its built-in stove feature, they'll be able to cook whatever they want right where they're sitting. People generally prefer multi-functional devices. The device we will produce will have 3 functions, which will encourage people to buy even more. The device we will produce will be able to easily heat and cool an area of ​​45 square meters, and its hob will be able to cook at temperatures up to 900 degrees Celsius. If you invest in this project, you will also greatly profit. Additionally, the device we will be making will also have a remote control feature. Thanks to remote control, customers who purchase the device will be able to turn it on and off remotely via the mobile application. Thanks to the wireless feature of our device, people can turn it on and heat or cool their rooms whenever they want, even when they are not at home. How will we manufacture the device? We will have the device manufactured by electronics companies in India, thus reducing labor costs to zero and producing the device more cheaply. Today, India is a technologically advanced country, and since they produce both inexpensive and robust technological products, we will manufacture in India. So how will we market our product? We will produce 2000 units of our product. The production cost, warehousing costs, and taxes for 2000 units will amount to 240,000 US dollars. We will use the remaining 60,000 US dollars for marketing. By marketing, we will reach a larger audience, which means more sales. We will sell each of the devices we produce for 3100 US dollars. Because our product is long-lasting and more multifunctional than an air conditioner, people will easily buy it. Since 2000 units is a small initial quantity, they will all be sold easily. From these 2000 units, we will have earned a total of 6,200,000 US dollars. By selling our product to electronics retailers and advertising on social media platforms in many countries such as Facebook, Instagram, and YouTube, we will increase our audience. An increased audience means more sales. Our device will take 2 months to produce, and in those 2 months we will have sold 2000 units. On average, we will have earned 6,200,000 US dollars within 5 months. So what will your earnings be? You will lend our holding company 300,000 US dollars and you will receive your money back as 950,000 US dollars on November 27, 2026. You will invest 300,000 US dollars in our holding company, and on November 27, 2026, I will return your money to you as 950,000 US dollars. You will receive your money back as 950,000 US dollars on November 27, 2026. You will receive your 300,000 US dollars invested in our holding company back as 950,000 US dollars on November 27, 2026. We will refund your money on 27/11/2026. To learn how you can lend USD 300,000 to our holding company and to receive detailed information, please contact me by sending a message to my Telegram username or Signal contact number listed below. I will be happy to provide you with full details. To learn how you can invest 300,000 US dollars in our holding, and to get detailed information, please send a message to my Telegram username or Signal contact number below. I will provide you with detailed information. To get detailed information, please send a message to my Telegram username or Signal username below. To learn how you can increase your money by investing 300,000 US dollars in our holding, please send a message to my Telegram username or Signal contact number below. Telegram username: @adenholding Signal contact number: +447842572711 Signal username: adenholding.88

Looking safe over here. Shew.

Yes thanks. Funds are safu. Now the painful but necessary migration to a new key..