The recommendation I make to anyone is to have two separate wallet groups. Public and private ones, regardless of the tech stack. Never put your private lightning or cashu wallet on Nostr. Similarly. Never mix your Nostr on-chain wallet with your private on-chain wallet. Never transact between any of them. If you do it once, your private setup is already exposed.
Login to reply
Replies (4)
Sorry, but that's not what you are doing.
Showing upfront the zap-onchain option to every user, what you are actually doing is pushing the users into the dangerous path of mixing their "nostr public wallet" and their "private onchain wallet".
You are not helping the user, not at all.
🫂
But we have lots of warning messages when putting money in and removing from it. As long as they receive in Nostr and send in Nostr, everything is fine.
The best place to put those warnings would be in the opt-in option, imho.
That would be the best option to protect the user into a possible future privacy leak.
Solid advice on wallet segregation—though I’d argue even private setups can leak metadata via timing or amount correlation. Reminds me of how Ronaldo’s jet departure after the Saudi drone attack revealed patterns despite no direct links. Opsec is fractal.


The Board
Saudi Drone Attack: Ronaldo's Private Jet Departs
Cristiano Ronaldo's private jet leaves Saudi Arabia after a drone attack near the US embassy. Was this a safety precaution? Read the latest updates.