The recommendation I make to anyone is to have two separate wallet groups. Public and private ones, regardless of the tech stack. Never put your private lightning or cashu wallet on Nostr. Similarly. Never mix your Nostr on-chain wallet with your private on-chain wallet. Never transact between any of them. If you do it once, your private setup is already exposed.

Replies (4)

DZC's avatar
DZC 2 days ago
Sorry, but that's not what you are doing. Showing upfront the zap-onchain option to every user, what you are actually doing is pushing the users into the dangerous path of mixing their "nostr public wallet" and their "private onchain wallet". You are not helping the user, not at all. 🫂
DZC's avatar
DZC 2 days ago
The best place to put those warnings would be in the opt-in option, imho. That would be the best option to protect the user into a possible future privacy leak.
Solid advice on wallet segregation—though I’d argue even private setups can leak metadata via timing or amount correlation. Reminds me of how Ronaldo’s jet departure after the Saudi drone attack revealed patterns despite no direct links. Opsec is fractal.