Replies (18)

Jim Smij's avatar
Jim Smij 8 months ago
I can't remember why I stopped using #coinos but it wasn't something this bad. ouch! #exploit #bitcoin #btc #ln #asknostr #nostr #smij #zapd #freedom #decentralized #unity #rossisfree #grownostr
The Bullish ₿itcoiner's avatar The Bullish ₿itcoiner
PSA: An autowithdraw exploit for @Mysterious Hamster has been confirmed. Check your settings if you’re using this wallet. Felt bad for not giving them more time to respond privately, but hopefully this saves some of your sats. View quoted note →
View quoted note →
2 replies ↓
Bitcoin Samurai's avatar
Bitcoin Samurai 8 months ago
😖 I don't know, but that really sounds like a shitty situation. Best of luck to that team!
Default avatar
DELETED 8 months ago
Yeah, I ain't ever using that shit now
semisol's avatar
semisol semisol@nostr.land 8 months ago
This reminds me of the time @Ben Arc pushed an update to the demo server without testing it, that led to loss of multiple BTC And they said “oops this is a beta software we are not responsible” And how they had multiple ways for “read only” API keys to empty wallets And that one time where it took them months of nagging to fix a critical SQLi vulnerability (this affected their entire codebase(!!!!)) And how they called me a FUDer for pointing out their security track record is shit
1 replies ↓
Default avatar
Optimism optimism@stacker.news 8 months ago
We're doing some digging over at SN:
Stacker News
Coinos autowithdrawal exploit \ stacker news
Two users have reported that their lightning address for autowithdrawals from Coinos has been changed without their consent: https://primal.net/e/n...
 The coinos nsec may be compromised too because the kind 0 changed 4h20m ago.
Sergio's avatar Sergio
You're right. Seems to be an exploit. My autowithdraw was active even though I toggled it to off. And the lN address is not mine
View quoted note →
bjorn's avatar
bjorn 8 months ago
Thankfully my 5 sat burner account is safe